[keycloak-user] Hitting error -- "Didn't find publicKey for specified kid"
Rajesh Ghosh
ghosh.rajesh at gmail.com
Mon Jul 24 09:15:28 EDT 2017
Hi,
I am trying to secure my REST services using the method described in the
document --
http://blog.keycloak.org/2015/10/getting-started-with-keycloak-securing.html
I am securing my war using JBoss subsystem , instead of per-war option. The
relevant sections from my standalone.xml are posted below.
<extensions>
......
<extension module="org.keycloak.keycloak-adapter-subsystem"/>
</extensions>
<security-domains>
.....
<security-domain name="keycloak">
<authentication>
<login-module
code="org.keycloak.adapters.jboss.KeycloakLoginModule" flag="required"/>
</authentication>
</security-domain>
</security-domains>
<subsystem xmlns="urn:jboss:domain:keycloak:1.1">
<secure-deployment name="my war file.war">
<realm>bkofc</realm>
<resource>bkofc-svc</resource>
<use-resource-role-mappings>true</use-resource-role-mappings>
<bearer-only>true</bearer-only>
<auth-server-url>http://192.168.99.100/30001/auth
</auth-server-url>
<ssl-required>none</ssl-required>
<credential
name="secret">9bcc6d9f-9c72-4b58-b297-79f0f207d9e1</credential>
</secure-deployment>
</subsystem>
I am able to obtain the access token.
curl -i curl --data
"grant_type=password&client_id=bkofc-web&username=user&password=password"
http://192.168.99.100:30001/auth/realms/bkofc/protocol/openid-connect/token
Note:- I have created 2 clients -- i) bkofc-svc which is bearer only, for
my REST services ii) bkofc-web , a public client to simulate UI login
However when I try to use the access token to invoke a service, I am
getting the error -
Status: 401
WWW-Authenticate Bearer realm="bkofc", error="invalid_token",
error_description="Didn't find publicKey for specified kid"
Please let me know if I am missing something here. I have been breaking my
head last few days without any luck ! I have also tried rotating the realm
keys.
Thanks,
Rajesh
More information about the keycloak-user
mailing list