[keycloak-user] Hitting error -- "Didn't find publicKey for specified kid"

Rajesh Ghosh ghosh.rajesh at gmail.com
Mon Jul 24 10:35:59 EDT 2017 

Hello Sebastien,

I am using 3.1.0.Final build.

Thanks,
Rajesh

On Mon, Jul 24, 2017 at 7:56 PM, Sebastien Blanc <sblanc at redhat.com> wrote:

> Which version of Keycloak are you using ?
>
> On Mon, Jul 24, 2017 at 3:15 PM, Rajesh Ghosh <ghosh.rajesh at gmail.com>
> wrote:
>
>> Hi,
>>
>> I am trying to secure my REST services using the method described in the
>> document --
>>
>>
>> http://blog.keycloak.org/2015/10/getting-started-with-keyclo
>> ak-securing.html
>>
>>
>> I am securing my war using JBoss subsystem , instead of per-war option.
>> The
>> relevant sections from my standalone.xml  are posted below.
>>
>>     <extensions>
>>          ......
>>         <extension module="org.keycloak.keycloak-adapter-subsystem"/>
>>     </extensions>
>>
>>          <security-domains>
>>                 .....
>>                 <security-domain name="keycloak">
>>                     <authentication>
>>                         <login-module
>> code="org.keycloak.adapters.jboss.KeycloakLoginModule" flag="required"/>
>>                     </authentication>
>>                 </security-domain>
>>             </security-domains>
>>
>>         <subsystem xmlns="urn:jboss:domain:keycloak:1.1">
>>             <secure-deployment name="my war file.war">
>>                 <realm>bkofc</realm>
>>                 <resource>bkofc-svc</resource>
>>
>> <use-resource-role-mappings>true</use-resource-role-mappings>
>>                 <bearer-only>true</bearer-only>
>>                 <auth-server-url>http://192.168.99.100/30001/auth
>> </auth-server-url>
>>                 <ssl-required>none</ssl-required>
>>                 <credential
>> name="secret">9bcc6d9f-9c72-4b58-b297-79f0f207d9e1</credential>
>>             </secure-deployment>
>>         </subsystem>
>>
>> I am able to obtain the access token.
>>
>> curl -i  curl --data
>> "grant_type=password&client_id=bkofc-web&username=user&password=password"
>> http://192.168.99.100:30001/auth/realms/bkofc/protocol/openi
>> d-connect/token
>>
>> Note:- I have created 2 clients -- i)  bkofc-svc which is bearer only, for
>> my REST services  ii) bkofc-web , a public client to simulate UI login
>>
>> However when I try to use the access token to invoke a service, I am
>> getting the error -
>>
>> Status: 401
>>
>> WWW-Authenticate Bearer realm="bkofc", error="invalid_token",
>> error_description="Didn't find publicKey for specified kid"
>>
>> Please let me know if I am missing something here. I have been breaking my
>> head last few days without any luck !  I have also tried rotating the
>> realm
>> keys.
>>
>> Thanks,
>> Rajesh
>> _______________________________________________
>> keycloak-user mailing list
>> keycloak-user at lists.jboss.org
>> https://lists.jboss.org/mailman/listinfo/keycloak-user
>>
>
>

More information about the keycloak-user mailing list