[keycloak-user] Keycloak as OIDC provider to AWS ALB, any hints!
Max Allan
max.allan+keycloak at surevine.com
Mon Oct 29 10:41:35 EDT 2018
FYI, if you are using an ALB with Keycloak, AWS appear to have quietly
fixed the B/b problem and it all works nicely out of the box now.
Problem solved.
Max
On Tue, 17 Jul 2018 at 07:29, Hiroyuki Wada <h2-wada at nri.co.jp> wrote:
> Hi Max,
>
> I tried integrating AWS ELB and Keycloak one month ago
> and I encountered same problem.
>
> Because AWS ELB doesn't follow the OAuth2 spec correctly,
> it rejects the token endpoint response from Keycloak.
> The response from Keycloak contains "token_type" as follows:
>
> "token_type":"bearer"
>
> But AWS ELB expects as follows:
>
> "token_type":"Bearer"
>
> OAuth2 spec says the value is case insensitive as below.
>
> > https://tools.ietf.org/html/rfc6749#section-4.2.2
> >
> > token_type
> > REQUIRED. The type of the token issued as described in
> > Section 7.1. Value is case insensitive.
>
> So, I think we need to wait until AWS fixes this issue...
>
More information about the keycloak-user
mailing list