[keycloak-user] Hitting error -- "Didn't find publicKey for specified kid"
Rajesh Ghosh
ghosh.rajesh at gmail.com
Mon Jul 24 10:35:59 EDT 2017
Hello Sebastien,
I am using 3.1.0.Final build.
Thanks,
Rajesh
On Mon, Jul 24, 2017 at 7:56 PM, Sebastien Blanc <sblanc at redhat.com> wrote:
> Which version of Keycloak are you using ?
>
> On Mon, Jul 24, 2017 at 3:15 PM, Rajesh Ghosh <ghosh.rajesh at gmail.com>
> wrote:
>
>> Hi,
>>
>> I am trying to secure my REST services using the method described in the
>> document --
>>
>>
>> http://blog.keycloak.org/2015/10/getting-started-with-keyclo
>> ak-securing.html
>>
>>
>> I am securing my war using JBoss subsystem , instead of per-war option.
>> The
>> relevant sections from my standalone.xml are posted below.
>>
>> <extensions>
>> ......
>> <extension module="org.keycloak.keycloak-adapter-subsystem"/>
>> </extensions>
>>
>> <security-domains>
>> .....
>> <security-domain name="keycloak">
>> <authentication>
>> <login-module
>> code="org.keycloak.adapters.jboss.KeycloakLoginModule" flag="required"/>
>> </authentication>
>> </security-domain>
>> </security-domains>
>>
>> <subsystem xmlns="urn:jboss:domain:keycloak:1.1">
>> <secure-deployment name="my war file.war">
>> <realm>bkofc</realm>
>> <resource>bkofc-svc</resource>
>>
>> <use-resource-role-mappings>true</use-resource-role-mappings>
>> <bearer-only>true</bearer-only>
>> <auth-server-url>http://192.168.99.100/30001/auth
>> </auth-server-url>
>> <ssl-required>none</ssl-required>
>> <credential
>> name="secret">9bcc6d9f-9c72-4b58-b297-79f0f207d9e1</credential>
>> </secure-deployment>
>> </subsystem>
>>
>> I am able to obtain the access token.
>>
>> curl -i curl --data
>> "grant_type=password&client_id=bkofc-web&username=user&password=password"
>> http://192.168.99.100:30001/auth/realms/bkofc/protocol/openi
>> d-connect/token
>>
>> Note:- I have created 2 clients -- i) bkofc-svc which is bearer only, for
>> my REST services ii) bkofc-web , a public client to simulate UI login
>>
>> However when I try to use the access token to invoke a service, I am
>> getting the error -
>>
>> Status: 401
>>
>> WWW-Authenticate Bearer realm="bkofc", error="invalid_token",
>> error_description="Didn't find publicKey for specified kid"
>>
>> Please let me know if I am missing something here. I have been breaking my
>> head last few days without any luck ! I have also tried rotating the
>> realm
>> keys.
>>
>> Thanks,
>> Rajesh
>> _______________________________________________
>> keycloak-user mailing list
>> keycloak-user at lists.jboss.org
>> https://lists.jboss.org/mailman/listinfo/keycloak-user
>>
>
>
More information about the keycloak-user
mailing list