[keycloak-user] Validating JWT tokens
Aikeaguinea
aikeaguinea at xsmail.com
Wed May 4 12:00:16 EDT 2016
I have a client with a service account and credentials using Signed Jwt.
Authentication works fine. The service uses
org.keycloak.adapters.authentication.ClientCredentialsProviderUtils#setClientCredentials
to create the JWT token and set the headers, and I get back a JWT
containing an access token from Keycloak.
However, when I use jwt.io to look at the access token, I can't validate
the signature. This is true whether I use the client Certificate (from
the client's Credentials tab), the Realm public key, or the Realm
Certificate. In addition, I have generated the client's public key from
the certificate using
keytool -exportcert -alias x -keypass y -storepass z -rfc -keystore
client-keystore.jks | openssl x509 -inform pem -pubkey
on the jks file supplied when I generated the client credentials, and
that doesn't work either.
We've also been having trouble validating the signature programmatically
using Java.
Any idea why I might be seeing this?
--
http://www.fastmail.com - Or how I learned to stop worrying and
love email again
More information about the keycloak-user
mailing list