Hello All,
Please is there any way to change the value of 'aud' parameter in JWT
token. The token that I get back using curl, shows that the value of this
parameter is always the 'client_id'.
Just for background: The test case is :
-> Auth_Client logs in with 'BadUser' and requests for token (Auth_Client
is configured as a Client in Keycloak and is of type 'public')
-> Keycloak sends back token with 'aud' parameter containing URI of unknown
resource
-> Auth_Client incorporates 'BadUser' token received into transaction to
Resource_Server (Resource_Server is also configured as a Client in Keycloak
and is of type 'bearer-only')
-> Resource_Server checks token and *should* deny access to requested
resource (which is unknown to Resource_server) with 401-Unauthorized
Also, I have tried enabling the 'Authorization Flow Enabled' and added
Resource/Permission/Policy and Policy Enforcement Mode is default
(Enforcing) referring to
*https://www.keycloak.org/docs/3.0/authorization_services/topics/resource-server/enable-authorization.html
<
https://www.keycloak.org/docs/3.0/authorization_services/topics/resource-...
- This information does not seem to be sent in the token from Keycloak
(when checked with curl).
- When used with our application I get 'Forbidden' for all users, even when
the User Policy was created only for 'BadUser'.
- The Auth_Client (which was 'public' type) gets automatically changed to
'confidential' type. Is this intended?
Thanks in advance.
Vrinda
On Wed, Apr 11, 2018 at 11:44 AM, vrinda nayak <vrinda.nayak(a)j4care.com>
wrote:
Hello All,
We use Keycloak standalone system as authentication server. On our
client/server side we have just installed the Keycloak Adapter.
For certain tests, we need to change the values of *'aud', 'sub',
'nbf',
'exp'* parameters in Json Web Token.
Also for one test, we need to send back an unsigned token to the client.
Can someone please advise how this can be achieved? Also which logger would
I need to set to DEBUG/TRACE in standalone.xml, to be able to see the JWT
parameters and their values in the response sent back to client?
Thanks in advance.
Vrinda