---
title: "用户信息响应对用户无效 - 如何解决此 Elasticsearch 异常"
date: 2026-03-16
lastmod: 2026-03-16
description: "从OpenID Connect Provider接收到的Userinfo响应对认证用户无效时的错误及解决方案"
tags: ["Elasticsearch", "OpenID Connect", "身份验证", "OIDC"]
summary: "版本： 7.2-7.15
 简而言之，当从OpenID Connect Provider（OIDC）接收到的Userinfo响应对认证用户无效时，就会出现此错误。这可能是由于配置不正确或用户信息不匹配造成的。要解决此问题，请确保OIDC在Elasticsearch中正确配置。检查Elasticsearch和OIDC中的用户信息以确保它们匹配。同时，验证使用的访问令牌是否有效且未过期。如果问题仍然存在，请考虑调试OIDC以识别任何潜在问题。
日志上下文 #  日志"Userinfo Response is not valid as it is for"的类名是 OpenIdConnectAuthenticator.java。我们从Elasticsearch源代码中提取了以下内容，供那些寻求深入上下文的人使用：
*/ private void validateUserInfoResponse(JWTClaimsSet userInfoClaims; String expectedSub; ActionListenerclaimsListener) { if (userInfoClaims.getSubject().isEmpty()) { claimsListener.onFailure(new ElasticsearchSecurityException("Userinfo Response did not contain a sub Claim")); } else if (userInfoClaims.getSubject().equals(expectedSub) == false) { claimsListener.onFailure(new ElasticsearchSecurityException("Userinfo Response is not valid as it is for " + "subject [{}] while the ID Token was for subject [{}]"; userInfoClaims."
---




> **版本：** 7.2-7.15


简而言之，当从OpenID Connect Provider（OIDC）接收到的Userinfo响应对认证用户无效时，就会出现此错误。这可能是由于配置不正确或用户信息不匹配造成的。要解决此问题，请确保OIDC在Elasticsearch中正确配置。检查Elasticsearch和OIDC中的用户信息以确保它们匹配。同时，验证使用的访问令牌是否有效且未过期。如果问题仍然存在，请考虑调试OIDC以识别任何潜在问题。

日志上下文
-----------

日志"Userinfo Response is not valid as it is for"的类名是[OpenIdConnectAuthenticator.java](https://www.geeksforgeeks.org/java-lang-class-class-java-set-1/)。我们从Elasticsearch源代码中提取了以下内容，供那些寻求深入上下文的人使用：

```java
*/
 private void validateUserInfoResponse(JWTClaimsSet userInfoClaims; String expectedSub; ActionListenerclaimsListener) {
 if (userInfoClaims.getSubject().isEmpty()) {
 claimsListener.onFailure(new ElasticsearchSecurityException("Userinfo Response did not contain a sub Claim"));
 } else if (userInfoClaims.getSubject().equals(expectedSub) == false) {
 claimsListener.onFailure(new ElasticsearchSecurityException("Userinfo Response is not valid as it is for " +
 "subject [{}] while the ID Token was for subject [{}]"; userInfoClaims.getSubject();
 expectedSub));
 }
 }
```