[keycloak-user] Authorization header from third party site
Schaar, Andrew
Andrew.Schaar at bluestembrands.com
Tue Jul 3 17:23:10 EDT 2018
Hello,
We are receiving authorization headers from a third party that links to our site. The endpoint being hit is not secured via spring security, however because an authorization header is on the request KeycloakAuthenticationProcessingFilter.java is attempting to authenticate the request.
The result is a VerificationException from AdapterRSATokenVerifier and subsequently a 401 and a poor user experience. I am wondering if you have any advice regarding the scenario where an invalid authorization header is received when requesting unsecured endpoints.
We are using the Keycloak spring security adapter 3.4.2.Final
Thanks!
Andrew
More information about the keycloak-user
mailing list