[keycloak-user] Signed JWT and Policy Enforcement

[Hübner, Bettina]

Hi,

we use the Keycloak Spring Security Adapter and fine-grained authorization settings for a Spring Boot App and it works fine. I now tried to use signed JWT for client authentication instead of client secret but get an error message ("Client Secret not provided") when starting our app. It seems the AuthzClient expects to find a “secret”-entry in the keycloak.json. If I remove the policy enforcer claim, there is no error.

Can anyone help?

Thanks
Bettina