FYI, if you are using an ALB with Keycloak, AWS appear to have quietly
fixed the B/b problem and it all works nicely out of the box now.
Problem solved.
Max
On Tue, 17 Jul 2018 at 07:29, Hiroyuki Wada <h2-wada(a)nri.co.jp> wrote:
Hi Max,
I tried integrating AWS ELB and Keycloak one month ago
and I encountered same problem.
Because AWS ELB doesn't follow the OAuth2 spec correctly,
it rejects the token endpoint response from Keycloak.
The response from Keycloak contains "token_type" as follows:
"token_type":"bearer"
But AWS ELB expects as follows:
"token_type":"Bearer"
OAuth2 spec says the value is case insensitive as below.
>
https://tools.ietf.org/html/rfc6749#section-4.2.2
>
> token_type
> REQUIRED. The type of the token issued as described in
> Section 7.1. Value is case insensitive.
So, I think we need to wait until AWS fixes this issue...