[keycloak-user] Hitting error -- "Didn't find publicKey for specified kid"

Sebastien Blanc sblanc at redhat.com
Mon Jul 24 10:26:48 EDT 2017 

Which version of Keycloak are you using ?

On Mon, Jul 24, 2017 at 3:15 PM, Rajesh Ghosh <ghosh.rajesh at gmail.com>
wrote:

> Hi,
>
> I am trying to secure my REST services using the method described in the
> document --
>
>
> http://blog.keycloak.org/2015/10/getting-started-with-
> keycloak-securing.html
>
>
> I am securing my war using JBoss subsystem , instead of per-war option. The
> relevant sections from my standalone.xml  are posted below.
>
>     <extensions>
>          ......
>         <extension module="org.keycloak.keycloak-adapter-subsystem"/>
>     </extensions>
>
>          <security-domains>
>                 .....
>                 <security-domain name="keycloak">
>                     <authentication>
>                         <login-module
> code="org.keycloak.adapters.jboss.KeycloakLoginModule" flag="required"/>
>                     </authentication>
>                 </security-domain>
>             </security-domains>
>
>         <subsystem xmlns="urn:jboss:domain:keycloak:1.1">
>             <secure-deployment name="my war file.war">
>                 <realm>bkofc</realm>
>                 <resource>bkofc-svc</resource>
>
> <use-resource-role-mappings>true</use-resource-role-mappings>
>                 <bearer-only>true</bearer-only>
>                 <auth-server-url>http://192.168.99.100/30001/auth
> </auth-server-url>
>                 <ssl-required>none</ssl-required>
>                 <credential
> name="secret">9bcc6d9f-9c72-4b58-b297-79f0f207d9e1</credential>
>             </secure-deployment>
>         </subsystem>
>
> I am able to obtain the access token.
>
> curl -i  curl --data
> "grant_type=password&client_id=bkofc-web&username=user&password=password"
> http://192.168.99.100:30001/auth/realms/bkofc/protocol/
> openid-connect/token
>
> Note:- I have created 2 clients -- i)  bkofc-svc which is bearer only, for
> my REST services  ii) bkofc-web , a public client to simulate UI login
>
> However when I try to use the access token to invoke a service, I am
> getting the error -
>
> Status: 401
>
> WWW-Authenticate Bearer realm="bkofc", error="invalid_token",
> error_description="Didn't find publicKey for specified kid"
>
> Please let me know if I am missing something here. I have been breaking my
> head last few days without any luck !  I have also tried rotating the realm
> keys.
>
> Thanks,
> Rajesh
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
>

More information about the keycloak-user mailing list