Re: [keycloak-user] Keycloak as OIDC provider to AWS ALB, any hints!

Hi Max, I tried integrating AWS ELB and Keycloak one month ago and I encountered same problem. Because AWS ELB doesn't follow the OAuth2 spec correctly, it rejects the token endpoint response from Keycloak. The response from Keycloak contains "token_type" as follows: "token_type":"bearer" But AWS ELB expects as follows: "token_type":"Bearer" OAuth2 spec says the value is case insensitive as below. So, I think we need to wait until AWS fixes this issue... If you want to try it now, you can do it by replacing the response in front of Keycloak using Apache HTTPD Server and so on. I tried the below setting for Apache HTTPD Server and it works!! I used Substitute Directive to replace the value. <VirtualHost *:80> ProxyPass / http://localhost:8080/ ProxyPassReverse / http://localhost:8080/ ProxyErrorOverride off AddOutputFilterByType SUBSTITUTE application/json Substitute s/"token_type":"bearer"/"token_type":"Bearer"/n </VirtualHost> Best Regards, -- Hiroyuki Wada Nomura Research Institute, Ltd. h2-wada(a)nri.co.jp -------------------------------------------------------------------- PLEASE READ:This e-mail is confidential and intended for the named recipient only. If you are not an intended recipient, please notify the sender and delete this e-mail. -------------------------------------------------------------------- On 2018/07/14 1:30, Max Allan wrote: