[keycloak-user] Failed to verify token: org.keycloak.common.VerificationException: Invalid token issuer after upgrade

Darrell Wu darrell at 1placeonline.com
Wed Sep 27 00:25:56 EDT 2017 

Hi,

I've upgraded from keycloak 1.9.8 to keycloak 3.2.1 and now i'm getting the
following error when i access my protected application.

Failed to verify token: org.keycloak.common.VerificationException: Invalid
token issuer. Expected 'http://localhost:8180/realms/1Place', but was '
https://192.168.10.19:8543/realms/1Place'

I've configured  keycloak to use a self signed certificate against by PC ip
address.  The admin console is using the address.
https://192.168.10.19:8543/

I'm not sure where it is picking up http://localhost:8180/realms/1Place
since you can't access the admin console against that address and i
couldn't find anywhere in the console where
http://localhost:8180/realms/1Place is used.

Does anyone have any ideas?

Thanks in Advance
Darrell


Here is the stack trace
Failed to verify token: org.keycloak.common.VerificationException: Invalid
token issuer. Expected 'http://localhost:8180/realms
/1Place', but was 'https://192.168.10.19:8543/realms/1Place'
    at org.keycloak.TokenVerifier$RealmUrlCheck.test(TokenVerifier.java:109)
    at org.keycloak.TokenVerifier.verify(TokenVerifier.java:371)
    at org.keycloak.RSATokenVerifier.verify(RSATokenVerifier.java:89)
    at
org.keycloak.adapters.rotation.AdapterRSATokenVerifier.verifyToken(AdapterRSATokenVerifier.java:56)
    at
org.keycloak.adapters.rotation.AdapterRSATokenVerifier.verifyToken(AdapterRSATokenVerifier.java:37)
    at
org.keycloak.adapters.BearerTokenRequestAuthenticator.authenticateToken(BearerTokenRequestAuthenticator.java:87)
    at
org.keycloak.adapters.BearerTokenRequestAuthenticator.authenticate(BearerTokenRequestAuthenticator.java:82)
    at
org.keycloak.adapters.RequestAuthenticator.authenticate(RequestAuthenticator.java:68)
    at
org.keycloak.adapters.undertow.AbstractUndertowKeycloakAuthMech.keycloakAuthenticate(AbstractUndertowKeycloakAuthMech.java:110)
    at
org.keycloak.adapters.undertow.ServletKeycloakAuthMech.authenticate(ServletKeycloakAuthMech.java:92)
    at
io.undertow.security.impl.SecurityContextImpl$AuthAttempter.transition(SecurityContextImpl.java:233)
    at
io.undertow.security.impl.SecurityContextImpl$AuthAttempter.transition(SecurityContextImpl.java:250)
    at
io.undertow.security.impl.SecurityContextImpl$AuthAttempter.access$100(SecurityContextImpl.java:219)
    at
io.undertow.security.impl.SecurityContextImpl.attemptAuthentication(SecurityContextImpl.java:121)





-- 
Darrell Wu
1Place International Limited
P.O. Box 125152, St Heliers, Auckland 1740, New Zealand
Level 5, 1 Queen Street, Auckland 1010, New Zealand
Phone: +64 9 5200612 ext 521 | Mob: +64 21 262 4898 | Fax: +64 9 5246203
Email: darrell at 1placeonline.com | Web: www.1placeonline.com

More information about the keycloak-user mailing list