Verification of JWT tokens with empty signature part fails in Elytron.
The Elytron token-realm can be configured to not verify JWT token signature.
The JWT specification describes tokens without signature in RFC 7519 Section 6.
When user is comming with such a token the validation in Elytron fails.
The problem is probably in this piece of code in JwtValidator class:
Even if the token correctly contains 2 dots, the split returns array of lenght 2 (because the last part is empty). Additional negative-integer argument to the split() method could help here: