9:43 a.m.
I have my keycloak 1.6.1-final cluster running behind a Netscaler that terminates the SSL
connections, therefore communication from the Netscaler to Keycloak is http but from the
Internet to the Netscaler is https. We've managed the rewrites so that logging in
works however we're now getting an error that the token audience doesn't match the
domain because the issuer is http://keycloakserver but the URL from configuration is
https://keycloakserver. Is there a way to make this configuration work? When the error
says "URL from configuration" does it mean the java app configuration or the
Keycloak configuration?
Thank you.
*** This communication has been sent from World Fuel Services
Corporation or its subsidiaries or its affiliates for the intended recipient
only and may contain proprietary, confidential or privileged information.
If you are not the intended recipient, any review, disclosure, copying,
use, or distribution of the information included in this communication
and any attachments is strictly prohibited. If you have received this
communication in error, please notify us immediately by replying to this
communication and delete the communication, including any
attachments, from your computer. Electronic communications sent to or
from World Fuel Services Corporation or its subsidiaries or its affiliates
may be monitored for quality assurance and compliance purposes.***
9:56 a.m.
Are you sending the HTTP header X-Forwarded-Proto to Keycloak?
On 04.01.2016 16:43, Thomas Barcia wrote:
I have my keycloak 1.6.1-final cluster running behind a Netscaler
that
terminates the SSL connections, therefore communication from the
Netscaler to Keycloak is http but from the Internet to the Netscaler is
https. We’ve managed the rewrites so that logging in works however
we’re now getting an error that the token audience doesn’t match the
domain because the issuer is http://keycloakserver but the URL from
configuration is https://keycloakserver. Is there a way to make this
configuration work? When the error says “URL from configuration” does it
mean the java app configuration or the Keycloak configuration?
Thank you.
*** This communication has been sent from World Fuel Services
Corporation or its subsidiaries or its affiliates for the intended
recipient
only and may contain proprietary, confidential or privileged information.
If you are not the intended recipient, any review, disclosure, copying,
use, or distribution of the information included in this communication
and any attachments is strictly prohibited. If you have received this
communication in error, please notify us immediately by replying to this
communication and delete the communication, including any
attachments, from your computer. Electronic communications sent to or
from World Fuel Services Corporation or its subsidiaries or its affiliates
may be monitored for quality assurance and compliance purposes.***
_______________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user
12:42 p.m.
We weren't but we are now and are getting the "Failed to verify token; Token is
not active" error.
-----Original Message-----
From: keycloak-user-bounces(a)lists.jboss.org [mailto:keycloak-user-bounces@lists.jboss.org]
On Behalf Of Juraci Paixão Kröhling
Sent: Monday, January 04, 2016 10:57 AM
To: keycloak-user(a)lists.jboss.org
Subject: Re: [keycloak-user] Token audience doesn't match domain.
Are you sending the HTTP header X-Forwarded-Proto to Keycloak?
On 04.01.2016 16:43, Thomas Barcia wrote:
I have my keycloak 1.6.1-final cluster running behind a Netscaler
that
terminates the SSL connections, therefore communication from the
Netscaler to Keycloak is http but from the Internet to the Netscaler
is https. We've managed the rewrites so that logging in works however
we're now getting an error that the token audience doesn't match the
domain because the issuer is http://keycloakserver but the URL from
configuration is https://keycloakserver. Is there a way to make this
configuration work? When the error says "URL from configuration" does
it mean the java app configuration or the Keycloak configuration?
Thank you.
_______________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user
_______________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user
*** This communication has been sent from World Fuel Services
Corporation or its subsidiaries or its affiliates for the intended recipient
only and may contain proprietary, confidential or privileged information.
If you are not the intended recipient, any review, disclosure, copying,
use, or distribution of the information included in this communication
and any attachments is strictly prohibited. If you have received this
communication in error, please notify us immediately by replying to this
communication and delete the communication, including any
attachments, from your computer. Electronic communications sent to or
from World Fuel Services Corporation or its subsidiaries or its affiliates
may be monitored for quality assurance and compliance purposes.***
1:33 p.m.
Token is not active is either due to the token being expired or the time on
your Keycloak server and applications not being in sync
On 4 January 2016 at 19:42, Thomas Barcia <TBarcia(a)wfscorp.com> wrote:
We weren't but we are now and are getting the "Failed to
verify token;
Token is not active" error.
-----Original Message-----
From: keycloak-user-bounces(a)lists.jboss.org [mailto:
keycloak-user-bounces(a)lists.jboss.org] On Behalf Of Juraci Paixão Kröhling
Sent: Monday, January 04, 2016 10:57 AM
To: keycloak-user(a)lists.jboss.org
Subject: Re: [keycloak-user] Token audience doesn't match domain.
Are you sending the HTTP header X-Forwarded-Proto to Keycloak?
On 04.01.2016 16:43, Thomas Barcia wrote:
> I have my keycloak 1.6.1-final cluster running behind a Netscaler that
> terminates the SSL connections, therefore communication from the
> Netscaler to Keycloak is http but from the Internet to the Netscaler
> is https. We've managed the rewrites so that logging in works however
> we're now getting an error that the token audience doesn't match the
> domain because the issuer is http://keycloakserver but the URL from
> configuration is https://keycloakserver. Is there a way to make this
> configuration work? When the error says "URL from configuration" does
> it mean the java app configuration or the Keycloak configuration?
>
> Thank you.
> _______________________________________________
> keycloak-user mailing list
> keycloak-user(a)lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
>
_______________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user
*** This communication has been sent from World Fuel Services
Corporation or its subsidiaries or its affiliates for the intended
recipient
only and may contain proprietary, confidential or privileged information.
If you are not the intended recipient, any review, disclosure, copying,
use, or distribution of the information included in this communication
and any attachments is strictly prohibited. If you have received this
communication in error, please notify us immediately by replying to this
communication and delete the communication, including any
attachments, from your computer. Electronic communications sent to or
from World Fuel Services Corporation or its subsidiaries or its affiliates
may be monitored for quality assurance and compliance purposes.***
_______________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user
3757
days inactive
3757
days old
3 comments
3 participants
participants (3)
-
Juraci Paixão Kröhling -
Stian Thorgersen -
Thomas Barcia