[keycloak-user] [HS256] Use HS256 rather than RS256 for Id Token Signature
Marek Posolda
mposolda at redhat.com
Thu Jan 18 04:34:21 EST 2018
We don't support anything beyond the RS256 for sign ID tokens. OpenID
Connect has a way that allow every client to specify signature algorithm
- parameter "id_token_signed_response_alg" described in the specs [1] .
But we don't have support for this ATM. Feel free to create JIRA (but it
probably won't have very big priority).
[1]
http://openid.net/specs/openid-connect-registration-1_0.html#ClientMetadata
Marek
On 16/01/18 17:42, FOUTREIN Thomas wrote:
> Hello,
>
>
> I m trying to connect our keycloak instance with France Connect (the french public openid connect platform)
>
>
> But France Connect doesn't accept Id Token signed with RSA key , it only accept HS256 with a shared secret to verify the signature
>
>
> I tried to desactivate in my Realm the RSA Provider , but this has no effect on the Token generated (always RS256)
>
>
> Do you have a simple solution for that ?
>
>
> thanks in advance
>
>
> Thomas
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
More information about the keycloak-user
mailing list