[keycloak-user] Getting error Didn't find publicKey for specified kid

Marek Posolda mposolda at redhat.com
Wed Oct 11 08:50:15 EDT 2017 

Don't you have the public key hardcoded in the keycloak.json of your 
adapter file? Aka property "realm-public-key" ? It's recommended to 
remove it and adapter is supposed to download the public keys from the 
Keycloak server once it recognize that publicKey with unknown KID was 
sent to it. See our examples, for example: 
https://github.com/keycloak/keycloak/blob/master/examples/demo-template/database-service/src/main/webapp/WEB-INF/keycloak.json

Marek


On 10/10/17 15:28, Ganga Lakshmanasamy wrote:
> Hi,
>
> We have migrated from keycloak 1.9 to 3.2 recently and we have our app
> deployed in wildfly 10. The keycloak.json file is configured with the
> bearer only client and we use angular js as front end. We get the below
> error while trying to call REST apis with the bearer token.
> *2017-10-10 13:20:04,644 ERROR
> [org.keycloak.adapters.rotation.AdapterRSATokenVerifier] (default task-3)
> Didn't find publicKey for kid: ZYQgZN0Duih0dG81_cNfvZYUDG78bZJ6y3CyVzich88*
> *2017-10-10 13:20:04,644 ERROR
> [org.keycloak.adapters.BearerTokenRequestAuthenticator] (default task-3)
> Failed to verify token: org.keycloak.common.VerificationException: Didn't
> find publicKey for specified kid*
> *        at
> org.keycloak.adapters.rotation.AdapterRSATokenVerifier.getPublicKey(AdapterRSATokenVerifier.java:47)*
> *        at
> org.keycloak.adapters.rotation.AdapterRSATokenVerifier.verifyToken(AdapterRSATokenVerifier.java:55)*
> *        at
> org.keycloak.adapters.rotation.AdapterRSATokenVerifier.verifyToken(AdapterRSATokenVerifier.java:37)*
> *        at
> org.keycloak.adapters.BearerTokenRequestAuthenticator.authenticateToken(BearerTokenRequestAuthenticator.java:87)*
> *        at
> org.keycloak.adapters.BearerTokenRequestAuthenticator.authenticate(BearerTokenRequestAuthenticator.java:82)*
> *        at
> org.keycloak.adapters.RequestAuthenticator.authenticate(RequestAuthenticator.java:68)*
>
> Please help in resolving the error.
>
> Regards,
> Ganga Lakshmanasamy
>
> <http://www.avg.com/email-signature?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=webmail>
> Virus-free.
> www.avg.com
> <http://www.avg.com/email-signature?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=webmail>
> <#DAB4FAD8-2DD7-40BB-A1B8-4E2AA1F9FDF2>
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user

More information about the keycloak-user mailing list