[keycloak-user] Token audience doesn't match domain.

Stian Thorgersen sthorger at redhat.com
Mon Jan 4 14:33:20 EST 2016


Token is not active is either due to the token being expired or the time on
your Keycloak server and applications not being in sync

On 4 January 2016 at 19:42, Thomas Barcia <TBarcia at wfscorp.com> wrote:

> We weren't but we are now and are getting the "Failed to verify token;
> Token is not active" error.
>
>
>
> -----Original Message-----
> From: keycloak-user-bounces at lists.jboss.org [mailto:
> keycloak-user-bounces at lists.jboss.org] On Behalf Of Juraci Paixão Kröhling
> Sent: Monday, January 04, 2016 10:57 AM
> To: keycloak-user at lists.jboss.org
> Subject: Re: [keycloak-user] Token audience doesn't match domain.
>
> Are you sending the HTTP header X-Forwarded-Proto to Keycloak?
>
> On 04.01.2016 16:43, Thomas Barcia wrote:
> > I have my keycloak 1.6.1-final cluster running behind a Netscaler that
> > terminates the SSL connections, therefore communication from the
> > Netscaler to Keycloak is http but from the Internet to the Netscaler
> > is https.  We've managed the rewrites so that logging in works however
> > we're now getting an error that the token audience doesn't match the
> > domain because the issuer is http://keycloakserver but the URL from
> > configuration is https://keycloakserver.  Is there a way to make this
> > configuration work? When the error says "URL from configuration" does
> > it mean the java app configuration or the Keycloak configuration?
> >
> > Thank you.
> > _______________________________________________
> > keycloak-user mailing list
> > keycloak-user at lists.jboss.org
> > https://lists.jboss.org/mailman/listinfo/keycloak-user
> >
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
> *** This communication has been sent from World Fuel Services
> Corporation or its subsidiaries or its affiliates for the intended
> recipient
> only and may contain proprietary, confidential or privileged information.
> If you are not the intended recipient, any review, disclosure, copying,
> use, or distribution of the information included in this communication
> and any attachments is strictly prohibited. If you have received this
> communication in error, please notify us immediately by replying to this
> communication and delete the communication, including any
> attachments, from your computer. Electronic communications sent to or
> from World Fuel Services Corporation or its subsidiaries or its affiliates
> may be monitored for quality assurance and compliance purposes.***
>
>
>
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-user/attachments/20160104/2cfb83a9/attachment.html 


More information about the keycloak-user mailing list