[keycloak-user] Signed JWT issue

Marek Posolda mposolda at redhat.com
Mon Aug 22 13:43:55 EDT 2016 

It seems that you're using some quite old adapter version on Tomcat 
side. Could you try to update to latest Keycloak adapter in your Tomcat 
as well?

Marek

On 12/08/16 09:44, abhishek raghav wrote:
> Hi Team,
>
> Recently i ran into an issue where i am using signedJWT tokens as 
> client authentication mechnaism instead of client id/secret.
>
> My keyclok.json looks like this:
>
>   "realm": "nginx",
>   "realm-public-key": 
> "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzb6ecdzvU+RoI0Qu6Psh1NFKLUoSuSfoAdW/nD5sr0M1FDpLOrsRIzIRScS9DJ28n1+Kdvrad9aS/UMsr+NXHRoSPeZuabAtfDCYx49+NhtR+LW97rB4lBNnXf148mkhikyZ0B08naQlhgkAqBXR5oxOo/FqWCObhZxBPsU9BcL4Qb5JO1we8k+7kIHTFyhHbZvEAk292eIG+GyrUDh+ZyE8T8Myde0GM1Korg9ZsdYxbb3U78bmxgvBmeye+Dq89EbyNDE3K/7giq7Gmh4Gu6fVcJG9tCjl1pS7CiDH1gTuITJxSJO3bPRf58SVoId8S26/5YMIq7pqwXe/pyvAewIDAQAB",
>   "auth-server-url": "http://192.168.99.100:31048/auth",
>   "ssl-required": "external",
>   "resource": "product-portal",
>   "enable-cors" : false,
>   "credentials": {
>    "jwt": {
>  "client-key-password": "changeit",
>  "client-keystore-file": "/keystore/keystore.jks",
>  "client-keystore-password": "changeit",
>  "client-key-alias": "product-portal",
>      "token-timeout": 10,
>  "client-keystore-type": "jks"
>     }
>   }
> }
>
>
> But when i am trying to deploy this app in my local tomcat, the app 
> doesnt deploy and failed. I saw my catalina.log file which tells this:
>
> 12-Aug-2016 07:13:09.400 SEVERE [localhost-startStop-1] 
> org.apache.catalina.startup.HostConfig.deployWAR Error deploying web 
> applicatio
> n archive /usr/local/tomcat/webapps/product-portal.war
>  java.lang.RuntimeException: 
> org.codehaus.jackson.map.JsonMappingException: Can not deserialize 
> instance of java.lang.String out of STA
> RT_OBJECT token
>  at [Source: java.io.FileInputStream at 7d33dbab; line: 9, column: 5] 
> (through reference chain: org.keycloak.representations.adapters.conf
> ig.AdapterConfig["credentials"])
>         at 
> org.keycloak.adapters.KeycloakDeploymentBuilder.loadAdapterConfig(KeycloakDeploymentBuilder.java:104)
>         at 
> org.keycloak.adapters.KeycloakDeploymentBuilder.build(KeycloakDeploymentBuilder.java:93)
>         at 
> org.keycloak.adapters.tomcat.AbstractKeycloakAuthenticatorValve.keycloakInit(AbstractKeycloakAuthenticatorValve.java:116)
>         at 
> org.keycloak.adapters.tomcat.AbstractKeycloakAuthenticatorValve.lifecycleEvent(AbstractKeycloakAuthenticatorValve.java:65)
>         at 
> org.apache.catalina.util.LifecycleSupport.fireLifecycleEvent(LifecycleSupport.java:95)
>         at 
> org.apache.catalina.util.LifecycleBase.fireLifecycleEvent(LifecycleBase.java:90)
>         at 
> org.apache.catalina.util.LifecycleBase.setStateInternal(LifecycleBase.java:394)
>         at 
> org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:165)
>         at 
> org.apache.catalina.core.ContainerBase.addChildInternal(ContainerBase.java:725)
>         at 
> org.apache.catalina.core.ContainerBase.addChild(ContainerBase.java:701)
>         at 
> org.apache.catalina.core.StandardHost.addChild(StandardHost.java:717)
>         at 
> org.apache.catalina.startup.HostConfig.deployWAR(HostConfig.java:940)
>         at 
> org.apache.catalina.startup.HostConfig$DeployWar.run(HostConfig.java:1816)
>         at 
> java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:471)
>         at java.util.concurrent.FutureTask.run(FutureTask.java:262)
>         at 
> java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
>         at 
> java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
>         at java.lang.Thread.run(Thread.java:745)
> Caused by: org.codehaus.jackson.map.JsonMappingException: Can not 
> deserialize instance of java.lang.String out of START_OBJECT token
>  at [Source: java.io.FileInputStream at 7d33dbab; line: 9, column: 5] 
> (through reference chain: org.keycloak.representations.adapters.conf
> ig.AdapterConfig["credentials"])
>         at 
> org.codehaus.jackson.map.JsonMappingException.from(JsonMappingException.java:163)
>         at 
> org.codehaus.jackson.map.deser.StdDeserializationContext.mappingException(StdDeserializationContext.java:219)
>         at 
> org.codehaus.jackson.map.deser.std.StringDeserializer.deserialize(StringDeserializer.java:44)
>         at 
> org.codehaus.jackson.map.deser.std.StringDeserializer.deserialize(StringDeserializer.java:13)
>         at 
> org.codehaus.jackson.map.deser.std.MapDeserializer._readAndBind(MapDeserializer.java:319)
>         at 
> org.codehaus.jackson.map.deser.std.MapDeserializer.deserialize(MapDeserializer.java:249)
>         at 
> org.codehaus.jackson.map.deser.std.MapDeserializer.deserialize(MapDeserializer.java:33)
>         at 
> org.codehaus.jackson.map.deser.SettableBeanProperty.deserialize(SettableBeanProperty.java:299)
>         at 
> org.codehaus.jackson.map.deser.SettableBeanProperty$MethodProperty.deserializeAndSet(SettableBeanProperty.java:414)
>         at 
> org.codehaus.jackson.map.deser.BeanDeserializer.deserializeFromObject(BeanDeserializer.java:697)
> ......
>
> It shows problem in "credentials" property to deserilize.
>
> I am using Keycloak 2.0.0.Final and tomcat 8.0.36 version.
> for keycloak I am using tomcat adapter for my app.
>
> Please help.
>
>
> *- Best Regards*
>    Abhishek Raghav
>
>
>
>
>
>
>
>
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-user/attachments/20160822/a6886631/attachment.html

More information about the keycloak-user mailing list