[keycloak-user] Keycloak JWT modification and logging

vrinda nayak vrinda.nayak at j4care.com
Fri Apr 13 06:06:23 EDT 2018


Hello All,

Please is there any way to change the value of 'aud' parameter in JWT
token. The token that I get back using curl, shows that the value of this
parameter is always the 'client_id'.

Just for background: The test case is :
-> Auth_Client logs in with 'BadUser' and requests for token (Auth_Client
is configured as a Client in Keycloak and is of type 'public')
-> Keycloak sends back token with 'aud' parameter containing URI of unknown
resource
-> Auth_Client incorporates 'BadUser' token received into transaction to
Resource_Server (Resource_Server is also configured as a Client in Keycloak
and is of type 'bearer-only')
-> Resource_Server checks token and *should* deny access to requested
resource (which is unknown to Resource_server) with 401-Unauthorized

Also, I have tried enabling the 'Authorization Flow Enabled' and added
Resource/Permission/Policy and Policy Enforcement Mode is default
(Enforcing) referring to
*https://www.keycloak.org/docs/3.0/authorization_services/topics/resource-server/enable-authorization.html
<https://www.keycloak.org/docs/3.0/authorization_services/topics/resource-server/enable-authorization.html>*
- This information does not seem to be sent in the token from Keycloak
(when checked with curl).
- When used with our application I get 'Forbidden' for all users, even when
the User Policy was created only for 'BadUser'.
- The Auth_Client (which was 'public' type) gets automatically changed to
'confidential' type. Is this intended?

Thanks in advance.

Vrinda

On Wed, Apr 11, 2018 at 11:44 AM, vrinda nayak <vrinda.nayak at j4care.com>
wrote:

> Hello All,
>
> We use Keycloak standalone system as authentication server. On our
> client/server side we have just installed the Keycloak Adapter.
> For certain tests, we need to change the values of *'aud', 'sub', 'nbf',
> 'exp'* parameters in Json Web Token.
> Also for one test, we need to send back an unsigned token to the client.
> Can someone please advise how this can be achieved? Also which logger would
> I need to set to DEBUG/TRACE in standalone.xml, to be able to see the JWT
> parameters and their values in the response sent back to client?
>
> Thanks in advance.
>
> Vrinda
>


More information about the keycloak-user mailing list