[keycloak-user] OpenId Identity Broker exception - keycloak 1.6.1
Steve Favez
favez.steve at gmail.com
Wed Nov 25 07:46:49 EST 2015
Hi all,
I'm trying to use keycloak as identity broker in front of openAm 12, using
openId Connect 1.0.
After authenticating against openAM, (so, redirection is ok), I get the
following error in keycloak when validating the token :
Caused by: org.codehaus.jackson.JsonParseException: Numeric value
(1448455006000
) out of range of int
......
at org.keycloak.jose.jws.JWSInput.readJsonContent(JWSInput.java:84)
at org.keycloak.broker.oidc.OIDCIdentityProvider.validateToken(OIDCIdent
ityProvider.java:290)
Here's the returned jwt :
eyAidHlwIjogIkpXVCIsICJhbGciOiAiUlMyNTYiLCAiY3R5IjogIkpXVCIsICJraWQiOiAiNGJkYmQ0NzYtNmE1ZS00ZTZkLTk3MzEtNGEyNmNjZmQ2NGE5IiB9.eyAidG9rZW5OYW1lIjogImlkX3Rva2VuIiwgImF6cCI6ICJpbXBsaWNpdGNsaWVudCIsICJzdWIiOiAiYW1hZG1pbiIsICJhdF9oYXNoIjogIkFqTDJGSHpQTXlKWGJoODBrY2UwQ1EiLCAiaXNzIjogImh0dHA6Ly9sb2NhbGhvc3Q6ODA4MC9vcGVuYW0iLCAiaWF0IjogMTQ0ODQ1NDQwNiwgImF1dGhfdGltZSI6IDE0NDg0NTQ0MDYsICJleHAiOiAxNDQ4NDU1MDA2MDAwLCAidG9rZW5UeXBlIjogIkpXVFRva2VuIiwgInJlYWxtIjogIi8iLCAiYXVkIjogWyAiaW1wbGljaXRjbGllbnQiIF0sICJjX2hhc2giOiAia0x1ajJfdEJMdVllZVRaWXpETFl4ZyIsICJvcHMiOiAiYTQ5ZWE5OTAtYTFiMS00MGViLWI5ZDMtYTI2YmNiMDE0OGEwIiB9.oiPF0jQP7YRfPeHWV3szNrQ1TYdDieAav0_j2dGXM0iOoMCg4Mk_2tSANQRLRct6Lr_erSFqxFE6Wo6Jvd8aaVWzX6CyS_jD4jYgXywZE5XvkUWuebw8jaODSJddlqelMnEN1bWA1U6i5uaxFDT-occhcM6J5Xpf3j7oGZ1s1i0
-> {
tokenName: "id_token",
azp: "implicitclient",
sub: "amadmin",
at_hash: "AjL2FHzPMyJXbh80kce0CQ",
iss: "http://localhost:8080/openam",
iat: 1448454406,
auth_time: 1448454406,
exp: 1448455006000,
tokenType: "JWTToken",
realm: "/",
aud: [
"implicitclient"
],
c_hash: "kLuj2_tBLuYeeTZYzDLYxg",
ops: "a49ea990-a1b1-40eb-b9d3-a26bcb0148a0"
}.
So far, as we can see using a jwt decoder ( http://calebb.net/ ) the "out
of range int" is the exp (expiration date)
As I can see in class "JsonWebToken ", expiration is an int... Isn't it
supposed to be a long ?
(same for iat and auth_time)
Thanks in advance for your help
Regards
Steve
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-user/attachments/20151125/a3c4b9c5/attachment.html
More information about the keycloak-user
mailing list