[keycloak-user] Hitting error -- "Didn't find publicKey for specified kid"
Thomas Recloux
thomas at recloux.fr
Mon Jul 24 15:20:28 EDT 2017
I already had this issue when the application was not able to reach
keycloak to retrieve the keys.
Is there an exception earlier in the log file ?
On Mon, Jul 24, 2017, at 17:43, Sebastien Blanc wrote:
> yes please
>
> On Mon, Jul 24, 2017 at 4:54 PM, Rajesh Ghosh <ghosh.rajesh at gmail.com>
> wrote:
>
> > Yes definitely. I did replace it with the actual war name. Let me know if
> > you would like me to paste screen shots of realm configurations, client
> > configurations.
> >
> > Thanks,
> > Rajesh
> >
> > On Mon, Jul 24, 2017 at 8:12 PM, Sebastien Blanc <sblanc at redhat.com>
> > wrote:
> >
> >> Ok and for :
> >> <secure-deployment name="my war file.war">
> >>
> >> Did you replace that with the actual name of your war file ?
> >>
> >> On Mon, Jul 24, 2017 at 4:35 PM, Rajesh Ghosh <ghosh.rajesh at gmail.com>
> >> wrote:
> >>
> >>> Hello Sebastien,
> >>>
> >>> I am using 3.1.0.Final build.
> >>>
> >>> Thanks,
> >>> Rajesh
> >>>
> >>> On Mon, Jul 24, 2017 at 7:56 PM, Sebastien Blanc <sblanc at redhat.com>
> >>> wrote:
> >>>
> >>>> Which version of Keycloak are you using ?
> >>>>
> >>>> On Mon, Jul 24, 2017 at 3:15 PM, Rajesh Ghosh <ghosh.rajesh at gmail.com>
> >>>> wrote:
> >>>>
> >>>>> Hi,
> >>>>>
> >>>>> I am trying to secure my REST services using the method described in
> >>>>> the
> >>>>> document --
> >>>>>
> >>>>>
> >>>>> http://blog.keycloak.org/2015/10/getting-started-with-keyclo
> >>>>> ak-securing.html
> >>>>>
> >>>>>
> >>>>> I am securing my war using JBoss subsystem , instead of per-war
> >>>>> option. The
> >>>>> relevant sections from my standalone.xml are posted below.
> >>>>>
> >>>>> <extensions>
> >>>>> ......
> >>>>> <extension module="org.keycloak.keycloak-adapter-subsystem"/>
> >>>>> </extensions>
> >>>>>
> >>>>> <security-domains>
> >>>>> .....
> >>>>> <security-domain name="keycloak">
> >>>>> <authentication>
> >>>>> <login-module
> >>>>> code="org.keycloak.adapters.jboss.KeycloakLoginModule"
> >>>>> flag="required"/>
> >>>>> </authentication>
> >>>>> </security-domain>
> >>>>> </security-domains>
> >>>>>
> >>>>> <subsystem xmlns="urn:jboss:domain:keycloak:1.1">
> >>>>> <secure-deployment name="my war file.war">
> >>>>> <realm>bkofc</realm>
> >>>>> <resource>bkofc-svc</resource>
> >>>>>
> >>>>> <use-resource-role-mappings>true</use-resource-role-mappings>
> >>>>> <bearer-only>true</bearer-only>
> >>>>> <auth-server-url>http://192.168.99.100/30001/auth
> >>>>> </auth-server-url>
> >>>>> <ssl-required>none</ssl-required>
> >>>>> <credential
> >>>>> name="secret">9bcc6d9f-9c72-4b58-b297-79f0f207d9e1</credential>
> >>>>> </secure-deployment>
> >>>>> </subsystem>
> >>>>>
> >>>>> I am able to obtain the access token.
> >>>>>
> >>>>> curl -i curl --data
> >>>>> "grant_type=password&client_id=bkofc-web&username=user&passw
> >>>>> ord=password"
> >>>>> http://192.168.99.100:30001/auth/realms/bkofc/protocol/openi
> >>>>> d-connect/token
> >>>>>
> >>>>> Note:- I have created 2 clients -- i) bkofc-svc which is bearer only,
> >>>>> for
> >>>>> my REST services ii) bkofc-web , a public client to simulate UI login
> >>>>>
> >>>>> However when I try to use the access token to invoke a service, I am
> >>>>> getting the error -
> >>>>>
> >>>>> Status: 401
> >>>>>
> >>>>> WWW-Authenticate Bearer realm="bkofc", error="invalid_token",
> >>>>> error_description="Didn't find publicKey for specified kid"
> >>>>>
> >>>>> Please let me know if I am missing something here. I have been
> >>>>> breaking my
> >>>>> head last few days without any luck ! I have also tried rotating the
> >>>>> realm
> >>>>> keys.
> >>>>>
> >>>>> Thanks,
> >>>>> Rajesh
> >>>>> _______________________________________________
> >>>>> keycloak-user mailing list
> >>>>> keycloak-user at lists.jboss.org
> >>>>> https://lists.jboss.org/mailman/listinfo/keycloak-user
> >>>>>
> >>>>
> >>>>
> >>>
> >>
> >
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
More information about the keycloak-user
mailing list