[keycloak-user] Import IDP config from URL not working?

Thorsten thorsten315 at gmx.de
Tue May 12 17:37:47 EDT 2015


I tried to import the basic IDP config for a custom "OpenID Connect v1.0"
provider from the published Google autoconf URL:
https://accounts.google.com/.well-known/openid-configuration

The URLs are picked up fine but there seem to be two issues:

1.) the "Issuer" is imported as "https://accounts.google.com" when it
should be "accounts.google.com"
2.) the public validation keys are not imported correctly. The always
produce

12:09:40,416 ERROR
[org.keycloak.broker.oidc.AbstractOAuth2IdentityProvider] (default task-17)
Failed to make identity provider oauth callback:
org.keycloak.broker.provider.IdentityBrokerException: token signature
validation failed
        at
org.keycloak.broker.oidc.OIDCIdentityProvider.validateToken(OIDCIdentityProvider.java:286)

when authentication is being performed.

Are these bugs or is the published discovery document from Google not
standard compliant?

Thanks
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-user/attachments/20150512/f213db6e/attachment.html 


More information about the keycloak-user mailing list