Many thanks Hans!
I very much appreciate your help. Introspection now works for me; turns out I did indeed
have a few problems of inconsistent <host>:<port> combinations:
1. In one case, the token was obtained using HTTPS and port 443, but the Introspection was
done using HTTP and port 80.
2. The Host header in the HTTP introspection request contained the resolved IP address of
the keycloak server (and not its domain name), while the destination for the POST request
for obtaining the token was the domain name itself.
3. In another case, the token was obtained from keycloak server at port 8080, but the Host
header in the introspection request didn't include the port (which isn't HTTP
default port, so it is needed).
Thanks,
Dorit
-----Original Message-----
From: keycloak-user-bounces(a)lists.jboss.org [mailto:keycloak-user-bounces@lists.jboss.org]
On Behalf Of Hans Zandbelt
Sent: Monday, July 23, 2018 21:34
To: keycloak-user(a)lists.jboss.org
Subject: Re: [keycloak-user] Keycloak - grant_type when getting a token and token
introspection
Check that you're calling the introspection endpoint using the same
<host>:<port> combo as the one that was used when the token was obtained by
the client in the call to the token endpoint otherwise the introspection result will
always be { "active": "false" }.
Hans.
--
hans.zandbelt(a)zmartzone.eu
ZmartZone IAM -
https://emea01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwebdefe...
_______________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org
https://emea01.safelinks.protection.outlook.com/?url=https%3A%2F%2Flists....
This email and any files transmitted with it are confidential material. They are intended
solely for the use of the designated individual or entity to whom they are addressed. If
the reader of this message is not the intended recipient, you are hereby notified that any
dissemination, use, distribution or copying of this communication is strictly prohibited
and may be unlawful.
If you have received this email in error please immediately notify the sender and delete
or destroy any copy of this message