[keycloak-user] Keycloak Client doesn't have secret available with Access Type Public

Thu Mar 1 07:18:07 EST 2018

Hi all,

I am using Keycloak 3.4.3 and protecting Spring based Rest service.

Below is Keycloak client configuration:

Client Protocol: openid-connect
Access Type: public
Standard Flow Enabled: ON
Implicit Flow
Direct Access Grants Enabled: ON
Authorization Enabled: OFF

Is it important to provide secret with Access Type as public. If yes, how
can I provide sceret as I couldn't find any option in the Keycloak client
configuration. Please help.

2018-02-28 15:19:10.216 WARN 7813 --- [nio-8080-exec-2] a.a.
ClientIdAndSecretCredentialsProvider : Client 'democlientid' doesn't have
secret available 2018-02-28 15:19:10.375 ERROR 7813 --- [nio-8080-exec-2]
o.k.adapters.OAuthRequestAuthenticator : failed to turn code into token

java.net.ConnectException: Connection refused (Connection refused) at
java.base/java.net.PlainSocketImpl.socketConnect(Native Method) ~[na:na] at
java.base/java.net.AbstractPlainSocketImpl.doConnect(
AbstractPlainSocketImpl.java:400) ~[na:na] at java.base/java.net.
AbstractPlainSocketImpl.connectToAddress(AbstractPlainSocketImpl.java:243)
~[na:na] at java.base/java.net.AbstractPlainSocketImpl.connect(
AbstractPlainSocketImpl.java:225) ~[na:na] at java.base/java.net.
SocksSocketImpl.connect(SocksSocketImpl.java:402) ~[na:na] at
java.base/java.net.Socket.connect(Socket.java:591) ~[na:na] at
org.apache.http.conn.scheme.PlainSocketFactory.connectSocket(PlainSocketFactory.java:121)
~[httpclient-4.5.5.jar!/:4.5.5] at org.apache.http.impl.conn.
DefaultClientConnectionOperator.openConnection(
DefaultClientConnectionOperator.java:180) ~[httpclient-4.5.5.jar!/:4.5.5]
at org.apache.http.impl.conn.AbstractPoolEntry.open(AbstractPoolEntry.java:144)
~[httpclient-4.5.5.jar!/:4.5.5] at org.apache.http.impl.conn.
AbstractPooledConnAdapter.open(AbstractPooledConnAdapter.java:134)
~[httpclient-4.5.5.jar!/:4.5.5] at org.apache.http.impl.client.
DefaultRequestDirector.tryConnect(DefaultRequestDirector.java:610)
~[httpclient-4.5.5.jar!/:4.5.5] at org.apache.http.impl.client.
DefaultRequestDirector.execute(DefaultRequestDirector.java:445)
~[httpclient-4.5.5.jar!/:4.5.5] at org.apache.http.impl.client.
AbstractHttpClient.doExecute(AbstractHttpClient.java:835)
~[httpclient-4.5.5.jar!/:4.5.5] at org.apache.http.impl.client.
CloseableHttpClient.execute(CloseableHttpClient.java:83)
~[httpclient-4.5.5.jar!/:4.5.5] at org.apache.http.impl.client.
CloseableHttpClient.execute(CloseableHttpClient.java:108)
~[httpclient-4.5.5.jar!/:4.5.5] at org.apache.http.impl.client.
CloseableHttpClient.execute(CloseableHttpClient.java:56)
~[httpclient-4.5.5.jar!/:4.5.5] at org.keycloak.adapters.ServerRequest.
invokeAccessCodeToToken(ServerRequest.java:111)
~[keycloak-adapter-core-3.4.3.Final.jar!/:3.4.3.Final] at
org.keycloak.adapters.OAuthRequestAuthenticator.resolveCode(
OAuthRequestAuthenticator.java:336)
~[keycloak-adapter-core-3.4.3.Final.jar!/:3.4.3.Final]
at org.keycloak.adapters.OAuthRequestAuthenticator.authenticate(
OAuthRequestAuthenticator.java:281)
~[keycloak-adapter-core-3.4.3.Final.jar!/:3.4.3.Final]
at org.keycloak.adapters.RequestAuthenticator.authenticate(RequestAuthenticator.java:139)
~[keycloak-adapter-core-3.4.3.Final.jar!/:3.4.3.Final] at
org.keycloak.adapters.tomcat.AbstractKeycloakAuthenticatorV
alve.authenticateInternal(AbstractKeycloakAuthenticatorValve.java:203)
~[spring-boot-container-bundle-3.4.3.Final.jar!/:3.4.3.Final] at
org.keycloak.adapters.tomcat.KeycloakAuthenticatorValve.authenticate(
KeycloakAuthenticatorValve.java:50)
[spring-boot-container-bundle-3.4.3.Final.jar!/:3.4.3.Final]
at org.keycloak.adapters.tomcat.KeycloakAuthenticatorValve.doAuthenticate(
KeycloakAuthenticatorValve.java:57)
[spring-boot-container-bundle-3.4.3.Final.jar!/:3.4.3.Final]
at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:586)
[tomcat-embed-core-8.5.27.jar!/:8.5.27] at org.keycloak.adapters.tomcat.
AbstractKeycloakAuthenticatorValve.invoke(AbstractKeycloakAuthenticatorValve.java:181)
~[spring-boot-container-bundle-3.4.3.Final.jar!/:3.4.3.Final] at
org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:140)
[tomcat-embed-core-8.5.27.jar!/:8.5.27]
Regards,