[keycloak-user] Getting error Didn't find publicKey for specified kid
Marek Posolda
mposolda at redhat.com
Wed Oct 11 08:50:15 EDT 2017
Don't you have the public key hardcoded in the keycloak.json of your
adapter file? Aka property "realm-public-key" ? It's recommended to
remove it and adapter is supposed to download the public keys from the
Keycloak server once it recognize that publicKey with unknown KID was
sent to it. See our examples, for example:
https://github.com/keycloak/keycloak/blob/master/examples/demo-template/database-service/src/main/webapp/WEB-INF/keycloak.json
Marek
On 10/10/17 15:28, Ganga Lakshmanasamy wrote:
> Hi,
>
> We have migrated from keycloak 1.9 to 3.2 recently and we have our app
> deployed in wildfly 10. The keycloak.json file is configured with the
> bearer only client and we use angular js as front end. We get the below
> error while trying to call REST apis with the bearer token.
> *2017-10-10 13:20:04,644 ERROR
> [org.keycloak.adapters.rotation.AdapterRSATokenVerifier] (default task-3)
> Didn't find publicKey for kid: ZYQgZN0Duih0dG81_cNfvZYUDG78bZJ6y3CyVzich88*
> *2017-10-10 13:20:04,644 ERROR
> [org.keycloak.adapters.BearerTokenRequestAuthenticator] (default task-3)
> Failed to verify token: org.keycloak.common.VerificationException: Didn't
> find publicKey for specified kid*
> * at
> org.keycloak.adapters.rotation.AdapterRSATokenVerifier.getPublicKey(AdapterRSATokenVerifier.java:47)*
> * at
> org.keycloak.adapters.rotation.AdapterRSATokenVerifier.verifyToken(AdapterRSATokenVerifier.java:55)*
> * at
> org.keycloak.adapters.rotation.AdapterRSATokenVerifier.verifyToken(AdapterRSATokenVerifier.java:37)*
> * at
> org.keycloak.adapters.BearerTokenRequestAuthenticator.authenticateToken(BearerTokenRequestAuthenticator.java:87)*
> * at
> org.keycloak.adapters.BearerTokenRequestAuthenticator.authenticate(BearerTokenRequestAuthenticator.java:82)*
> * at
> org.keycloak.adapters.RequestAuthenticator.authenticate(RequestAuthenticator.java:68)*
>
> Please help in resolving the error.
>
> Regards,
> Ganga Lakshmanasamy
>
> <http://www.avg.com/email-signature?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=webmail>
> Virus-free.
> www.avg.com
> <http://www.avg.com/email-signature?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=webmail>
> <#DAB4FAD8-2DD7-40BB-A1B8-4E2AA1F9FDF2>
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
More information about the keycloak-user
mailing list