[keycloak-user] Hitting error -- "Didn't find publicKey for specified kid"
Sebastien Blanc
sblanc at redhat.com
Tue Jul 25 10:17:03 EDT 2017
Oh I think I found it : <auth-server-url>http://192.168.99.100/30001/auth
</auth-server-url>
You have a typo there , shouldn't it be http://192.168.99.100:30001/auth
<http://192.168.99.100:30001/auth/realms/bkofc/protocol/openid-connect/token>
, notice the ":" instead of "/"
On Tue, Jul 25, 2017 at 4:14 PM, Sebastien Blanc <sblanc at redhat.com> wrote:
> Oh you were faster than me on this one ;) , well you can change the log
> level of you app in the standalone.xml
>
> On Tue, Jul 25, 2017 at 4:12 PM, Rajesh Ghosh <ghosh.rajesh at gmail.com>
> wrote:
>
>> Hello Sebastien,
>>
>> I was looking at the logs of my app wildfly server , as suggested by
>> another user Thomas . Here is a relevant exception stack which I see.
>>
>> 13:56:29,450 ERROR [org.keycloak.adapters.rotation.JWKPublicKeyLocator]
>> (default task-12) Error when sending request to retrieve realm keys:
>> org.keycloak.adapters.HttpClientAdapterException: IO error
>> at org.keycloak.adapters.HttpAdapterUtils.sendJsonHttpRequest(H
>> ttpAdapterUtils.java:58)
>> at org.keycloak.adapters.rotation.JWKPublicKeyLocator.sendReque
>> st(JWKPublicKeyLocator.java:99)
>> at org.keycloak.adapters.rotation.JWKPublicKeyLocator.getPublic
>> Key(JWKPublicKeyLocator.java:63)
>> at org.keycloak.adapters.rotation.AdapterRSATokenVerifier.getPu
>> blicKey(AdapterRSATokenVerifier.java:44)
>> at org.keycloak.adapters.rotation.AdapterRSATokenVerifier.verif
>> yToken(AdapterRSATokenVerifier.java:55)
>> at org.keycloak.adapters.rotation.AdapterRSATokenVerifier.verif
>> yToken(AdapterRSATokenVerifier.java:37)
>> at org.keycloak.adapters.BearerTokenRequestAuthenticator.
>> authenticateToken(BearerTokenRequestAuthenticator.java:87)
>> at org.keycloak.adapters.BearerTokenRequestAuthenticator.
>> authenticate(BearerTokenRequestAuthenticator.java:82)
>> at org.keycloak.adapters.RequestAuthenticator.authenticate(Requ
>> estAuthenticator.java:68)
>> at org.keycloak.adapters.undertow.AbstractUndertowKeycloakAuthM
>> ech.keycloakAuthenticate(AbstractUndertowKeycloakAuthMech.java:110)
>> at org.keycloak.adapters.undertow.ServletKeycloakAuthMech.authe
>> nticate(ServletKeycloakAuthMech.java:92)
>> at io.undertow.security.impl.SecurityContextImpl$AuthAttempter.
>> transition(SecurityContextImpl.java:245)
>> at io.undertow.security.impl.SecurityContextImpl$AuthAttempter.
>> transition(SecurityContextImpl.java:263)
>> at io.undertow.security.impl.SecurityContextImpl$AuthAttempter.
>> access$100(SecurityContextImpl.java:231)
>> at io.undertow.security.impl.SecurityContextImpl.attemptAuthent
>> ication(SecurityContextImpl.java:125)
>> at io.undertow.security.impl.SecurityContextImpl.authTransition
>> (SecurityContextImpl.java:99)
>> at io.undertow.security.impl.SecurityContextImpl.authenticate(S
>> ecurityContextImpl.java:92)
>> at io.undertow.servlet.handlers.security.ServletAuthenticationC
>> allHandler.handleRequest(ServletAuthenticationCallHandler.java:55)
>> at io.undertow.server.handlers.DisableCacheHandler.handleReques
>> t(DisableCacheHandler.java:33)
>> at io.undertow.server.handlers.PredicateHandler.handleRequest(P
>> redicateHandler.java:43)
>> at io.undertow.security.handlers.AuthenticationConstraintHandle
>> r.handleRequest(AuthenticationConstraintHandler.java:53)
>> at io.undertow.security.handlers.AbstractConfidentialityHandler
>> .handleRequest(AbstractConfidentialityHandler.java:46)
>> at io.undertow.servlet.handlers.security.ServletConfidentiality
>> ConstraintHandler.handleRequest(ServletConfident
>> ialityConstraintHandler.java:64)
>> at io.undertow.servlet.handlers.security.ServletSecurityConstra
>> intHandler.handleRequest(ServletSecurityConstraintHandler.java:59)
>> at io.undertow.security.handlers.AuthenticationMechanismsHandle
>> r.handleRequest(AuthenticationMechanismsHandler.java:60)
>> at io.undertow.servlet.handlers.security.CachedAuthenticatedSes
>> sionHandler.handleRequest(CachedAuthenticatedSessionHandler.java:77)
>> at io.undertow.security.handlers.NotificationReceiverHandler.ha
>> ndleRequest(NotificationReceiverHandler.java:50)
>> at io.undertow.security.handlers.AbstractSecurityContextAssocia
>> tionHandler.handleRequest(AbstractSecurityContextAssociation
>> Handler.java:43)
>> at io.undertow.server.handlers.PredicateHandler.handleRequest(P
>> redicateHandler.java:43)
>> at org.wildfly.extension.undertow.security.jacc.JACCContextIdHa
>> ndler.handleRequest(JACCContextIdHandler.java:61)
>> at io.undertow.server.handlers.PredicateHandler.handleRequest(P
>> redicateHandler.java:43)
>> at org.keycloak.adapters.undertow.ServletPreAuthActionsHandler.
>> handleRequest(ServletPreAuthActionsHandler.java:69)
>> at io.undertow.server.handlers.PredicateHandler.handleRequest(P
>> redicateHandler.java:43)
>> at io.undertow.servlet.handlers.ServletInitialHandler.handleFir
>> stRequest(ServletInitialHandler.java:292)
>> at io.undertow.servlet.handlers.ServletInitialHandler.access$10
>> 0(ServletInitialHandler.java:81)
>> at io.undertow.servlet.handlers.ServletInitialHandler$2.call(Se
>> rvletInitialHandler.java:138)
>> at io.undertow.servlet.handlers.ServletInitialHandler$2.call(Se
>> rvletInitialHandler.java:135)
>> at io.undertow.servlet.core.ServletRequestContextThreadSetupAct
>> ion$1.call(ServletRequestContextThreadSetupAction.java:48)
>> at io.undertow.servlet.core.ContextClassLoaderSetupAction$1.
>> call(ContextClassLoaderSetupAction.java:43)
>> at io.undertow.servlet.api.LegacyThreadSetupActionWrapper$1.
>> call(LegacyThreadSetupActionWrapper.java:44)
>> at io.undertow.servlet.api.LegacyThreadSetupActionWrapper$1.
>> call(LegacyThreadSetupActionWrapper.java:44)
>> at io.undertow.servlet.api.LegacyThreadSetupActionWrapper$1.
>> call(LegacyThreadSetupActionWrapper.java:44)
>> at io.undertow.servlet.api.LegacyThreadSetupActionWrapper$1.
>> call(LegacyThreadSetupActionWrapper.java:44)
>> at io.undertow.servlet.api.LegacyThreadSetupActionWrapper$1.
>> call(LegacyThreadSetupActionWrapper.java:44)
>> at io.undertow.servlet.api.LegacyThreadSetupActionWrapper$1.
>> call(LegacyThreadSetupActionWrapper.java:44)
>> at io.undertow.servlet.handlers.ServletInitialHandler.dispatchR
>> equest(ServletInitialHandler.java:272)
>> at io.undertow.servlet.handlers.ServletInitialHandler.access$00
>> 0(ServletInitialHandler.java:81)
>> at io.undertow.servlet.handlers.ServletInitialHandler$1.handleR
>> equest(ServletInitialHandler.java:104)
>> at io.undertow.server.Connectors.executeRootHandler(Connectors.java:202)
>> at io.undertow.server.HttpServerExchange$1.run(HttpServerExchan
>> ge.java:805)
>> at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPool
>> Executor.java:1142)
>> at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoo
>> lExecutor.java:617)
>> at java.lang.Thread.run(Thread.java:748)
>> Caused by: java.net.ConnectException: Connection refused (Connection
>> refused)
>> at java.net.PlainSocketImpl.socketConnect(Native Method)
>> at java.net.AbstractPlainSocketImpl.doConnect(AbstractPlainSock
>> etImpl.java:350)
>> at java.net.AbstractPlainSocketImpl.connectToAddress(AbstractPl
>> ainSocketImpl.java:206)
>> at java.net.AbstractPlainSocketImpl.connect(AbstractPlainSocket
>> Impl.java:188)
>> at java.net.SocksSocketImpl.connect(SocksSocketImpl.java:392)
>> at java.net.Socket.connect(Socket.java:589)
>> at org.apache.http.conn.scheme.PlainSocketFactory.connectSocket
>> (PlainSocketFactory.java:117)
>> at org.apache.http.impl.conn.DefaultClientConnectionOperator.
>> openConnection(DefaultClientConnectionOperator.java:177)
>> at org.apache.http.impl.conn.AbstractPoolEntry.open(AbstractPoo
>> lEntry.java:144)
>> at org.apache.http.impl.conn.AbstractPooledConnAdapter.open(Abs
>> tractPooledConnAdapter.java:131)
>> at org.apache.http.impl.client.DefaultRequestDirector.tryConnec
>> t(DefaultRequestDirector.java:611)
>> at org.apache.http.impl.client.DefaultRequestDirector.execute(D
>> efaultRequestDirector.java:446)
>> at org.apache.http.impl.client.AbstractHttpClient.doExecute(Abs
>> tractHttpClient.java:882)
>> at org.apache.http.impl.client.CloseableHttpClient.execute(Clos
>> eableHttpClient.java:82)
>> at org.apache.http.impl.client.CloseableHttpClient.execute(Clos
>> eableHttpClient.java:107)
>> at org.apache.http.impl.client.CloseableHttpClient.execute(Clos
>> eableHttpClient.java:55)
>> at org.keycloak.adapters.HttpAdapterUtils.sendJsonHttpRequest(H
>> ttpAdapterUtils.java:37)
>> ... 52 more
>> 2017-07-25T13:56:29.452564496Z
>> 13:56:29,454 ERROR [org.keycloak.adapters.rotation.AdapterRSATokenVerifier]
>> (default task-12) Didn't find publicKey for kid:
>> RHESicBPoNCwhBnBLEk_8X4ufj5WyuTo20zbzOo4HfQ
>> 13:56:29,454 ERROR [org.keycloak.adapters.BearerTokenRequestAuthenticator]
>> (default task-12) Failed to verify token: org.keycloak.common.VerificationException:
>> Didn't find publicKey for specified kid
>> at org.keycloak.adapters.rotation.AdapterRSATokenVerifier.getPu
>> blicKey(AdapterRSATokenVerifier.java:47)
>> at org.keycloak.adapters.rotation.AdapterRSATokenVerifier.verif
>> yToken(AdapterRSATokenVerifier.java:55)
>> at org.keycloak.adapters.rotation.AdapterRSATokenVerifier.verif
>> yToken(AdapterRSATokenVerifier.java:37)
>> at org.keycloak.adapters.BearerTokenRequestAuthenticator.
>> authenticateToken(BearerTokenRequestAuthenticator.java:87)
>> at org.keycloak.adapters.BearerTokenRequestAuthenticator.
>> authenticate(BearerTokenRequestAuthenticator.java:82)
>> at org.keycloak.adapters.RequestAuthenticator.authenticate(Requ
>> estAuthenticator.java:68)
>> at org.keycloak.adapters.undertow.AbstractUndertowKeycloakAuthM
>> ech.keycloakAuthenticate(AbstractUndertowKeycloakAuthMech.java:110)
>> at org.keycloak.adapters.undertow.ServletKeycloakAuthMech.authe
>> nticate(ServletKeycloakAuthMech.java:92)
>> at io.undertow.security.impl.SecurityContextImpl$AuthAttempter.
>> transition(SecurityContextImpl.java:245)
>> at io.undertow.security.impl.SecurityContextImpl$AuthAttempter.
>> transition(SecurityContextImpl.java:263)
>> at io.undertow.security.impl.SecurityContextImpl$AuthAttempter.
>> access$100(SecurityContextImpl.java:231)
>> at io.undertow.security.impl.SecurityContextImpl.attemptAuthent
>> ication(SecurityContextImpl.java:125)
>> at io.undertow.security.impl.SecurityContextImpl.authTransition
>> (SecurityContextImpl.java:99)
>> at io.undertow.security.impl.SecurityContextImpl.authenticate(S
>> ecurityContextImpl.java:92)
>> at io.undertow.servlet.handlers.security.ServletAuthenticationC
>> allHandler.handleRequest(ServletAuthenticationCallHandler.java:55)
>> at io.undertow.server.handlers.DisableCacheHandler.handleReques
>> t(DisableCacheHandler.java:33)
>> at io.undertow.server.handlers.PredicateHandler.handleRequest(P
>> redicateHandler.java:43)
>> at io.undertow.security.handlers.AuthenticationConstraintHandle
>> r.handleRequest(AuthenticationConstraintHandler.java:53)
>> at io.undertow.security.handlers.AbstractConfidentialityHandler
>> .handleRequest(AbstractConfidentialityHandler.java:46)
>> at io.undertow.servlet.handlers.security.ServletConfidentiality
>> ConstraintHandler.handleRequest(ServletConfident
>> ialityConstraintHandler.java:64)
>> at io.undertow.servlet.handlers.security.ServletSecurityConstra
>> intHandler.handleRequest(ServletSecurityConstraintHandler.java:59)
>> at io.undertow.security.handlers.AuthenticationMechanismsHandle
>> r.handleRequest(AuthenticationMechanismsHandler.java:60)
>> at io.undertow.servlet.handlers.security.CachedAuthenticatedSes
>> sionHandler.handleRequest(CachedAuthenticatedSessionHandler.java:77)
>> at io.undertow.security.handlers.NotificationReceiverHandler.ha
>> ndleRequest(NotificationReceiverHandler.java:50)
>> at io.undertow.security.handlers.AbstractSecurityContextAssocia
>> tionHandler.handleRequest(AbstractSecurityContextAssociation
>> Handler.java:43)
>> at io.undertow.server.handlers.PredicateHandler.handleRequest(P
>> redicateHandler.java:43)
>> at org.wildfly.extension.undertow.security.jacc.JACCContextIdHa
>> ndler.handleRequest(JACCContextIdHandler.java:61)
>> at io.undertow.server.handlers.PredicateHandler.handleRequest(P
>> redicateHandler.java:43)
>> at org.keycloak.adapters.undertow.ServletPreAuthActionsHandler.
>> handleRequest(ServletPreAuthActionsHandler.java:69)
>> at io.undertow.server.handlers.PredicateHandler.handleRequest(P
>> redicateHandler.java:43)
>> at io.undertow.servlet.handlers.ServletInitialHandler.handleFir
>> stRequest(ServletInitialHandler.java:292)
>> at io.undertow.servlet.handlers.ServletInitialHandler.access$10
>> 0(ServletInitialHandler.java:81)
>> at io.undertow.servlet.handlers.ServletInitialHandler$2.call(Se
>> rvletInitialHandler.java:138)
>> at io.undertow.servlet.handlers.ServletInitialHandler$2.call(Se
>> rvletInitialHandler.java:135)
>> at io.undertow.servlet.core.ServletRequestContextThreadSetupAct
>> ion$1.call(ServletRequestContextThreadSetupAction.java:48)
>> at io.undertow.servlet.core.ContextClassLoaderSetupAction$1.
>> call(ContextClassLoaderSetupAction.java:43)
>> at io.undertow.servlet.api.LegacyThreadSetupActionWrapper$1.
>> call(LegacyThreadSetupActionWrapper.java:44)
>> at io.undertow.servlet.api.LegacyThreadSetupActionWrapper$1.
>> call(LegacyThreadSetupActionWrapper.java:44)
>> at io.undertow.servlet.api.LegacyThreadSetupActionWrapper$1.
>> call(LegacyThreadSetupActionWrapper.java:44)
>> at io.undertow.servlet.api.LegacyThreadSetupActionWrapper$1.
>> call(LegacyThreadSetupActionWrapper.java:44)
>> at io.undertow.servlet.api.LegacyThreadSetupActionWrapper$1.
>> call(LegacyThreadSetupActionWrapper.java:44)
>> at io.undertow.servlet.api.LegacyThreadSetupActionWrapper$1.
>> call(LegacyThreadSetupActionWrapper.java:44)
>> at io.undertow.servlet.handlers.ServletInitialHandler.dispatchR
>> equest(ServletInitialHandler.java:272)
>> at io.undertow.servlet.handlers.ServletInitialHandler.access$00
>> 0(ServletInitialHandler.java:81)
>> at io.undertow.servlet.handlers.ServletInitialHandler$1.handleR
>> equest(ServletInitialHandler.java:104)
>> at io.undertow.server.Connectors.executeRootHandler(Connectors.java:202)
>> at io.undertow.server.HttpServerExchange$1.run(HttpServerExchan
>> ge.java:805)
>> at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPool
>> Executor.java:1142)
>> at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoo
>> lExecutor.java:617)
>> at java.lang.Thread.run(Thread.java:748)
>>
>> Is there a way to enhance the log level at the client ( i mean keycloak
>> adapter ) , to see if it is a http connection issue or something else ??
>>
>> Thanks,
>> Rajesh
>>
>> On Tue, Jul 25, 2017 at 7:36 PM, Rajesh Ghosh <ghosh.rajesh at gmail.com>
>> wrote:
>>
>>> Here is the response from curl ---
>>>
>>> $ curl -v http://192.168.99.100:8080/OlpUIFwk2-1.0-SNAPSHOT/services/s
>>> ec/rest/us
>>> erservice/users -H "Authorization: Bearer $KEY"
>>> * Trying 192.168.99.100...
>>> * Connected to 192.168.99.100 (192.168.99.100) port 8080 (#0)
>>> > GET /OlpUIFwk2-1.0-SNAPSHOT/services/sec/rest/userservice/users
>>> HTTP/1.1
>>> > Host: 192.168.99.100:8080
>>> > User-Agent: curl/7.50.1
>>> > Accept: */*
>>> > Authorization: Bearer eyJhbGciOiJSUzI1NiIsInR5cCIgOi
>>> AiSldUIiwia2lkIiA6ICJSSEV
>>> TaWNCUG9OQ3doQm5CTEVrXzhYNHVmajVXeXVUbzIwemJ6T280SGZRIn0.eyJ
>>> qdGkiOiJkNmY2MmM5YS1
>>> hNjAwLTQ4ZmQtYmI3Ny0wMTI1NDQ0YmIzNWMiLCJleHAiOjE1MDA5OTAyNDg
>>> sIm5iZiI6MCwiaWF0Ijo
>>> xNTAwOTg5OTQ4LCJpc3MiOiJodHRwOi8vMTkyLjE2OC45OS4xMDA6MzAwMDE
>>> vYXV0aC9yZWFsbXMvYmt
>>> vZmMiLCJhdWQiOiJia29mYy13ZWIiLCJzdWIiOiIwYTA5MTQ0OC0wNjAyLTQ
>>> 2YmMtOWU4MS05MjE1Zjg
>>> zYjVjOTgiLCJ0eXAiOiJCZWFyZXIiLCJhenAiOiJia29mYy13ZWIiLCJhdXR
>>> oX3RpbWUiOjAsInNlc3N
>>> pb25fc3RhdGUiOiIzMjMxZjQ2Zi0yMjliLTQyZDMtYTQxOS0wODlhMjEzOTZ
>>> lNjciLCJhY3IiOiIxIiw
>>> iY2xpZW50X3Nlc3Npb24iOiI5MjFjYzM2MC03ZTkyLTQ1ZDQtYjdmNy0xNWF
>>> kYTY2NmE4Y2EiLCJhbGx
>>> vd2VkLW9yaWdpbnMiOlsiaHR0cDovLzE5Mi4xNjguOTkuMTAwOjgwODAvIl0
>>> sInJlYWxtX2FjY2VzcyI
>>> 6eyJyb2xlcyI6WyJ1bWFfYXV0aG9yaXphdGlvbiIsInVzZXIiXX0sInJlc29
>>> 1cmNlX2FjY2VzcyI6eyJ
>>> yZWFsbS1tYW5hZ2VtZW50Ijp7InJvbGVzIjpbInZpZXctcmVhbG0iLCJ2aWV
>>> 3LWlkZW50aXR5LXByb3Z
>>> pZGVycyIsIm1hbmFnZS1pZGVudGl0eS1wcm92aWRlcnMiLCJpbXBlcnNvbmF
>>> 0aW9uIiwicmVhbG0tYWR
>>> taW4iLCJjcmVhdGUtY2xpZW50IiwibWFuYWdlLXVzZXJzIiwidmlldy1hdXR
>>> ob3JpemF0aW9uIiwibWF
>>> uYWdlLWV2ZW50cyIsIm1hbmFnZS1yZWFsbSIsInZpZXctZXZlbnRzIiwidml
>>> ldy11c2VycyIsInZpZXc
>>> tY2xpZW50cyIsIm1hbmFnZS1hdXRob3JpemF0aW9uIiwibWFuYWdlLWNsaWV
>>> udHMiXX0sImFjY291bnQ
>>> iOnsicm9sZXMiOlsibWFuYWdlLWFjY291bnQiLCJtYW5hZ2UtYWNjb3VudC1
>>> saW5rcyIsInZpZXctcHJ
>>> vZmlsZSJdfX0sIm5hbWUiOiIiLCJwcmVmZXJyZWRfdXNlcm5hbWUiOiJzdXB
>>> lcmFkbWluIiwiZW1haWw
>>> iOiJ0cmlsaWEudGVjaEBnbWFpbC5jb20ifQ.JCGcaQ-8yYhoOT_DfHvNa5Hv
>>> G3x5WBI3ZcC4WEcBA3NU
>>> L-mQdUhU1aEK9G5VulcRbMeYp9f_rFnFip-N9g3JwPGhR6ozgwdXlI09JAjM
>>> 6zLk7cy0UKig5ghHX1-g
>>> Xb5EHChzhmGI_xtV77t9dcKBjW4V3f7eFwDmCMyWj8bqyoFMDTIp_Gz67Wt1
>>> iUXAaCZ5fIdXs3epdG82
>>> NhJrjQsIKiYGzUg9JY2Dkvg_tHGHESN85KsW2TNj8Jd0CuS-cF0rOqx82poh
>>> W6RQMAZmGyMVofsxH_uR
>>> rEbvpmI_ofkAUF6qCuLDD7idZC_j1ARXH-EOWxHgnSEDXc6SF2aAegmCpw
>>> >
>>> < HTTP/1.1 401 Unauthorized
>>> < Expires: 0
>>> < Cache-Control: no-cache, no-store, must-revalidate
>>> < X-Powered-By: Undertow/1
>>> < Server: WildFly/10
>>> < Pragma: no-cache
>>> < Date: Tue, 25 Jul 2017 14:04:31 GMT
>>> < Connection: keep-alive
>>> < WWW-Authenticate: Bearer realm="bkofc", error="invalid_token",
>>> error_description="Didn't find publicKey for specified kid"
>>> < Content-Type: text/html;charset=UTF-8
>>> < Content-Length: 71
>>> <
>>> * Connection #0 to host 192.168.99.100 left intact
>>> <html><head><title>Error</title></head><body>Unauthorized</body></html>$
>>> $
>>>
>>> Thanks,
>>> Rajesh
>>>
>>> On Tue, Jul 25, 2017 at 7:30 PM, Rajesh Ghosh <ghosh.rajesh at gmail.com>
>>> wrote:
>>>
>>>> Sure. I was using postman to invoke the service. This is the command
>>>> used by postman --
>>>>
>>>> ------------------------------------------------------------
>>>> ------------
>>>>
>>>> GET /OlpUIFwk2-1.0-SNAPSHOT/services/sec/rest/userservice/users
>>>> HTTP/1.1
>>>> Host: 192.168.99.100:8080
>>>> Authorization: Bearer eyJhbGciOiJSUzI1NiIsInR5cCIgO
>>>> iAiSldUIiwia2lkIiA6ICJSSEVTaWNCUG9OQ3doQm5CTEVrXzhYNHVmajVXe
>>>> XVUbzIwemJ6T280SGZRIn0.eyJqdGkiOiJkNmY2MmM5YS1hNjAwLTQ4ZmQtY
>>>> mI3Ny0wMTI1NDQ0YmIzNWMiLCJleHAiOjE1MDA5OTAyNDgsIm5iZiI6MCwia
>>>> WF0IjoxNTAwOTg5OTQ4LCJpc3MiOiJodHRwOi8vMTkyLjE2OC45OS4xMDA6M
>>>> zAwMDEvYXV0aC9yZWFsbXMvYmtvZmMiLCJhdWQiOiJia29mYy13ZWIiLCJzd
>>>> WIiOiIwYTA5MTQ0OC0wNjAyLTQ2YmMtOWU4MS05MjE1ZjgzYjVjOTgiLCJ0e
>>>> XAiOiJCZWFyZXIiLCJhenAiOiJia29mYy13ZWIiLCJhdXRoX3RpbWUiOjAsI
>>>> nNlc3Npb25fc3RhdGUiOiIzMjMxZjQ2Zi0yMjliLTQyZDMtYTQxOS0wODlhM
>>>> jEzOTZlNjciLCJhY3IiOiIxIiwiY2xpZW50X3Nlc3Npb24iOiI5MjFjYzM2M
>>>> C03ZTkyLTQ1ZDQtYjdmNy0xNWFkYTY2NmE4Y2EiLCJhbGxvd2VkLW9yaWdpb
>>>> nMiOlsiaHR0cDovLzE5Mi4xNjguOTkuMTAwOjgwODAvIl0sInJlYWxtX2FjY
>>>> 2VzcyI6eyJyb2xlcyI6WyJ1bWFfYXV0aG9yaXphdGlvbiIsInVzZXIiXX0sI
>>>> nJlc291cmNlX2FjY2VzcyI6eyJyZWFsbS1tYW5hZ2VtZW50Ijp7InJvbGVzI
>>>> jpbInZpZXctcmVhbG0iLCJ2aWV3LWlkZW50aXR5LXByb3ZpZGVycyIsIm1hb
>>>> mFnZS1pZGVudGl0eS1wcm92aWRlcnMiLCJpbXBlcnNvbmF0aW9uIiwicmVhb
>>>> G0tYWRtaW4iLCJjcmVhdGUtY2xpZW50IiwibWFuYWdlLXVzZXJzIiwidmlld
>>>> y1hdXRob3JpemF0aW9uIiwibWFuYWdlLWV2ZW50cyIsIm1hbmFnZS1yZWFsb
>>>> SIsInZpZXctZXZlbnRzIiwidmlldy11c2VycyIsInZpZXctY2xpZW50cyIsI
>>>> m1hbmFnZS1hdXRob3JpemF0aW9uIiwibWFuYWdlLWNsaWVudHMiXX0sImFjY
>>>> 291bnQiOnsicm9sZXMiOlsibWFuYWdlLWFjY291bnQiLCJtYW5hZ2UtYWNjb
>>>> 3VudC1saW5rcyIsInZpZXctcHJvZmlsZSJdfX0sIm5hbWUiOiIiLCJwcmVmZ
>>>> XJyZWRfdXNlcm5hbWUiOiJzdXBlcmFkbWluIiwiZW1haWwiOiJ0cmlsaWEud
>>>> GVjaEBnbWFpbC5jb20ifQ.JCGcaQ-8yYhoOT_DfHvNa5HvG3x5WBI3ZcC4WE
>>>> cBA3NUL-mQdUhU1aEK9G5VulcRbMeYp9f_rFnFip-N9g3JwPGhR6ozgwdXlI
>>>> 09JAjM6zLk7cy0UKig5ghHX1-gXb5EHChzhmGI_xtV77t9dcKBjW4V3
>>>> f7eFwDmCMyWj8bqyoFMDTIp_Gz67Wt1iUXAaCZ5fIdXs3epdG82NhJ
>>>> rjQsIKiYGzUg9JY2Dkvg_tHGHESN85KsW2TNj8Jd0CuS-cF0rOq
>>>> x82pohW6RQMAZmGyMVofsxH_uRrEbvpmI_ofkAUF6qCuLDD7idZC_j1ARXH-
>>>> EOWxHgnSEDXc6SF2aAegmCpw
>>>> Cache-Control: no-cache
>>>> Postman-Token: d378eefe-82c8-9c3d-0140-ef56c62f9b97
>>>>
>>>>
>>>> ------------------------------------------------------------
>>>> ---------------
>>>>
>>>> The "userservice" is my own service for other attributes of users. I
>>>> also made sure that the service executes without the security.
>>>>
>>>> Thanks,
>>>> Rajesh
>>>>
>>>>
>>>> On Tue, Jul 25, 2017 at 7:24 PM, Sebastien Blanc <sblanc at redhat.com>
>>>> wrote:
>>>>
>>>>> Okay, to have the complete picture could paste the command you issue
>>>>> to call your REST service ?
>>>>>
>>>>>
>>>>> On Tue, Jul 25, 2017 at 3:50 PM, Rajesh Ghosh <ghosh.rajesh at gmail.com>
>>>>> wrote:
>>>>>
>>>>>> Sebastien,
>>>>>>
>>>>>> Here is a token response -
>>>>>>
>>>>>> {
>>>>>> "access_token": "eyJhbGciOiJSUzI1NiIsInR5cCIgO
>>>>>> iAiSldUIiwia2lkIiA6ICJSSEVTaWNCUG9OQ3doQm5CTEVrXzhYNHVmajVXe
>>>>>> XVUbzIwemJ6T280SGZRIn0.eyJqdGkiOiJkNmY2MmM5YS1hNjAwLTQ4ZmQtY
>>>>>> mI3Ny0wMTI1NDQ0YmIzNWMiLCJleHAiOjE1MDA5OTAyNDgsIm5iZiI6MCwia
>>>>>> WF0IjoxNTAwOTg5OTQ4LCJpc3MiOiJodHRwOi8vMTkyLjE2OC45OS4xMDA6M
>>>>>> zAwMDEvYXV0aC9yZWFsbXMvYmtvZmMiLCJhdWQiOiJia29mYy13ZWIiLCJzd
>>>>>> WIiOiIwYTA5MTQ0OC0wNjAyLTQ2YmMtOWU4MS05MjE1ZjgzYjVjOTgiLCJ0e
>>>>>> XAiOiJCZWFyZXIiLCJhenAiOiJia29mYy13ZWIiLCJhdXRoX3RpbWUiOjAsI
>>>>>> nNlc3Npb25fc3RhdGUiOiIzMjMxZjQ2Zi0yMjliLTQyZDMtYTQxOS0wODlhM
>>>>>> jEzOTZlNjciLCJhY3IiOiIxIiwiY2xpZW50X3Nlc3Npb24iOiI5MjFjYzM2M
>>>>>> C03ZTkyLTQ1ZDQtYjdmNy0xNWFkYTY2NmE4Y2EiLCJhbGxvd2VkLW9yaWdpb
>>>>>> nMiOlsiaHR0cDovLzE5Mi4xNjguOTkuMTAwOjgwODAvIl0sInJlYWxtX2FjY
>>>>>> 2VzcyI6eyJyb2xlcyI6WyJ1bWFfYXV0aG9yaXphdGlvbiIsInVzZXIiXX0sI
>>>>>> nJlc291cmNlX2FjY2VzcyI6eyJyZWFsbS1tYW5hZ2VtZW50Ijp7InJvbGVzI
>>>>>> jpbInZpZXctcmVhbG0iLCJ2aWV3LWlkZW50aXR5LXByb3ZpZGVycyIsIm1hb
>>>>>> mFnZS1pZGVudGl0eS1wcm92aWRlcnMiLCJpbXBlcnNvbmF0aW9uIiwicmVhb
>>>>>> G0tYWRtaW4iLCJjcmVhdGUtY2xpZW50IiwibWFuYWdlLXVzZXJzIiwidmlld
>>>>>> y1hdXRob3JpemF0aW9uIiwibWFuYWdlLWV2ZW50cyIsIm1hbmFnZS1yZWFsb
>>>>>> SIsInZpZXctZXZlbnRzIiwidmlldy11c2VycyIsInZpZXctY2xpZW50cyIsI
>>>>>> m1hbmFnZS1hdXRob3JpemF0aW9uIiwibWFuYWdlLWNsaWVudHMiXX0sImFjY
>>>>>> 291bnQiOnsicm9sZXMiOlsibWFuYWdlLWFjY291bnQiLCJtYW5hZ2UtYWNjb
>>>>>> 3VudC1saW5rcyIsInZpZXctcHJvZmlsZSJdfX0sIm5hbWUiOiIiLCJwcmVmZ
>>>>>> XJyZWRfdXNlcm5hbWUiOiJzdXBlcmFkbWluIiwiZW1haWwiOiJ0cmlsaWEud
>>>>>> GVjaEBnbWFpbC5jb20ifQ.JCGcaQ-8yYhoOT_DfHvNa5HvG3x5WBI3ZcC4WE
>>>>>> cBA3NUL-mQdUhU1aEK9G5VulcRbMeYp9f_rFnFip-N9g3JwPGhR6ozgwdXlI
>>>>>> 09JAjM6zLk7cy0UKig5ghHX1-gXb5EHChzhmGI_xtV77t9dcKBjW4V3f7eFw
>>>>>> DmCMyWj8bqyoFMDTIp_Gz67Wt1iUXAaCZ5fIdXs3epdG82NhJrjQsIKiYGzU
>>>>>> g9JY2Dkvg_tHGHESN85KsW2TNj8Jd0CuS-cF0rOqx82pohW6RQMAZmGyMVof
>>>>>> sxH_uRrEbvpmI_ofkAUF6qCuLDD7idZC_j1ARXH-EOWxHgnSEDXc6SF2aAegmCpw",
>>>>>> "expires_in": 300,
>>>>>> "refresh_expires_in": 1800,
>>>>>> "refresh_token": "eyJhbGciOiJSUzI1NiIsInR5cCIgO
>>>>>> iAiSldUIiwia2lkIiA6ICJSSEVTaWNCUG9OQ3doQm5CTEVrXzhYNHVmajVXe
>>>>>> XVUbzIwemJ6T280SGZRIn0.eyJqdGkiOiIyYzE4ZjkxYi0yMDljLTQwY2ItY
>>>>>> TE5OS02NGIwZTEyYjRkOGIiLCJleHAiOjE1MDA5OTE3NDgsIm5iZiI6MCwia
>>>>>> WF0IjoxNTAwOTg5OTQ4LCJpc3MiOiJodHRwOi8vMTkyLjE2OC45OS4xMDA6M
>>>>>> zAwMDEvYXV0aC9yZWFsbXMvYmtvZmMiLCJhdWQiOiJia29mYy13ZWIiLCJzd
>>>>>> WIiOiIwYTA5MTQ0OC0wNjAyLTQ2YmMtOWU4MS05MjE1ZjgzYjVjOTgiLCJ0e
>>>>>> XAiOiJSZWZyZXNoIiwiYXpwIjoiYmtvZmMtd2ViIiwiYXV0aF90aW1lIjowL
>>>>>> CJzZXNzaW9uX3N0YXRlIjoiMzIzMWY0NmYtMjI5Yi00MmQzLWE0MTktMDg5Y
>>>>>> TIxMzk2ZTY3IiwiY2xpZW50X3Nlc3Npb24iOiI5MjFjYzM2MC03ZTkyLTQ1Z
>>>>>> DQtYjdmNy0xNWFkYTY2NmE4Y2EiLCJyZWFsbV9hY2Nlc3MiOnsicm9sZXMiO
>>>>>> lsidW1hX2F1dGhvcml6YXRpb24iLCJ1c2VyIl19LCJyZXNvdXJjZV9hY2Nlc
>>>>>> 3MiOnsicmVhbG0tbWFuYWdlbWVudCI6eyJyb2xlcyI6WyJ2aWV3LXJlYWxtI
>>>>>> iwidmlldy1pZGVudGl0eS1wcm92aWRlcnMiLCJtYW5hZ2UtaWRlbnRpdHktc
>>>>>> HJvdmlkZXJzIiwiaW1wZXJzb25hdGlvbiIsInJlYWxtLWFkbWluIiwiY3JlY
>>>>>> XRlLWNsaWVudCIsIm1hbmFnZS11c2VycyIsInZpZXctYXV0aG9yaXphdGlvb
>>>>>> iIsIm1hbmFnZS1ldmVudHMiLCJtYW5hZ2UtcmVhbG0iLCJ2aWV3LWV2ZW50c
>>>>>> yIsInZpZXctdXNlcnMiLCJ2aWV3LWNsaWVudHMiLCJtYW5hZ2UtYXV0aG9ya
>>>>>> XphdGlvbiIsIm1hbmFnZS1jbGllbnRzIl19LCJhY2NvdW50Ijp7InJvbGVzI
>>>>>> jpbIm1hbmFnZS1hY2NvdW50IiwibWFuYWdlLWFjY291bnQtbGlua3MiLCJ2a
>>>>>> WV3LXByb2ZpbGUiXX19fQ.Uz0rqNlj09T_SdnfZK9ZxBcJ5EIEwwHCN5VwKI
>>>>>> hIF6Ua32fDlf1UvZSoZTmr5jiHeiwpp4JALWGTXsda4p-PlzMvwmMN5Qp46-
>>>>>> EXGJQkqH4NNqZ1W_1mRGySYokQCSkmdvAZPFGrqxpeb1seuKgaaiXXMsrvai
>>>>>> ucFCa8H599Ox6QRE3MkoLmm8w7_08kPG1_JjXIviHtwoWgsb0zCcMPyHRdCv
>>>>>> _rs6FIoTQiCRZ2joaXSvIsmVAkchgZbeB-_RSWzlk3_oaOCQw7OWZJRqnAdG
>>>>>> gDnL5jCCRLTVFnPo9TqKrt88h3fKkVuNuI8Y06sZ1If8wgSWRDRLUf0X8sampLww",
>>>>>> "token_type": "bearer",
>>>>>> "id_token": "eyJhbGciOiJSUzI1NiIsInR5cCIgO
>>>>>> iAiSldUIiwia2lkIiA6ICJSSEVTaWNCUG9OQ3doQm5CTEVrXzhYNHVmajVXe
>>>>>> XVUbzIwemJ6T280SGZRIn0.eyJqdGkiOiI2ZDJkNWMxNS01YmE3LTRhNTgtO
>>>>>> TJkNC0wNGU0NTkyMjNkNGYiLCJleHAiOjE1MDA5OTAyNDgsIm5iZiI6MCwia
>>>>>> WF0IjoxNTAwOTg5OTQ4LCJpc3MiOiJodHRwOi8vMTkyLjE2OC45OS4xMDA6M
>>>>>> zAwMDEvYXV0aC9yZWFsbXMvYmtvZmMiLCJhdWQiOiJia29mYy13ZWIiLCJzd
>>>>>> WIiOiIwYTA5MTQ0OC0wNjAyLTQ2YmMtOWU4MS05MjE1ZjgzYjVjOTgiLCJ0e
>>>>>> XAiOiJJRCIsImF6cCI6ImJrb2ZjLXdlYiIsImF1dGhfdGltZSI6MCwic2Vzc
>>>>>> 2lvbl9zdGF0ZSI6IjMyMzFmNDZmLTIyOWItNDJkMy1hNDE5LTA4OWEyMTM5N
>>>>>> mU2NyIsImFjciI6IjEiLCJuYW1lIjoiIiwicHJlZmVycmVkX3VzZXJuYW1lI
>>>>>> joic3VwZXJhZG1pbiIsImVtYWlsIjoidHJpbGlhLnRlY2hAZ21haWwuY29tI
>>>>>> n0.eFVxG7MImPS4yCEiLOzhvZ5M_XjRWuHJlt_T4r3djak7sH_XOXUmHAuih
>>>>>> xXrm7HLv8DU3OzHpN3FinOWufOdTCv9Ywww0DRq4ha1M7dodqMuv1H5d3XVB
>>>>>> n_kuHK68zWRI3t9WI4ZNeaEU0whLSnBqcbJ54dQrBloUPS4bpYG-BqfSNYs6
>>>>>> bG8cyJHQ4_FRpAi3X9qWOCwaPrZ5Z_vQfNbYcgIfON_puN8QfRxihg90KQYO
>>>>>> p4lJpU5JqeaVmYp9eOYTb5iQzOuLWDXenyIBmvT_K84HZKh8t5eWsqH01st-
>>>>>> Ls7uJcNAUM9PXRM7JswCjhouuQGBM6dn5iICoL00acuxg",
>>>>>> "not-before-policy": 0,
>>>>>> "session_state": "3231f46f-229b-42d3-a419-089a21396e67"
>>>>>> }
>>>>>>
>>>>>>
>>>>>> I checked it in jwt.io . The kid is same as the "rsa-generated" one,
>>>>>> shown in the screen shot I shared yesterday. Although jwt complained as
>>>>>> "Invalid Signature" .
>>>>>>
>>>>>>
>>>>>> Thomas, the connectivity should not be an issue as I am able to get
>>>>>> the access token from my app wildfly server using curl. So keycloak is
>>>>>> reachable from my wildfly server. Anything specific you did to resolve your
>>>>>> issue ?
>>>>>>
>>>>>> Regards,
>>>>>> Rajesh
>>>>>>
>>>>>> On Tue, Jul 25, 2017 at 11:12 AM, Sebastien Blanc <sblanc at redhat.com>
>>>>>> wrote:
>>>>>>
>>>>>>> This looks all correct. Could you try paste your access token or
>>>>>>> even check it your self on jwt.io to see if the kid is present ?
>>>>>>>
>>>>>>>
>>>>>>> On Mon, Jul 24, 2017 at 6:47 PM, Rajesh Ghosh <
>>>>>>> ghosh.rajesh at gmail.com> wrote:
>>>>>>>
>>>>>>>> Sebastien,
>>>>>>>>
>>>>>>>> I am attaching a pdf containing the screen shots. Few more points
>>>>>>>> I wanted to mention.
>>>>>>>>
>>>>>>>> i) I didn't install the public client -- "bkofc-web" in the
>>>>>>>> wildfly container which hosts my REST services. I did it for "bkofc-svc"
>>>>>>>> client which is bearer only. I hope that is the correct approach.
>>>>>>>> ii) Both keycloak and my application are running on docker
>>>>>>>> containers locally in my laptop.
>>>>>>>>
>>>>>>>> Let me know if you need anything else to analyze.
>>>>>>>>
>>>>>>>> Thanks,
>>>>>>>> Rajesh
>>>>>>>>
>>>>>>>>
>>>>>>>> On Mon, Jul 24, 2017 at 9:13 PM, Sebastien Blanc <sblanc at redhat.com
>>>>>>>> > wrote:
>>>>>>>>
>>>>>>>>> yes please
>>>>>>>>>
>>>>>>>>> On Mon, Jul 24, 2017 at 4:54 PM, Rajesh Ghosh <
>>>>>>>>> ghosh.rajesh at gmail.com> wrote:
>>>>>>>>>
>>>>>>>>>> Yes definitely. I did replace it with the actual war name. Let me
>>>>>>>>>> know if you would like me to paste screen shots of realm configurations,
>>>>>>>>>> client configurations.
>>>>>>>>>>
>>>>>>>>>> Thanks,
>>>>>>>>>> Rajesh
>>>>>>>>>>
>>>>>>>>>> On Mon, Jul 24, 2017 at 8:12 PM, Sebastien Blanc <
>>>>>>>>>> sblanc at redhat.com> wrote:
>>>>>>>>>>
>>>>>>>>>>> Ok and for :
>>>>>>>>>>> <secure-deployment name="my war file.war">
>>>>>>>>>>>
>>>>>>>>>>> Did you replace that with the actual name of your war file ?
>>>>>>>>>>>
>>>>>>>>>>> On Mon, Jul 24, 2017 at 4:35 PM, Rajesh Ghosh <
>>>>>>>>>>> ghosh.rajesh at gmail.com> wrote:
>>>>>>>>>>>
>>>>>>>>>>>> Hello Sebastien,
>>>>>>>>>>>>
>>>>>>>>>>>> I am using 3.1.0.Final build.
>>>>>>>>>>>>
>>>>>>>>>>>> Thanks,
>>>>>>>>>>>> Rajesh
>>>>>>>>>>>>
>>>>>>>>>>>> On Mon, Jul 24, 2017 at 7:56 PM, Sebastien Blanc <
>>>>>>>>>>>> sblanc at redhat.com> wrote:
>>>>>>>>>>>>
>>>>>>>>>>>>> Which version of Keycloak are you using ?
>>>>>>>>>>>>>
>>>>>>>>>>>>> On Mon, Jul 24, 2017 at 3:15 PM, Rajesh Ghosh <
>>>>>>>>>>>>> ghosh.rajesh at gmail.com> wrote:
>>>>>>>>>>>>>
>>>>>>>>>>>>>> Hi,
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> I am trying to secure my REST services using the method
>>>>>>>>>>>>>> described in the
>>>>>>>>>>>>>> document --
>>>>>>>>>>>>>>
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> http://blog.keycloak.org/2015/10/getting-started-with-keyclo
>>>>>>>>>>>>>> ak-securing.html
>>>>>>>>>>>>>>
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> I am securing my war using JBoss subsystem , instead of
>>>>>>>>>>>>>> per-war option. The
>>>>>>>>>>>>>> relevant sections from my standalone.xml are posted below.
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> <extensions>
>>>>>>>>>>>>>> ......
>>>>>>>>>>>>>> <extension module="org.keycloak.keycloak-
>>>>>>>>>>>>>> adapter-subsystem"/>
>>>>>>>>>>>>>> </extensions>
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> <security-domains>
>>>>>>>>>>>>>> .....
>>>>>>>>>>>>>> <security-domain name="keycloak">
>>>>>>>>>>>>>> <authentication>
>>>>>>>>>>>>>> <login-module
>>>>>>>>>>>>>> code="org.keycloak.adapters.jboss.KeycloakLoginModule"
>>>>>>>>>>>>>> flag="required"/>
>>>>>>>>>>>>>> </authentication>
>>>>>>>>>>>>>> </security-domain>
>>>>>>>>>>>>>> </security-domains>
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> <subsystem xmlns="urn:jboss:domain:keycloak:1.1">
>>>>>>>>>>>>>> <secure-deployment name="my war file.war">
>>>>>>>>>>>>>> <realm>bkofc</realm>
>>>>>>>>>>>>>> <resource>bkofc-svc</resource>
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> <use-resource-role-mappings>true</use-resource-role-mappings>
>>>>>>>>>>>>>> <bearer-only>true</bearer-only>
>>>>>>>>>>>>>> <auth-server-url>http://192.16
>>>>>>>>>>>>>> 8.99.100/30001/auth
>>>>>>>>>>>>>> </auth-server-url>
>>>>>>>>>>>>>> <ssl-required>none</ssl-required>
>>>>>>>>>>>>>> <credential
>>>>>>>>>>>>>> name="secret">9bcc6d9f-9c72-4b58-b297-79f0f207d9e1</credenti
>>>>>>>>>>>>>> al>
>>>>>>>>>>>>>> </secure-deployment>
>>>>>>>>>>>>>> </subsystem>
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> I am able to obtain the access token.
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> curl -i curl --data
>>>>>>>>>>>>>> "grant_type=password&client_id=bkofc-web&username=user&passw
>>>>>>>>>>>>>> ord=password"
>>>>>>>>>>>>>> http://192.168.99.100:30001/auth/realms/bkofc/protocol/openi
>>>>>>>>>>>>>> d-connect/token
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> Note:- I have created 2 clients -- i) bkofc-svc which is
>>>>>>>>>>>>>> bearer only, for
>>>>>>>>>>>>>> my REST services ii) bkofc-web , a public client to simulate
>>>>>>>>>>>>>> UI login
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> However when I try to use the access token to invoke a
>>>>>>>>>>>>>> service, I am
>>>>>>>>>>>>>> getting the error -
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> Status: 401
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> WWW-Authenticate Bearer realm="bkofc", error="invalid_token",
>>>>>>>>>>>>>> error_description="Didn't find publicKey for specified kid"
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> Please let me know if I am missing something here. I have
>>>>>>>>>>>>>> been breaking my
>>>>>>>>>>>>>> head last few days without any luck ! I have also tried
>>>>>>>>>>>>>> rotating the realm
>>>>>>>>>>>>>> keys.
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> Thanks,
>>>>>>>>>>>>>> Rajesh
>>>>>>>>>>>>>> _______________________________________________
>>>>>>>>>>>>>> keycloak-user mailing list
>>>>>>>>>>>>>> keycloak-user at lists.jboss.org
>>>>>>>>>>>>>> https://lists.jboss.org/mailman/listinfo/keycloak-user
>>>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>
>>>>>>>>
>>>>>>>
>>>>>>
>>>>>
>>>>
>>>
>>
>
More information about the keycloak-user
mailing list