Uploaded image for project: 'Keycloak'
  1. Keycloak
  2. KEYCLOAK-8954

client_id not in aud when using keycloak gatekeeper

    XMLWordPrintable

Details

    • Bug
    • Resolution: Done
    • Major
    • None
    • 4.6.0.Final
    • Gatekeeper
    • 5
    • Hide

      Start keycloak using Docker:

      docker run --rm -p 8080:8080 -e KEYCLOAK_USER=foo -e KEYCLOAK_PASSWORD=foo jboss/keycloak:4.6.0.Final

      Add a new client, set Access Type to Confidential and set Valid Redirect URIs http://localhost:8001/*

      Run gatekeeper with the following config:

      listen: :8001
upstream-url: http://127.0.0.1:8000
redirection-url: http://localhost:8001

client-id: foo_test
client-secret: db7d6057-52fe-41a3-88dc-4d8d5563dc07
encryption-key: B7pTUNy7kWL78TCy1t6sxUrMUs9SmBMR

discovery-url: http://localhost:8080/auth/realms/master

enable-refresh-tokens: true
secure-cookie: false
      Show
      Start keycloak using Docker: docker run --rm -p 8080:8080 -e KEYCLOAK_USER=foo -e KEYCLOAK_PASSWORD=foo jboss/keycloak:4.6.0.Final Add a new client, set Access Type to Confidential and set Valid Redirect URIs http://localhost:8001/* Run gatekeeper with the following config: listen: : 8001 upstream- url: http:// 127 . 0 . 0 . 1 : 8000 redirection- url: http://localhost: 8001 client- id: foo_test client- secret: db 7 d 6057 - 52 fe- 41 a 3 - 88 dc- 4 d 8 d 5563 dc 07 encryption- key: B 7 pTUNy 7 kWL 78 TCy 1 t 6 sxUrMUs 9 SmBMR discovery- url: http://localhost: 8080 /auth/realms/master enable-refresh- tokens: true secure- cookie: false
    • NEW
    • NEW
    • +

    Description

      When using the latest 4.6.0 version of Keycloak i am not able to login via the Keycloak Gatekeeper proxy.

      unable to verify the id token	{"error": "oidc: JWT claims invalid: invalid claims, cannot find 'client_id' in 'aud' claim, aud=[master-realm account], client_id=foo_test"}

      Previous versions worked out of the box (i tested 4.4.0 and 4.5.0).

      Attachments

        1. config.png
          41 kB
          (inactive user) Bruno Oliveira Silva

        Issue Links

          causes

          Task - A task that needs to be done. KEYCLOAK-9016 Document the client mapper to make use of Gatekeeper with the latest Keycloak releases

          • Major - To be worked after higher priority work items are addressed. When the severity is high and the effort to change it is low to moderate, this term is chosen. Issues in this category likely have an existing workaround but implementation or execution may be non-trivial.
          • Closed
          is caused by

          Bug - A problem which impairs or prevents the functions of the product. KEYCLOAK-8483 aud includes RP

          • Major - To be worked after higher priority work items are addressed. When the severity is high and the effort to change it is low to moderate, this term is chosen. Issues in this category likely have an existing workaround but implementation or execution may be non-trivial.
          • Closed

          Activity

            Public project attachment banner

              context keys: [headless, issue, helper, isAsynchronousRequest, project, action, user]
              current Project key: KEYCLOAK

              People

                boliveir_managed_kafka_security (inactive user) Bruno Oliveira Silva (Inactive)
                foosinn Stefan Scwarz (Inactive)
                Votes:
                22 Vote for this issue
                Watchers:
                40 Start watching this issue

                Dates

                  Created:
                  Updated:
                  Resolved: