Re: [keycloak-user] [HS256] Use HS256 rather than RS256 for Id Token Signature
We don't support anything beyond the RS256 for sign ID tokens. OpenID
Connect has a way that allow every client to specify signature algorithm
- parameter "id_token_signed_response_alg" described in the specs [1] .
But we don't have support for this ATM. Feel free to create JIRA (but it
probably won't have very big priority).
[1]
http://openid.net/specs/openid-connect-registration-1_0.html#ClientMetadata
Marek
On 16/01/18 17:42, FOUTREIN Thomas wrote:
Hello,
I m trying to connect our keycloak instance with France Connect (the french public openid
connect platform)
But France Connect doesn't accept Id Token signed with RSA key , it only accept HS256
with a shared secret to verify the signature
I tried to desactivate in my Realm the RSA Provider , but this has no effect on the Token
generated (always RS256)
Do you have a simple solution for that ?
thanks in advance
Thomas
_______________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user