Need to have anonymous routing through jwt global plugin urgently

Hi there,

I have been using Kong db-less 1.4.1, runing on Kubernetes (OpenShift)
I have configured (enabled) JWT plugin as global to be used for all rest APIs behind the Kong but I also need to have anonymous in the same plugin as exceptions, I created the jwt plugin by below yaml


apiVersion: configuration.konghq.com/v1
config:
anonymous: “this is an example of consumer_id”
kind: KongPlugin
metadata:
labels:
app.kubernetes.io/instance: kong
app.kubernetes.io/name: kong
global: ‘true’
name: global-jwt
namespace: iot-kong
plugin: jwt

Moreover I have also created “KongConsumer” and “KongCredential” , this plugin works perfectly but when I add anonymous in this configuration, it doesn’t work anymore

Please do me a favor and send me an practical example to solve my problem

It’s too urgent

BR,
//Hamed

Please use username instead of ID of the consumer for the anonymous property.

1 Like

Thanks a lot for quick reply.

I have changed it like what you said but I got {“message”:“An unexpected error occurred”} from kong

But below has happened inside the container

2020/01/28 09:10:13 [error] 24#0: *9190992 [kong] handler.lua:261 [jwt] failed to get from node cache: [off] invalid primary key: ‘{id=“expected a valid UUID”}’,

Make sure you are using Kong 1.4+, you already mentioned that.
Can you share the KongPlugin, KongConsumer resources that you are using?

I’m pretty sure about Kong version 1.4.1
I have two different consumers

  1. anonymous-consumer as below :

apiVersion: configuration.konghq.com/v1
credentials:

  1. Kong consumer as below :

apiVersion: configuration.konghq.com/v1
kind: KongConsumer
metadata:
clusterName: ‘’
labels:
app.kubernetes.io/instance: kong
app.kubernetes.io/managed-by: Tiller
app.kubernetes.io/name: kong
name: kong
namespace: iot-kong
selfLink: >-
/apis/configuration.konghq.com/v1/namespaces/iot-kong/kongconsumers/kong
uid: 24d323c2-12c0-11ea-a579-0050568cabd9
username: kong

The (1) has been used for make an anonymous way inside the global Kong JWT plugin and the (2) has been used for Kong JWT plugin itself

We didn’t use to have anonymous consumer before desiring
global kong jwt plugin has to have anonymous way of insecure routing

You can find Kong JWT plugin as follows :

apiVersion: configuration.konghq.com/v1
config:
anonymous: 24e151a9-14c0-11ea-a539-2050568cabd6
claims_to_verify:
- exp
kind: KongPlugin
metadata:
clusterName: ‘’
labels:
app.kubernetes.io/instance: kong
app.kubernetes.io/managed-by: Tiller
app.kubernetes.io/name: kong
global: ‘true’
name: global-jwt
namespace: iot-kong
selfLink: >-
/apis/configuration.konghq.com/v1/namespaces/iot-kong/kongplugins/global-jwt
uid: 24e151a9-12c0-11ea-a579-0050568cabd9
plugin: jwt

Please give me a hand if it can be used

Thanks in advance
//Hamed

You should use the username of the consumer in this field. This should be anonymous-consumer based on your KongConsumer definitions above.

I have changed it like what you said but I got {“message”:“An unexpected error occurred”} from kong

But below has happened inside the container

2020/01/28 09:10:13 [error] 24#0: *9190992 [kong] handler.lua:261 [jwt] failed to get from node cache: [off] invalid primary key: ‘{id=“expected a valid UUID”}’,

This probably is a bug. Can you open a Github issue?


© 2019 Kong Inc.    Terms  •  Privacy  •  FAQ