9:54 a.m.
Yes definitely. I did replace it with the actual war name. Let me know if
you would like me to paste screen shots of realm configurations, client
configurations.
Thanks,
Rajesh
On Mon, Jul 24, 2017 at 8:12 PM, Sebastien Blanc <sblanc(a)redhat.com> wrote:
Ok and for :
<secure-deployment name="my war file.war">
Did you replace that with the actual name of your war file ?
On Mon, Jul 24, 2017 at 4:35 PM, Rajesh Ghosh <ghosh.rajesh(a)gmail.com>
wrote:
> Hello Sebastien,
>
> I am using 3.1.0.Final build.
>
> Thanks,
> Rajesh
>
> On Mon, Jul 24, 2017 at 7:56 PM, Sebastien Blanc <sblanc(a)redhat.com>
> wrote:
>
>> Which version of Keycloak are you using ?
>>
>> On Mon, Jul 24, 2017 at 3:15 PM, Rajesh Ghosh <ghosh.rajesh(a)gmail.com>
>> wrote:
>>
>>> Hi,
>>>
>>> I am trying to secure my REST services using the method described in the
>>> document --
>>>
>>>
>>> http://blog.keycloak.org/2015/10/getting-started-with-keyclo
>>> ak-securing.html
>>>
>>>
>>> I am securing my war using JBoss subsystem , instead of per-war option.
>>> The
>>> relevant sections from my standalone.xml are posted below.
>>>
>>> <extensions>
>>> ......
>>> <extension
module="org.keycloak.keycloak-adapter-subsystem"/>
>>> </extensions>
>>>
>>> <security-domains>
>>> .....
>>> <security-domain name="keycloak">
>>> <authentication>
>>> <login-module
>>> code="org.keycloak.adapters.jboss.KeycloakLoginModule"
>>> flag="required"/>
>>> </authentication>
>>> </security-domain>
>>> </security-domains>
>>>
>>> <subsystem xmlns="urn:jboss:domain:keycloak:1.1">
>>> <secure-deployment name="my war file.war">
>>> <realm>bkofc</realm>
>>> <resource>bkofc-svc</resource>
>>>
>>> <use-resource-role-mappings>true</use-resource-role-mappings>
>>> <bearer-only>true</bearer-only>
>>> <auth-server-url>http://192.168.99.100/30001/auth
>>> </auth-server-url>
>>> <ssl-required>none</ssl-required>
>>> <credential
>>>
name="secret">9bcc6d9f-9c72-4b58-b297-79f0f207d9e1</credential>
>>> </secure-deployment>
>>> </subsystem>
>>>
>>> I am able to obtain the access token.
>>>
>>> curl -i curl --data
>>>
"grant_type=password&client_id=bkofc-web&username=user&passw
>>> ord=password"
>>> http://192.168.99.100:30001/auth/realms/bkofc/protocol/openi
>>> d-connect/token
>>>
>>> Note:- I have created 2 clients -- i) bkofc-svc which is bearer only,
>>> for
>>> my REST services ii) bkofc-web , a public client to simulate UI login
>>>
>>> However when I try to use the access token to invoke a service, I am
>>> getting the error -
>>>
>>> Status: 401
>>>
>>> WWW-Authenticate Bearer realm="bkofc",
error="invalid_token",
>>> error_description="Didn't find publicKey for specified kid"
>>>
>>> Please let me know if I am missing something here. I have been breaking
>>> my
>>> head last few days without any luck ! I have also tried rotating the
>>> realm
>>> keys.
>>>
>>> Thanks,
>>> Rajesh
>>> _______________________________________________
>>> keycloak-user mailing list
>>> keycloak-user(a)lists.jboss.org
>>> https://lists.jboss.org/mailman/listinfo/keycloak-user
>>>
>>
>>
>