[keycloak-user] Invalid token issuer when running as docker service

Jonathan Little rationull at gmail.com
Mon Jun 12 17:56:10 EDT 2017


I filed https://issues.jboss.org/browse/KEYCLOAK-5014 last week after
asking a related question on the mailing list -- sounds like there's not a
good way to handle this at this point. I've settled on adding "myhost"
(from your example) to the hosts file on dev computer that need to run our
Docker setup. This is OK in my case because that only affects a few dev
computers.

I would like there to be a way to have the Keycloak middleware allow
multiple issuers based on configuration rather than just requiring a match
to the realm URL.

On Sat, Jun 10, 2017 at 6:30 AM, Tom Braun <braun.tom at web.de> wrote:

> Hello,
>
> got the follwing setup:
> - frontend (oauth, angular2)
> - rest-backend (bearerOnly, spring-boot with spring-security)
> - keycloak (standalone)
>
> If I run the three as "ordinary" processes, everything works fine.
> However, if I try to run them as services within a docker (swarm mode)
> the rest-backend keeps complaining about:
>
> org.keycloak.common.VerificationException: Invalid token issuer.
> Expected 'http://myhost:8180/auth/realms/myrealm', but was
> 'http://localhost:8180/auth/realms/myrealm'
>
>
> I inserted myhost into my /etc/hosts to point to the IP of docker0. So
> far it works, I can access the frontend on port 80 and keycloak on port
> 8180.
>
> Is there a way to make keycloak report as myhost in the issuer token and
> not as localhost?
>
> Tried running keycloak behind a reverse-proxy - no change.
>
>
>
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
>


More information about the keycloak-user mailing list