<div dir="ltr">Hi all, <div><br></div><div>I&#39;m trying to use keycloak as identity broker in front of openAm 12, using openId Connect 1.0.</div><div>After authenticating against openAM, (so, redirection is ok), I get the following error in keycloak when validating the token : </div><div><div>Caused by: org.codehaus.jackson.JsonParseException: Numeric value (1448455006000</div><div>) out of range of int</div><div>......</div><div>at org.keycloak.jose.jws.JWSInput.readJsonContent(JWSInput.java:84)</div><div>at org.keycloak.broker.oidc.OIDCIdentityProvider.validateToken(OIDCIdent</div><div>ityProvider.java:290)</div></div><div><br></div><div>Here&#39;s the returned jwt :</div><div>eyAidHlwIjogIkpXVCIsICJhbGciOiAiUlMyNTYiLCAiY3R5IjogIkpXVCIsICJraWQiOiAiNGJkYmQ0NzYtNmE1ZS00ZTZkLTk3MzEtNGEyNmNjZmQ2NGE5IiB9.eyAidG9rZW5OYW1lIjogImlkX3Rva2VuIiwgImF6cCI6ICJpbXBsaWNpdGNsaWVudCIsICJzdWIiOiAiYW1hZG1pbiIsICJhdF9oYXNoIjogIkFqTDJGSHpQTXlKWGJoODBrY2UwQ1EiLCAiaXNzIjogImh0dHA6Ly9sb2NhbGhvc3Q6ODA4MC9vcGVuYW0iLCAiaWF0IjogMTQ0ODQ1NDQwNiwgImF1dGhfdGltZSI6IDE0NDg0NTQ0MDYsICJleHAiOiAxNDQ4NDU1MDA2MDAwLCAidG9rZW5UeXBlIjogIkpXVFRva2VuIiwgInJlYWxtIjogIi8iLCAiYXVkIjogWyAiaW1wbGljaXRjbGllbnQiIF0sICJjX2hhc2giOiAia0x1ajJfdEJMdVllZVRaWXpETFl4ZyIsICJvcHMiOiAiYTQ5ZWE5OTAtYTFiMS00MGViLWI5ZDMtYTI2YmNiMDE0OGEwIiB9.oiPF0jQP7YRfPeHWV3szNrQ1TYdDieAav0_j2dGXM0iOoMCg4Mk_2tSANQRLRct6Lr_erSFqxFE6Wo6Jvd8aaVWzX6CyS_jD4jYgXywZE5XvkUWuebw8jaODSJddlqelMnEN1bWA1U6i5uaxFDT-occhcM6J5Xpf3j7oGZ1s1i0<br></div><div><br></div><div>-&gt; <span style="color:rgb(0,0,0);font-family:&#39;Segoe UI&#39;,Verdana,helvetica,sans-serif;font-size:medium">{</span></div><div style="color:rgb(0,0,0);font-family:&#39;Segoe UI&#39;,Verdana,helvetica,sans-serif;font-size:medium"><span class="" style="float:left;width:2em;display:inline-block"> </span><span class="" style="color:rgb(228,1,1)">tokenName</span>: <span class="" style="color:rgb(36,134,181)">&quot;id_token&quot;</span>,</div><div style="color:rgb(0,0,0);font-family:&#39;Segoe UI&#39;,Verdana,helvetica,sans-serif;font-size:medium"><span class="" style="float:left;width:2em;display:inline-block"> </span><span class="" style="color:rgb(228,1,1)">azp</span>: <span class="" style="color:rgb(36,134,181)">&quot;implicitclient&quot;</span>,</div><div style="color:rgb(0,0,0);font-family:&#39;Segoe UI&#39;,Verdana,helvetica,sans-serif;font-size:medium"><span class="" style="float:left;width:2em;display:inline-block"> </span><span class="" style="color:rgb(228,1,1);display:inline;text-decoration:underline">sub</span>: <span class="" style="color:rgb(36,134,181)">&quot;amadmin&quot;</span>,</div><div style="color:rgb(0,0,0);font-family:&#39;Segoe UI&#39;,Verdana,helvetica,sans-serif;font-size:medium"><span class="" style="float:left;width:2em;display:inline-block"> </span><span class="" style="color:rgb(228,1,1)">at_hash</span>: <span class="" style="color:rgb(36,134,181)">&quot;AjL2FHzPMyJXbh80kce0CQ&quot;</span>,</div><div style="color:rgb(0,0,0);font-family:&#39;Segoe UI&#39;,Verdana,helvetica,sans-serif;font-size:medium"><span class="" style="float:left;width:2em;display:inline-block"> </span><span class="" style="color:rgb(228,1,1);display:inline;text-decoration:underline">iss</span>: <span class="" style="color:rgb(36,134,181)">&quot;<a href="http://localhost:8080/openam">http://localhost:8080/openam</a>&quot;</span>,</div><div style="color:rgb(0,0,0);font-family:&#39;Segoe UI&#39;,Verdana,helvetica,sans-serif;font-size:medium"><span class="" style="float:left;width:2em;display:inline-block"> </span><span class="" style="color:rgb(228,1,1);display:inline;text-decoration:underline">iat</span>: <span class="" style="color:rgb(36,134,181);display:inline;text-decoration:underline">1448454406</span>,</div><div style="color:rgb(0,0,0);font-family:&#39;Segoe UI&#39;,Verdana,helvetica,sans-serif;font-size:medium"><span class="" style="float:left;width:2em;display:inline-block"> </span><span class="" style="color:rgb(228,1,1)">auth_time</span>: <span class="" style="color:rgb(36,134,181)">1448454406</span>,</div><div style="color:rgb(0,0,0);font-family:&#39;Segoe UI&#39;,Verdana,helvetica,sans-serif;font-size:medium"><span class="" style="float:left;width:2em;display:inline-block"> </span><span class="" style="color:rgb(228,1,1);display:inline;text-decoration:underline">exp</span>: <span class="" style="color:rgb(36,134,181);display:inline;text-decoration:underline">1448455006000</span>,</div><div style="color:rgb(0,0,0);font-family:&#39;Segoe UI&#39;,Verdana,helvetica,sans-serif;font-size:medium"><span class="" style="float:left;width:2em;display:inline-block"> </span><span class="" style="color:rgb(228,1,1)">tokenType</span>: <span class="" style="color:rgb(36,134,181)">&quot;JWTToken&quot;</span>,</div><div style="color:rgb(0,0,0);font-family:&#39;Segoe UI&#39;,Verdana,helvetica,sans-serif;font-size:medium"><span class="" style="float:left;width:2em;display:inline-block"> </span><span class="" style="color:rgb(228,1,1)">realm</span>: <span class="" style="color:rgb(36,134,181)">&quot;/&quot;</span>,</div><div style="color:rgb(0,0,0);font-family:&#39;Segoe UI&#39;,Verdana,helvetica,sans-serif;font-size:medium"><span class="" style="float:left;width:2em;display:inline-block"> </span><span class="" style="color:rgb(228,1,1);display:inline;text-decoration:underline">aud</span>: [<div><span class="" style="float:left;width:2em;display:inline-block"> </span><span class="" style="float:left;width:2em;display:inline-block"> </span><span class="" style="color:rgb(36,134,181)">&quot;implicitclient&quot;</span></div><div><span class="" style="float:left;width:2em;display:inline-block"> </span>],</div><div><span class="" style="float:left;width:2em;display:inline-block"> </span><span class="" style="color:rgb(228,1,1)">c_hash</span>: <span class="" style="color:rgb(36,134,181)">&quot;kLuj2_tBLuYeeTZYzDLYxg&quot;</span>,</div><div><span class="" style="float:left;width:2em;display:inline-block"> </span><span class="" style="color:rgb(228,1,1)">ops</span>: <span class="" style="color:rgb(36,134,181)">&quot;a49ea990-a1b1-40eb-b9d3-a26bcb0148a0&quot;</span></div><div>}.</div></div><div><br></div><div>So far, as we can see using a jwt decoder ( <a href="http://calebb.net/">http://calebb.net/</a> ) the &quot;out of range int&quot; is the exp (expiration date)</div><div><br></div><div>As I can see in class &quot;<span class="" style="color:rgb(121,93,163);font-family:Consolas,&#39;Liberation Mono&#39;,Menlo,Courier,monospace;font-size:12px;line-height:16.8px;white-space:pre">JsonWebToken</span><span style="color:rgb(51,51,51);font-family:Consolas,&#39;Liberation Mono&#39;,Menlo,Courier,monospace;font-size:12px;line-height:16.8px;white-space:pre"> </span>&quot;, expiration is an int... Isn&#39;t it supposed to be a long ?</div><div><br></div><div>(same for iat and auth_time)</div><div>Thanks in advance for your help</div><div><br></div><div>Regards</div><div>Steve</div></div>