Is there any way to avoid the access code to access token exchange?
Since the Keycloak server is not accessible, I'm getting an error during
authentication:
ERROR [org.keycloak.adapters.OAuthRequestAuthenticator] (default
task-54) failed to turn code into token: java.net.UnknownHostException:
blabla.local: unknown error
...
at
org.keycloak.adapters.ServerRequest.invokeAccessCodeToToken(ServerRequest.java:111)
at
org.keycloak.adapters.OAuthRequestAuthenticator.resolveCode(OAuthRequestAuthenticator.java:330)
at
org.keycloak.adapters.OAuthRequestAuthenticator.authenticate(OAuthRequestAuthenticator.java:275)
at
org.keycloak.adapters.RequestAuthenticator.authenticate(RequestAuthenticator.java:139)
at
org.keycloak.adapters.undertow.AbstractUndertowKeycloakAuthMech.keycloakAuthenticate(AbstractUndertowKeycloakAuthMech.java:110)
at
org.keycloak.adapters.undertow.ServletKeycloakAuthMech.authenticate(ServletKeycloakAuthMech.java:92)
...
Mit freundlichen Grüßen,
------------------------------------------------------------------------
*Christian Beikov*
Am 18.04.2018 um 14:48 schrieb Thomas Darimont:
Hello Christian,
your application server needs to communicate with the Keycloak server
to retrieve the realm public key referenced in the token to verify the
token signature.
The current implementation in Keycloak fetches & caches unknown public
keys automatically.
You could also use a fixed realm public key on the application server
side but it would not support key rotation anymore.
Cheers,
Thomas
2018-04-18 13:45 GMT+02:00 Christian Beikov
<christian.beikov(a)gmail.com <mailto:christian.beikov@gmail.com>>:
Hi,
is it necessary that an application secured by Keycloak can access
the
Keycloak server? Or is it enough if the Browser can access the
Keycloak
server?
--
Mit freundlichen Grüßen,
------------------------------------------------------------------------
*Christian Beikov*
_______________________________________________
keycloak-dev mailing list
keycloak-dev(a)lists.jboss.org <mailto:keycloak-dev@lists.jboss.org>
https://lists.jboss.org/mailman/listinfo/keycloak-dev
<
https://lists.jboss.org/mailman/listinfo/keycloak-dev>