[keycloak-user] Hitting error -- "Didn't find publicKey for specified kid"
Sebastien Blanc
sblanc at redhat.com
Mon Jul 24 10:42:54 EDT 2017
Ok and for :
<secure-deployment name="my war file.war">
Did you replace that with the actual name of your war file ?
On Mon, Jul 24, 2017 at 4:35 PM, Rajesh Ghosh <ghosh.rajesh at gmail.com>
wrote:
> Hello Sebastien,
>
> I am using 3.1.0.Final build.
>
> Thanks,
> Rajesh
>
> On Mon, Jul 24, 2017 at 7:56 PM, Sebastien Blanc <sblanc at redhat.com>
> wrote:
>
>> Which version of Keycloak are you using ?
>>
>> On Mon, Jul 24, 2017 at 3:15 PM, Rajesh Ghosh <ghosh.rajesh at gmail.com>
>> wrote:
>>
>>> Hi,
>>>
>>> I am trying to secure my REST services using the method described in the
>>> document --
>>>
>>>
>>> http://blog.keycloak.org/2015/10/getting-started-with-keyclo
>>> ak-securing.html
>>>
>>>
>>> I am securing my war using JBoss subsystem , instead of per-war option.
>>> The
>>> relevant sections from my standalone.xml are posted below.
>>>
>>> <extensions>
>>> ......
>>> <extension module="org.keycloak.keycloak-adapter-subsystem"/>
>>> </extensions>
>>>
>>> <security-domains>
>>> .....
>>> <security-domain name="keycloak">
>>> <authentication>
>>> <login-module
>>> code="org.keycloak.adapters.jboss.KeycloakLoginModule" flag="required"/>
>>> </authentication>
>>> </security-domain>
>>> </security-domains>
>>>
>>> <subsystem xmlns="urn:jboss:domain:keycloak:1.1">
>>> <secure-deployment name="my war file.war">
>>> <realm>bkofc</realm>
>>> <resource>bkofc-svc</resource>
>>>
>>> <use-resource-role-mappings>true</use-resource-role-mappings>
>>> <bearer-only>true</bearer-only>
>>> <auth-server-url>http://192.168.99.100/30001/auth
>>> </auth-server-url>
>>> <ssl-required>none</ssl-required>
>>> <credential
>>> name="secret">9bcc6d9f-9c72-4b58-b297-79f0f207d9e1</credential>
>>> </secure-deployment>
>>> </subsystem>
>>>
>>> I am able to obtain the access token.
>>>
>>> curl -i curl --data
>>> "grant_type=password&client_id=bkofc-web&username=user&passw
>>> ord=password"
>>> http://192.168.99.100:30001/auth/realms/bkofc/protocol/openi
>>> d-connect/token
>>>
>>> Note:- I have created 2 clients -- i) bkofc-svc which is bearer only,
>>> for
>>> my REST services ii) bkofc-web , a public client to simulate UI login
>>>
>>> However when I try to use the access token to invoke a service, I am
>>> getting the error -
>>>
>>> Status: 401
>>>
>>> WWW-Authenticate Bearer realm="bkofc", error="invalid_token",
>>> error_description="Didn't find publicKey for specified kid"
>>>
>>> Please let me know if I am missing something here. I have been breaking
>>> my
>>> head last few days without any luck ! I have also tried rotating the
>>> realm
>>> keys.
>>>
>>> Thanks,
>>> Rajesh
>>> _______________________________________________
>>> keycloak-user mailing list
>>> keycloak-user at lists.jboss.org
>>> https://lists.jboss.org/mailman/listinfo/keycloak-user
>>>
>>
>>
>
More information about the keycloak-user
mailing list