[keycloak-user] Hitting error -- "Didn't find publicKey for specified kid"

Sebastien Blanc sblanc at redhat.com
Tue Jul 25 01:42:15 EDT 2017 

This looks all correct. Could you try paste your access token or even check
it your self on jwt.io to see if the kid is present ?


On Mon, Jul 24, 2017 at 6:47 PM, Rajesh Ghosh <ghosh.rajesh at gmail.com>
wrote:

> Sebastien,
>
> I am attaching a pdf containing the screen shots.  Few more points I
> wanted to mention.
>
> i)  I didn't install the public client  -- "bkofc-web"  in the wildfly
> container which hosts my REST services. I did it for  "bkofc-svc"  client
> which is bearer only. I hope that is the correct approach.
> ii)  Both keycloak and my application are running on docker containers
> locally in my laptop.
>
> Let me know if you need anything else to analyze.
>
> Thanks,
> Rajesh
>
>
> On Mon, Jul 24, 2017 at 9:13 PM, Sebastien Blanc <sblanc at redhat.com>
> wrote:
>
>> yes please
>>
>> On Mon, Jul 24, 2017 at 4:54 PM, Rajesh Ghosh <ghosh.rajesh at gmail.com>
>> wrote:
>>
>>> Yes definitely. I did replace it with the actual war name. Let me know
>>> if you would like me to paste screen shots of realm configurations, client
>>> configurations.
>>>
>>> Thanks,
>>> Rajesh
>>>
>>> On Mon, Jul 24, 2017 at 8:12 PM, Sebastien Blanc <sblanc at redhat.com>
>>> wrote:
>>>
>>>> Ok and for :
>>>> <secure-deployment name="my war file.war">
>>>>
>>>> Did you replace that with the actual name of your war file ?
>>>>
>>>> On Mon, Jul 24, 2017 at 4:35 PM, Rajesh Ghosh <ghosh.rajesh at gmail.com>
>>>> wrote:
>>>>
>>>>> Hello Sebastien,
>>>>>
>>>>> I am using 3.1.0.Final build.
>>>>>
>>>>> Thanks,
>>>>> Rajesh
>>>>>
>>>>> On Mon, Jul 24, 2017 at 7:56 PM, Sebastien Blanc <sblanc at redhat.com>
>>>>> wrote:
>>>>>
>>>>>> Which version of Keycloak are you using ?
>>>>>>
>>>>>> On Mon, Jul 24, 2017 at 3:15 PM, Rajesh Ghosh <ghosh.rajesh at gmail.com
>>>>>> > wrote:
>>>>>>
>>>>>>> Hi,
>>>>>>>
>>>>>>> I am trying to secure my REST services using the method described in
>>>>>>> the
>>>>>>> document --
>>>>>>>
>>>>>>>
>>>>>>> http://blog.keycloak.org/2015/10/getting-started-with-keyclo
>>>>>>> ak-securing.html
>>>>>>>
>>>>>>>
>>>>>>> I am securing my war using JBoss subsystem , instead of per-war
>>>>>>> option. The
>>>>>>> relevant sections from my standalone.xml  are posted below.
>>>>>>>
>>>>>>>     <extensions>
>>>>>>>          ......
>>>>>>>         <extension module="org.keycloak.keycloak-
>>>>>>> adapter-subsystem"/>
>>>>>>>     </extensions>
>>>>>>>
>>>>>>>          <security-domains>
>>>>>>>                 .....
>>>>>>>                 <security-domain name="keycloak">
>>>>>>>                     <authentication>
>>>>>>>                         <login-module
>>>>>>> code="org.keycloak.adapters.jboss.KeycloakLoginModule"
>>>>>>> flag="required"/>
>>>>>>>                     </authentication>
>>>>>>>                 </security-domain>
>>>>>>>             </security-domains>
>>>>>>>
>>>>>>>         <subsystem xmlns="urn:jboss:domain:keycloak:1.1">
>>>>>>>             <secure-deployment name="my war file.war">
>>>>>>>                 <realm>bkofc</realm>
>>>>>>>                 <resource>bkofc-svc</resource>
>>>>>>>
>>>>>>> <use-resource-role-mappings>true</use-resource-role-mappings>
>>>>>>>                 <bearer-only>true</bearer-only>
>>>>>>>                 <auth-server-url>http://192.168.99.100/30001/auth
>>>>>>> </auth-server-url>
>>>>>>>                 <ssl-required>none</ssl-required>
>>>>>>>                 <credential
>>>>>>> name="secret">9bcc6d9f-9c72-4b58-b297-79f0f207d9e1</credential>
>>>>>>>             </secure-deployment>
>>>>>>>         </subsystem>
>>>>>>>
>>>>>>> I am able to obtain the access token.
>>>>>>>
>>>>>>> curl -i  curl --data
>>>>>>> "grant_type=password&client_id=bkofc-web&username=user&passw
>>>>>>> ord=password"
>>>>>>> http://192.168.99.100:30001/auth/realms/bkofc/protocol/openi
>>>>>>> d-connect/token
>>>>>>>
>>>>>>> Note:- I have created 2 clients -- i)  bkofc-svc which is bearer
>>>>>>> only, for
>>>>>>> my REST services  ii) bkofc-web , a public client to simulate UI
>>>>>>> login
>>>>>>>
>>>>>>> However when I try to use the access token to invoke a service, I am
>>>>>>> getting the error -
>>>>>>>
>>>>>>> Status: 401
>>>>>>>
>>>>>>> WWW-Authenticate Bearer realm="bkofc", error="invalid_token",
>>>>>>> error_description="Didn't find publicKey for specified kid"
>>>>>>>
>>>>>>> Please let me know if I am missing something here. I have been
>>>>>>> breaking my
>>>>>>> head last few days without any luck !  I have also tried rotating
>>>>>>> the realm
>>>>>>> keys.
>>>>>>>
>>>>>>> Thanks,
>>>>>>> Rajesh
>>>>>>> _______________________________________________
>>>>>>> keycloak-user mailing list
>>>>>>> keycloak-user at lists.jboss.org
>>>>>>> https://lists.jboss.org/mailman/listinfo/keycloak-user
>>>>>>>
>>>>>>
>>>>>>
>>>>>
>>>>
>>>
>>
>

More information about the keycloak-user mailing list