Hello,
We are receiving authorization headers from a third party that links to our site. The
endpoint being hit is not secured via spring security, however because an authorization
header is on the request KeycloakAuthenticationProcessingFilter.java is attempting to
authenticate the request.
The result is a VerificationException from AdapterRSATokenVerifier and subsequently a 401
and a poor user experience. I am wondering if you have any advice regarding the scenario
where an invalid authorization header is received when requesting unsecured endpoints.
We are using the Keycloak spring security adapter 3.4.2.Final
Thanks!
Andrew
Show replies by date