AWS ALB with OIDC setup keeps returning 401 Authorization Required

markvanrijbroek · September 1, 2020, 3:43pm

I have a kibana endpoint in an AWS VPC that i’m trying to secure using an application load balancer with OIDC and Auth0.

I have created a ‘Regular Web Application’ in Auth0 and used the respective url endpoints from the advanced settings in the setup of the ALB in AWS. And ofcourse the ClientId and ClientSecret.

When trying to access the ALB endpoint, i get correctly redirected to auth0 and after logging I also get redirected towards the callback (the /idpresponse one). However at this point the ALB returns a 401 ‘Authorization Required’ message.

When I look in the logs of the Auth0 tenant, I actually see both a Successful Login (from the client) and a Successful Exchange (from the ALB).

Checking the access logs from the ALB, it logs that the IdToken is incorrect, but given the lack of any verbose logging I have no idea what would actually be wrong here.

markvanrijbroek · September 2, 2020, 9:19am

Turns out I was missing a forward slash at the end of my issuerUrl which was causing the issue.

I initially followed the article @ Securing your applications with AWS ALB Built-in Authentication and Auth0 | by Sandrino Di Mattia | Medium to configure it, and the comments pointed me to this solution.

konrad.sopala · September 2, 2020, 10:06am

Perfect! Glad you have figured it out and thanks for sharing with the rest of community!

system · September 17, 2020, 10:06am

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.