[keycloak-user] Hitting error -- "Didn't find publicKey for specified kid"
Sebastien Blanc
sblanc at redhat.com
Mon Jul 24 11:43:08 EDT 2017
yes please
On Mon, Jul 24, 2017 at 4:54 PM, Rajesh Ghosh <ghosh.rajesh at gmail.com>
wrote:
> Yes definitely. I did replace it with the actual war name. Let me know if
> you would like me to paste screen shots of realm configurations, client
> configurations.
>
> Thanks,
> Rajesh
>
> On Mon, Jul 24, 2017 at 8:12 PM, Sebastien Blanc <sblanc at redhat.com>
> wrote:
>
>> Ok and for :
>> <secure-deployment name="my war file.war">
>>
>> Did you replace that with the actual name of your war file ?
>>
>> On Mon, Jul 24, 2017 at 4:35 PM, Rajesh Ghosh <ghosh.rajesh at gmail.com>
>> wrote:
>>
>>> Hello Sebastien,
>>>
>>> I am using 3.1.0.Final build.
>>>
>>> Thanks,
>>> Rajesh
>>>
>>> On Mon, Jul 24, 2017 at 7:56 PM, Sebastien Blanc <sblanc at redhat.com>
>>> wrote:
>>>
>>>> Which version of Keycloak are you using ?
>>>>
>>>> On Mon, Jul 24, 2017 at 3:15 PM, Rajesh Ghosh <ghosh.rajesh at gmail.com>
>>>> wrote:
>>>>
>>>>> Hi,
>>>>>
>>>>> I am trying to secure my REST services using the method described in
>>>>> the
>>>>> document --
>>>>>
>>>>>
>>>>> http://blog.keycloak.org/2015/10/getting-started-with-keyclo
>>>>> ak-securing.html
>>>>>
>>>>>
>>>>> I am securing my war using JBoss subsystem , instead of per-war
>>>>> option. The
>>>>> relevant sections from my standalone.xml are posted below.
>>>>>
>>>>> <extensions>
>>>>> ......
>>>>> <extension module="org.keycloak.keycloak-adapter-subsystem"/>
>>>>> </extensions>
>>>>>
>>>>> <security-domains>
>>>>> .....
>>>>> <security-domain name="keycloak">
>>>>> <authentication>
>>>>> <login-module
>>>>> code="org.keycloak.adapters.jboss.KeycloakLoginModule"
>>>>> flag="required"/>
>>>>> </authentication>
>>>>> </security-domain>
>>>>> </security-domains>
>>>>>
>>>>> <subsystem xmlns="urn:jboss:domain:keycloak:1.1">
>>>>> <secure-deployment name="my war file.war">
>>>>> <realm>bkofc</realm>
>>>>> <resource>bkofc-svc</resource>
>>>>>
>>>>> <use-resource-role-mappings>true</use-resource-role-mappings>
>>>>> <bearer-only>true</bearer-only>
>>>>> <auth-server-url>http://192.168.99.100/30001/auth
>>>>> </auth-server-url>
>>>>> <ssl-required>none</ssl-required>
>>>>> <credential
>>>>> name="secret">9bcc6d9f-9c72-4b58-b297-79f0f207d9e1</credential>
>>>>> </secure-deployment>
>>>>> </subsystem>
>>>>>
>>>>> I am able to obtain the access token.
>>>>>
>>>>> curl -i curl --data
>>>>> "grant_type=password&client_id=bkofc-web&username=user&passw
>>>>> ord=password"
>>>>> http://192.168.99.100:30001/auth/realms/bkofc/protocol/openi
>>>>> d-connect/token
>>>>>
>>>>> Note:- I have created 2 clients -- i) bkofc-svc which is bearer only,
>>>>> for
>>>>> my REST services ii) bkofc-web , a public client to simulate UI login
>>>>>
>>>>> However when I try to use the access token to invoke a service, I am
>>>>> getting the error -
>>>>>
>>>>> Status: 401
>>>>>
>>>>> WWW-Authenticate Bearer realm="bkofc", error="invalid_token",
>>>>> error_description="Didn't find publicKey for specified kid"
>>>>>
>>>>> Please let me know if I am missing something here. I have been
>>>>> breaking my
>>>>> head last few days without any luck ! I have also tried rotating the
>>>>> realm
>>>>> keys.
>>>>>
>>>>> Thanks,
>>>>> Rajesh
>>>>> _______________________________________________
>>>>> keycloak-user mailing list
>>>>> keycloak-user at lists.jboss.org
>>>>> https://lists.jboss.org/mailman/listinfo/keycloak-user
>>>>>
>>>>
>>>>
>>>
>>
>
More information about the keycloak-user
mailing list