Re: [keycloak-user] Import IDP config from URL not working?
Why do you think the issuer should be changed to accounts.google.com?
I'm not sure about the keys as our code eats the error. How can I
reproduce this? Meaning how can I set up my google account and such?
Same as regular social provider stuff?
On 5/12/2015 5:37 PM, Thorsten wrote:
I tried to import the basic IDP config for a custom "OpenID
Connect
v1.0" provider from the published Google autoconf URL:
https://accounts.google.com/.well-known/openid-configuration
The URLs are picked up fine but there seem to be two issues:
1.) the "Issuer" is imported as "https://accounts.google.com" when
it
should be "accounts.google.com <http://accounts.google.com>"
2.) the public validation keys are not imported correctly. The always
produce
12:09:40,416 ERROR
[org.keycloak.broker.oidc.AbstractOAuth2IdentityProvider] (default
task-17) Failed to make identity provider oauth callback:
org.keycloak.broker.provider.IdentityBrokerException: token signature
validation failed
at
org.keycloak.broker.oidc.OIDCIdentityProvider.validateToken(OIDCIdentityProvider.java:286)
when authentication is being performed.
Are these bugs or is the published discovery document from Google not
standard compliant?
Thanks
_______________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user
--
Bill Burke
JBoss, a division of Red Hat
http://bill.burkecentral.com