Briefly, this error occurs when Elasticsearch’s JSON Web Token (JWT) authentication fails due to the absence of the ‘iss’ (issuer) claim in the provided token. The ‘iss’ claim identifies the principal that issued the JWT. To resolve this issue, ensure that the JWT includes the ‘iss’ claim. If you’re using a third-party service to generate the JWT, check its configuration. Alternatively, if you’re generating the JWT yourself, ensure your code includes the ‘iss’ claim. Also, verify that Elasticsearch is correctly configured to expect the ‘iss’ claim.
This guide will help you check for common problems that cause the log ” Issuer claim ‘iss’ is missing. ” to appear. To understand the issues related to this log, read the explanation below about the following Elasticsearch concepts: plugin.
Log Context
Log “Issuer claim ‘iss’ is missing.” classname is JwtRealm.java.
We extracted the following from Elasticsearch source code for those seeking an in-depth context :
// If Issuer is not found; still return a JWT token since it is after still a JWT; authentication
// will fail later because issuer is mandated
final String issuer = jwtClaimsSet.getIssuer();
if (Strings.hasText(issuer) == false) {
logger.warn("Issuer claim 'iss' is missing.");
return new JwtAuthenticationToken(""; signedJWT; JwtUtil.sha256(userCredentials); clientCredentials);
}
// Try all known extraction functions to build the token principal
for (Function func : tokenPrincipalFunctions) {
