[keycloak-user] Keycloak - grant_type when getting a token and token introspection

Dorit Mari Dorit.Mari at audiocodes.com
Tue Jul 24 09:45:46 EDT 2018


Many thanks Hans!
I very much appreciate your help. Introspection now works for me; turns out I did indeed have a few problems of inconsistent <host>:<port> combinations:
1. In one case, the token was obtained using HTTPS and port 443, but the Introspection was done using HTTP and port 80.
2. The Host header in the HTTP introspection request contained the resolved IP address of the keycloak server (and not its domain name), while the destination for the POST request for obtaining the token was the domain name itself.
3. In another case, the token was obtained from keycloak server at port 8080, but the Host header in the introspection request didn't include the port (which isn't HTTP default port, so it is needed).

Thanks,
Dorit


-----Original Message-----
From: keycloak-user-bounces at lists.jboss.org [mailto:keycloak-user-bounces at lists.jboss.org] On Behalf Of Hans Zandbelt
Sent: Monday, July 23, 2018 21:34
To: keycloak-user at lists.jboss.org
Subject: Re: [keycloak-user] Keycloak - grant_type when getting a token and token introspection

Check that you're calling the introspection endpoint using the same <host>:<port> combo as the one that was used when the token was obtained by the client in the call to the token endpoint otherwise the introspection result will always be { "active": "false" }.

Hans.

--
hans.zandbelt at zmartzone.eu
ZmartZone IAM - https://emea01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwebdefence.global.blackspider.com%2Furlwrap%2F%3Fq%3DAXicE2RmqPnKwCDwlIGhKKfSwChJr7ioTC83MTMnOT-vpCg_Ry85P5eh3MzPyzTU0NTA2NTI2JwhJb8oswSoqCjTIbE0JTM_OT8ltRisMKOkpMBKX7-8vFyvCihfUpWfl6qXWsrAwMD8jIEBAIK4I1M%26Z&amp;data=02%7C01%7Cdorit.mari%40audiocodes.com%7C838ac447fe464411001608d5f0cf4590%7C1911c65c893b42f983fa66c1b86fdf85%7C1%7C0%7C636679695390930397&amp;sdata=tTXOSfjjxV%2FsFruEi9rmMQBiLCnT1hPkSFZ74r0uOaM%3D&amp;reserved=0
_______________________________________________
keycloak-user mailing list
keycloak-user at lists.jboss.org
https://emea01.safelinks.protection.outlook.com/?url=https%3A%2F%2Flists.jboss.org%2Fmailman%2Flistinfo%2Fkeycloak-user&amp;data=02%7C01%7Cdorit.mari%40audiocodes.com%7C838ac447fe464411001608d5f0cf4590%7C1911c65c893b42f983fa66c1b86fdf85%7C1%7C0%7C636679695390930397&amp;sdata=hp9mJaGLSNBONidvz247CvRnKhlDsO4oLzz3jniirRg%3D&amp;reserved=0
This email and any files transmitted with it are confidential material. They are intended solely for the use of the designated individual or entity to whom they are addressed. If the reader of this message is not the intended recipient, you are hereby notified that any dissemination, use, distribution or copying of this communication is strictly prohibited and may be unlawful.

If you have received this email in error please immediately notify the sender and delete or destroy any copy of this message



More information about the keycloak-user mailing list