Re: [keycloak-user] Hitting error -- "Didn't find publicKey for specified kid"

Sebastien, I am attaching a pdf containing the screen shots. Few more points I wanted to mention. i) I didn't install the public client -- "bkofc-web" in the wildfly container which hosts my REST services. I did it for "bkofc-svc" client which is bearer only. I hope that is the correct approach. ii) Both keycloak and my application are running on docker containers locally in my laptop. Let me know if you need anything else to analyze. Thanks, Rajesh On Mon, Jul 24, 2017 at 9:13 PM, Sebastien Blanc <sblanc(a)redhat.com&gt; wrote: > yes please > > On Mon, Jul 24, 2017 at 4:54 PM, Rajesh Ghosh <ghosh.rajesh(a)gmail.com&gt; > wrote: > >> Yes definitely. I did replace it with the actual war name. Let me know >> if you would like me to paste screen shots of realm configurations, client >> configurations. >> >> Thanks, >> Rajesh >> >> On Mon, Jul 24, 2017 at 8:12 PM, Sebastien Blanc <sblanc(a)redhat.com&gt; >> wrote: >> >>> Ok and for : >>> <secure-deployment name="my war file.war"> >>> >>> Did you replace that with the actual name of your war file ? >>> >>> On Mon, Jul 24, 2017 at 4:35 PM, Rajesh Ghosh <ghosh.rajesh(a)gmail.com&gt; >>> wrote: >>> >>>> Hello Sebastien, >>>> >>>> I am using 3.1.0.Final build. >>>> >>>> Thanks, >>>> Rajesh >>>> >>>> On Mon, Jul 24, 2017 at 7:56 PM, Sebastien Blanc <sblanc(a)redhat.com&gt; >>>> wrote: >>>> >>>>> Which version of Keycloak are you using ? >>>>> >>>>> On Mon, Jul 24, 2017 at 3:15 PM, Rajesh Ghosh <ghosh.rajesh(a)gmail.com >>>>> > wrote: >>>>> >>>>>> Hi, >>>>>> >>>>>> I am trying to secure my REST services using the method described in >>>>>> the >>>>>> document -- >>>>>> >>>>>> >>>>>> http://blog.keycloak.org/2015/10/getting-started-with-keyclo >>>>>> ak-securing.html >>>>>> >>>>>> >>>>>> I am securing my war using JBoss subsystem , instead of per-war >>>>>> option. The >>>>>> relevant sections from my standalone.xml are posted below. >>>>>> >>>>>> <extensions> >>>>>> ...... >>>>>> <extension module="org.keycloak.keycloak- >>>>>> adapter-subsystem"/> >>>>>> </extensions> >>>>>> >>>>>> <security-domains> >>>>>> ..... >>>>>> <security-domain name="keycloak"> >>>>>> <authentication> >>>>>> <login-module >>>>>> code="org.keycloak.adapters.jboss.KeycloakLoginModule" >>>>>> flag="required"/> >>>>>> </authentication> >>>>>> </security-domain> >>>>>> </security-domains> >>>>>> >>>>>> <subsystem xmlns="urn:jboss:domain:keycloak:1.1"> >>>>>> <secure-deployment name="my war file.war"> >>>>>> <realm>bkofc</realm> >>>>>> <resource>bkofc-svc</resource> >>>>>> >>>>>> <use-resource-role-mappings>true</use-resource-role-mappings> >>>>>> <bearer-only>true</bearer-only> >>>>>> <auth-server-url>http://192.168.99.100/30001/auth >>>>>> </auth-server-url> >>>>>> <ssl-required>none</ssl-required> >>>>>> <credential >>>>>> name="secret">9bcc6d9f-9c72-4b58-b297-79f0f207d9e1</credential> >>>>>> </secure-deployment> >>>>>> </subsystem> >>>>>> >>>>>> I am able to obtain the access token. >>>>>> >>>>>> curl -i curl --data >>>>>> "grant_type=password&client_id=bkofc-web&username=user&passw >>>>>> ord=password" >>>>>> http://192.168.99.100:30001/auth/realms/bkofc/protocol/openi >>>>>> d-connect/token >>>>>> >>>>>> Note:- I have created 2 clients -- i) bkofc-svc which is bearer >>>>>> only, for >>>>>> my REST services ii) bkofc-web , a public client to simulate UI >>>>>> login >>>>>> >>>>>> However when I try to use the access token to invoke a service, I am >>>>>> getting the error - >>>>>> >>>>>> Status: 401 >>>>>> >>>>>> WWW-Authenticate Bearer realm="bkofc", error="invalid_token", >>>>>> error_description="Didn't find publicKey for specified kid" >>>>>> >>>>>> Please let me know if I am missing something here. I have been >>>>>> breaking my >>>>>> head last few days without any luck ! I have also tried rotating >>>>>> the realm >>>>>> keys. >>>>>> >>>>>> Thanks, >>>>>> Rajesh >>>>>> _______________________________________________ >>>>>> keycloak-user mailing list >>>>>> keycloak-user(a)lists.jboss.org >>>>>> https://lists.jboss.org/mailman/listinfo/keycloak-user >>>>>> >>>>> >>>>> >>>> >>> >> >