[keycloak-dev] Application and server in separate networks

Christian Beikov christian.beikov at gmail.com
Wed Apr 18 11:35:14 EDT 2018 

Is there any way to avoid the access code to access token exchange? 
Since the Keycloak server is not accessible, I'm getting an error during 
authentication:

  ERROR [org.keycloak.adapters.OAuthRequestAuthenticator] (default 
task-54) failed to turn code into token: java.net.UnknownHostException: 
blabla.local: unknown error
         ...
         at 
org.keycloak.adapters.ServerRequest.invokeAccessCodeToToken(ServerRequest.java:111)
         at 
org.keycloak.adapters.OAuthRequestAuthenticator.resolveCode(OAuthRequestAuthenticator.java:330)
         at 
org.keycloak.adapters.OAuthRequestAuthenticator.authenticate(OAuthRequestAuthenticator.java:275)
         at 
org.keycloak.adapters.RequestAuthenticator.authenticate(RequestAuthenticator.java:139)
         at 
org.keycloak.adapters.undertow.AbstractUndertowKeycloakAuthMech.keycloakAuthenticate(AbstractUndertowKeycloakAuthMech.java:110)
         at 
org.keycloak.adapters.undertow.ServletKeycloakAuthMech.authenticate(ServletKeycloakAuthMech.java:92)
         ...


Mit freundlichen Grüßen,
------------------------------------------------------------------------
*Christian Beikov*
Am 18.04.2018 um 14:48 schrieb Thomas Darimont:
> Hello Christian,
>
> your application server needs to communicate with the Keycloak server 
> to retrieve the realm public key referenced in the token to verify the 
> token signature.
> The current implementation in Keycloak fetches & caches unknown public 
> keys automatically.
>
> You could also use a fixed realm public key on the application server 
> side but it would not support key rotation anymore.
>
> Cheers,
> Thomas
>
> 2018-04-18 13:45 GMT+02:00 Christian Beikov 
> <christian.beikov at gmail.com <mailto:christian.beikov at gmail.com>>:
>
>     Hi,
>
>     is it necessary that an application secured by Keycloak can access
>     the
>     Keycloak server? Or is it enough if the Browser can access the
>     Keycloak
>     server?
>
>     -- 
>
>     Mit freundlichen Grüßen,
>     ------------------------------------------------------------------------
>     *Christian Beikov*
>     _______________________________________________
>     keycloak-dev mailing list
>     keycloak-dev at lists.jboss.org <mailto:keycloak-dev at lists.jboss.org>
>     https://lists.jboss.org/mailman/listinfo/keycloak-dev
>     <https://lists.jboss.org/mailman/listinfo/keycloak-dev>
>
>

More information about the keycloak-dev mailing list