[keycloak-user] Import IDP config from URL not working?
Bill Burke
bburke at redhat.com
Wed May 13 11:25:40 EDT 2015
Why do you think the issuer should be changed to accounts.google.com?
I'm not sure about the keys as our code eats the error. How can I
reproduce this? Meaning how can I set up my google account and such?
Same as regular social provider stuff?
On 5/12/2015 5:37 PM, Thorsten wrote:
> I tried to import the basic IDP config for a custom "OpenID Connect
> v1.0" provider from the published Google autoconf URL:
> https://accounts.google.com/.well-known/openid-configuration
>
> The URLs are picked up fine but there seem to be two issues:
>
> 1.) the "Issuer" is imported as "https://accounts.google.com" when it
> should be "accounts.google.com <http://accounts.google.com>"
> 2.) the public validation keys are not imported correctly. The always
> produce
>
> 12:09:40,416 ERROR
> [org.keycloak.broker.oidc.AbstractOAuth2IdentityProvider] (default
> task-17) Failed to make identity provider oauth callback:
> org.keycloak.broker.provider.IdentityBrokerException: token signature
> validation failed
> at
> org.keycloak.broker.oidc.OIDCIdentityProvider.validateToken(OIDCIdentityProvider.java:286)
>
> when authentication is being performed.
>
> Are these bugs or is the published discovery document from Google not
> standard compliant?
>
> Thanks
>
>
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
>
--
Bill Burke
JBoss, a division of Red Hat
http://bill.burkecentral.com
More information about the keycloak-user
mailing list