<div dir="ltr"><span style="font-size:12.8px">Token is not active is either due to the token being expired or the time on your Keycloak server and applications not being in sync</span></div><div class="gmail_extra"><br><div class="gmail_quote">On 4 January 2016 at 19:42, Thomas Barcia <span dir="ltr"><<a href="mailto:TBarcia@wfscorp.com" target="_blank">TBarcia@wfscorp.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">We weren't but we are now and are getting the "Failed to verify token; Token is not active" error.<br>
<span class="im HOEnZb"><br>
<br>
<br>
-----Original Message-----<br>
From: <a href="mailto:keycloak-user-bounces@lists.jboss.org">keycloak-user-bounces@lists.jboss.org</a> [mailto:<a href="mailto:keycloak-user-bounces@lists.jboss.org">keycloak-user-bounces@lists.jboss.org</a>] On Behalf Of Juraci Paixão Kröhling<br>
Sent: Monday, January 04, 2016 10:57 AM<br>
To: <a href="mailto:keycloak-user@lists.jboss.org">keycloak-user@lists.jboss.org</a><br>
Subject: Re: [keycloak-user] Token audience doesn't match domain.<br>
<br>
Are you sending the HTTP header X-Forwarded-Proto to Keycloak?<br>
<br>
On 04.01.2016 16:43, Thomas Barcia wrote:<br>
> I have my keycloak 1.6.1-final cluster running behind a Netscaler that<br>
> terminates the SSL connections, therefore communication from the<br>
> Netscaler to Keycloak is http but from the Internet to the Netscaler<br>
> is https. We've managed the rewrites so that logging in works however<br>
> we're now getting an error that the token audience doesn't match the<br>
> domain because the issuer is <a href="http://keycloakserver" rel="noreferrer" target="_blank">http://keycloakserver</a> but the URL from<br>
> configuration is <a href="https://keycloakserver" rel="noreferrer" target="_blank">https://keycloakserver</a>. Is there a way to make this<br>
> configuration work? When the error says "URL from configuration" does<br>
> it mean the java app configuration or the Keycloak configuration?<br>
><br>
> Thank you.<br>
</span><div class="HOEnZb"><div class="h5">> _______________________________________________<br>
> keycloak-user mailing list<br>
> <a href="mailto:keycloak-user@lists.jboss.org">keycloak-user@lists.jboss.org</a><br>
> <a href="https://lists.jboss.org/mailman/listinfo/keycloak-user" rel="noreferrer" target="_blank">https://lists.jboss.org/mailman/listinfo/keycloak-user</a><br>
><br>
_______________________________________________<br>
keycloak-user mailing list<br>
<a href="mailto:keycloak-user@lists.jboss.org">keycloak-user@lists.jboss.org</a><br>
<a href="https://lists.jboss.org/mailman/listinfo/keycloak-user" rel="noreferrer" target="_blank">https://lists.jboss.org/mailman/listinfo/keycloak-user</a><br>
*** This communication has been sent from World Fuel Services<br>
Corporation or its subsidiaries or its affiliates for the intended recipient<br>
only and may contain proprietary, confidential or privileged information.<br>
If you are not the intended recipient, any review, disclosure, copying,<br>
use, or distribution of the information included in this communication<br>
and any attachments is strictly prohibited. If you have received this<br>
communication in error, please notify us immediately by replying to this<br>
communication and delete the communication, including any<br>
attachments, from your computer. Electronic communications sent to or<br>
from World Fuel Services Corporation or its subsidiaries or its affiliates<br>
may be monitored for quality assurance and compliance purposes.***<br>
<br>
<br>
<br>
_______________________________________________<br>
keycloak-user mailing list<br>
<a href="mailto:keycloak-user@lists.jboss.org">keycloak-user@lists.jboss.org</a><br>
<a href="https://lists.jboss.org/mailman/listinfo/keycloak-user" rel="noreferrer" target="_blank">https://lists.jboss.org/mailman/listinfo/keycloak-user</a><br>
</div></div></blockquote></div><br></div>