auth-openid (1.4.0) not working with latest Keycloak server

Mon, 16 Jan 2023 09:02:14 -0800 

Hi,

I tried to change auth-openid to use new keycloak server but it doesn’t work. 
Old keycloak server is version 17.0.0 and it works, but when I try to use new 
keycloak server (latest 20.0.3 version) I got authentication loop.

Guacamole server log shows following:

16:28:13.882 [http-nio-8080-exec-10] INFO  o.a.g.a.o.t.TokenValidationService - 
Rejected invalid OpenID token: JWT processing failed. Additional details: [[17] 
Unable to process JOSE object (cause: org.jose4j.lang.UnresolvableKeyException: 
Unable to find a suitable verification key for JWS w/ header 
{"alg":"RS256","typ" : "JWT","kid" : 
"LaAKcXQe35CMuemrPU3S3IrkTYh6DqKpF3fmx6kJJdE"} due to an unexpected exception 
(java.io.IOException: Non 200 status code (403 Forbidden) returned from 
https://id.xxxxxxx.com/realms/master/protocol/openid-connect/certs) while 
obtaining or using keys from JWKS endpoint at 
https://id.xxxxxx.com/realms/master/protocol/openid-connect/certs): 
JsonWebSignature{"alg":"RS256","typ" : "JWT","kid" : 
"LaAKcXQe35CMuemrPU3S3IrkTYh6DqKpF3fmx6kJJdE"}->eyJhbGciOiJSUzI1NiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICJMYUFLY1hRZTM1Q011ZW1yUFUzUzNJcmtUWWg2RHFLcEYzZm14NmtKSmRFIn0.eyJleHAiOjE2NzM4ODczOTIsImlhdCI6MTY3Mzg4NjQ5MiwiYXV0aF90aW1lIjoxNjczODg1NjI5LCJqdGkiOiJhYzRkNGY4Mi1iNzg2LTQ0NWMtYmNhZi1jMmQyYzQzYzI4MWEiLCJpc3MiOiJodHRwczovL2lkLm5pc3VsYWZvcmVzdC5jb20vcmVhbG1zL25pc3VsYSIsImF1ZCI6Imd1YWNhbW9sZSIsInN1YiI6Ijk4MTc0Y2NhLTZhYmUtNDY3NS04MGQ2LWRkYzBlOTQzN2E1ZSIsInR5cCI6IklEIiwiYXpwIjoiZ3VhY2Ftb2xlIiwibm9uY2UiOiJjdjE1ZW1oNTh0am9ubHF2YnNvcjVmbWdmMiIsInNlc3Npb25fc3RhdGUiOiI4OWE0NDZkOS03NzFmLTRjMTQtYmQxZi03YjdmNjA0MjVlN2EiLCJzaWQiOiI4OWE0NDZkOS03NzFmLTRjMTQtYmQxZi03YjdmNjA0MjVlN2EiLCJlbWFpbF92ZXJpZmllZCI6ZmFsc2UsIm5hbWUiOiJUaW1vIE5pc3VsYSIsImdyb3VwcyI6WyJvZmZsaW5lX2FjY2VzcyIsInVtYV9hdXRob3JpemF0aW9uIiwiZGVmYXVsdC1yb2xlcy1uaXN1bGEiXSwicHJlZmVycmVkX3VzZXJuYW1lIjoidGltbmlzIiwiZ2l2ZW5fbmFtZSI6IlRpbW8iLCJmYW1pbHlfbmFtZSI6Ik5pc3VsYSIsImVtYWlsIjoidGltby5uaXN1bGFAbmlzdWxhZm9yZXN0LmNvbSJ9.FWmnWHfjxNuLH9aSv4W2oOHiqKYEmczIFA-qw8RioWoSHUZa1mMfMXAaA3VbbeyyXXHzjk-PiItO6V01_F4Y2zbpJCoOl5vN8Si0a80P8mtOPDCel5PoDpqEQU_loF89v4n-V8aoWtEnW6HygW_TePs9qLmMqhtzdt9v4Onytq2An6B6etfvnkGi37cD69z-6nnsPsRs7W9j-tinUKxRq8GZJh15LNmaCHgkZYB9OpDXARY2tbJnc9f3k8StHm6G33HJRv0bPAZGz5p-WbF1Z7Ep2Ts1DGVVVXvsrCT9ho8JTAsBN_7TRps3F5p3HntwA1psfktIHWQ8kGHWgkul5g]

What could be the problem?

-Timo

Reply via email to