[keycloak-user] Hitting error -- "Didn't find publicKey for specified kid"

Rajesh Ghosh ghosh.rajesh at gmail.com
Mon Jul 24 10:54:38 EDT 2017 

Yes definitely. I did replace it with the actual war name. Let me know if
you would like me to paste screen shots of realm configurations, client
configurations.

Thanks,
Rajesh

On Mon, Jul 24, 2017 at 8:12 PM, Sebastien Blanc <sblanc at redhat.com> wrote:

> Ok and for :
> <secure-deployment name="my war file.war">
>
> Did you replace that with the actual name of your war file ?
>
> On Mon, Jul 24, 2017 at 4:35 PM, Rajesh Ghosh <ghosh.rajesh at gmail.com>
> wrote:
>
>> Hello Sebastien,
>>
>> I am using 3.1.0.Final build.
>>
>> Thanks,
>> Rajesh
>>
>> On Mon, Jul 24, 2017 at 7:56 PM, Sebastien Blanc <sblanc at redhat.com>
>> wrote:
>>
>>> Which version of Keycloak are you using ?
>>>
>>> On Mon, Jul 24, 2017 at 3:15 PM, Rajesh Ghosh <ghosh.rajesh at gmail.com>
>>> wrote:
>>>
>>>> Hi,
>>>>
>>>> I am trying to secure my REST services using the method described in the
>>>> document --
>>>>
>>>>
>>>> http://blog.keycloak.org/2015/10/getting-started-with-keyclo
>>>> ak-securing.html
>>>>
>>>>
>>>> I am securing my war using JBoss subsystem , instead of per-war option.
>>>> The
>>>> relevant sections from my standalone.xml  are posted below.
>>>>
>>>>     <extensions>
>>>>          ......
>>>>         <extension module="org.keycloak.keycloak-adapter-subsystem"/>
>>>>     </extensions>
>>>>
>>>>          <security-domains>
>>>>                 .....
>>>>                 <security-domain name="keycloak">
>>>>                     <authentication>
>>>>                         <login-module
>>>> code="org.keycloak.adapters.jboss.KeycloakLoginModule"
>>>> flag="required"/>
>>>>                     </authentication>
>>>>                 </security-domain>
>>>>             </security-domains>
>>>>
>>>>         <subsystem xmlns="urn:jboss:domain:keycloak:1.1">
>>>>             <secure-deployment name="my war file.war">
>>>>                 <realm>bkofc</realm>
>>>>                 <resource>bkofc-svc</resource>
>>>>
>>>> <use-resource-role-mappings>true</use-resource-role-mappings>
>>>>                 <bearer-only>true</bearer-only>
>>>>                 <auth-server-url>http://192.168.99.100/30001/auth
>>>> </auth-server-url>
>>>>                 <ssl-required>none</ssl-required>
>>>>                 <credential
>>>> name="secret">9bcc6d9f-9c72-4b58-b297-79f0f207d9e1</credential>
>>>>             </secure-deployment>
>>>>         </subsystem>
>>>>
>>>> I am able to obtain the access token.
>>>>
>>>> curl -i  curl --data
>>>> "grant_type=password&client_id=bkofc-web&username=user&passw
>>>> ord=password"
>>>> http://192.168.99.100:30001/auth/realms/bkofc/protocol/openi
>>>> d-connect/token
>>>>
>>>> Note:- I have created 2 clients -- i)  bkofc-svc which is bearer only,
>>>> for
>>>> my REST services  ii) bkofc-web , a public client to simulate UI login
>>>>
>>>> However when I try to use the access token to invoke a service, I am
>>>> getting the error -
>>>>
>>>> Status: 401
>>>>
>>>> WWW-Authenticate Bearer realm="bkofc", error="invalid_token",
>>>> error_description="Didn't find publicKey for specified kid"
>>>>
>>>> Please let me know if I am missing something here. I have been breaking
>>>> my
>>>> head last few days without any luck !  I have also tried rotating the
>>>> realm
>>>> keys.
>>>>
>>>> Thanks,
>>>> Rajesh
>>>> _______________________________________________
>>>> keycloak-user mailing list
>>>> keycloak-user at lists.jboss.org
>>>> https://lists.jboss.org/mailman/listinfo/keycloak-user
>>>>
>>>
>>>
>>
>

More information about the keycloak-user mailing list