[keycloak-user] Hitting error -- "Didn't find publicKey for specified kid"

Rajesh Ghosh ghosh.rajesh at gmail.com
Mon Jul 24 12:47:58 EDT 2017 

Sebastien,

I am attaching a pdf containing the screen shots.  Few more points I wanted
to mention.

i)  I didn't install the public client  -- "bkofc-web"  in the wildfly
container which hosts my REST services. I did it for  "bkofc-svc"  client
which is bearer only. I hope that is the correct approach.
ii)  Both keycloak and my application are running on docker containers
locally in my laptop.

Let me know if you need anything else to analyze.

Thanks,
Rajesh


On Mon, Jul 24, 2017 at 9:13 PM, Sebastien Blanc <sblanc at redhat.com> wrote:

> yes please
>
> On Mon, Jul 24, 2017 at 4:54 PM, Rajesh Ghosh <ghosh.rajesh at gmail.com>
> wrote:
>
>> Yes definitely. I did replace it with the actual war name. Let me know if
>> you would like me to paste screen shots of realm configurations, client
>> configurations.
>>
>> Thanks,
>> Rajesh
>>
>> On Mon, Jul 24, 2017 at 8:12 PM, Sebastien Blanc <sblanc at redhat.com>
>> wrote:
>>
>>> Ok and for :
>>> <secure-deployment name="my war file.war">
>>>
>>> Did you replace that with the actual name of your war file ?
>>>
>>> On Mon, Jul 24, 2017 at 4:35 PM, Rajesh Ghosh <ghosh.rajesh at gmail.com>
>>> wrote:
>>>
>>>> Hello Sebastien,
>>>>
>>>> I am using 3.1.0.Final build.
>>>>
>>>> Thanks,
>>>> Rajesh
>>>>
>>>> On Mon, Jul 24, 2017 at 7:56 PM, Sebastien Blanc <sblanc at redhat.com>
>>>> wrote:
>>>>
>>>>> Which version of Keycloak are you using ?
>>>>>
>>>>> On Mon, Jul 24, 2017 at 3:15 PM, Rajesh Ghosh <ghosh.rajesh at gmail.com>
>>>>> wrote:
>>>>>
>>>>>> Hi,
>>>>>>
>>>>>> I am trying to secure my REST services using the method described in
>>>>>> the
>>>>>> document --
>>>>>>
>>>>>>
>>>>>> http://blog.keycloak.org/2015/10/getting-started-with-keyclo
>>>>>> ak-securing.html
>>>>>>
>>>>>>
>>>>>> I am securing my war using JBoss subsystem , instead of per-war
>>>>>> option. The
>>>>>> relevant sections from my standalone.xml  are posted below.
>>>>>>
>>>>>>     <extensions>
>>>>>>          ......
>>>>>>         <extension module="org.keycloak.keycloak-adapter-subsystem"/>
>>>>>>     </extensions>
>>>>>>
>>>>>>          <security-domains>
>>>>>>                 .....
>>>>>>                 <security-domain name="keycloak">
>>>>>>                     <authentication>
>>>>>>                         <login-module
>>>>>> code="org.keycloak.adapters.jboss.KeycloakLoginModule"
>>>>>> flag="required"/>
>>>>>>                     </authentication>
>>>>>>                 </security-domain>
>>>>>>             </security-domains>
>>>>>>
>>>>>>         <subsystem xmlns="urn:jboss:domain:keycloak:1.1">
>>>>>>             <secure-deployment name="my war file.war">
>>>>>>                 <realm>bkofc</realm>
>>>>>>                 <resource>bkofc-svc</resource>
>>>>>>
>>>>>> <use-resource-role-mappings>true</use-resource-role-mappings>
>>>>>>                 <bearer-only>true</bearer-only>
>>>>>>                 <auth-server-url>http://192.168.99.100/30001/auth
>>>>>> </auth-server-url>
>>>>>>                 <ssl-required>none</ssl-required>
>>>>>>                 <credential
>>>>>> name="secret">9bcc6d9f-9c72-4b58-b297-79f0f207d9e1</credential>
>>>>>>             </secure-deployment>
>>>>>>         </subsystem>
>>>>>>
>>>>>> I am able to obtain the access token.
>>>>>>
>>>>>> curl -i  curl --data
>>>>>> "grant_type=password&client_id=bkofc-web&username=user&passw
>>>>>> ord=password"
>>>>>> http://192.168.99.100:30001/auth/realms/bkofc/protocol/openi
>>>>>> d-connect/token
>>>>>>
>>>>>> Note:- I have created 2 clients -- i)  bkofc-svc which is bearer
>>>>>> only, for
>>>>>> my REST services  ii) bkofc-web , a public client to simulate UI login
>>>>>>
>>>>>> However when I try to use the access token to invoke a service, I am
>>>>>> getting the error -
>>>>>>
>>>>>> Status: 401
>>>>>>
>>>>>> WWW-Authenticate Bearer realm="bkofc", error="invalid_token",
>>>>>> error_description="Didn't find publicKey for specified kid"
>>>>>>
>>>>>> Please let me know if I am missing something here. I have been
>>>>>> breaking my
>>>>>> head last few days without any luck !  I have also tried rotating the
>>>>>> realm
>>>>>> keys.
>>>>>>
>>>>>> Thanks,
>>>>>> Rajesh
>>>>>> _______________________________________________
>>>>>> keycloak-user mailing list
>>>>>> keycloak-user at lists.jboss.org
>>>>>> https://lists.jboss.org/mailman/listinfo/keycloak-user
>>>>>>
>>>>>
>>>>>
>>>>
>>>
>>
>

More information about the keycloak-user mailing list