Well, Keycloak 20.0.3 is working fine with auth-openid 1.4.0 for me. -- Ionel GARDAIS Tech'Advantage CIO - IT Team manager
De: "Ionel GARDAIS" <[email protected]> À: "user" <[email protected]> Envoyé: Lundi 16 Janvier 2023 19:15:03 Objet: Re: [*EXT*] auth-openid (1.4.0) not working with latest Keycloak server Hi Timo, Can you give a try to Keycloak 20.0.2 ? auth-openid 1.4.0 is working fine for me with this release. This would point if its a 20.0.3 issue or an issue with the auth-openid plugin. -- Ionel GARDAIS Tech'Advantage CIO - IT Team manager De: "Timo Nisula" <[email protected]> À: "user" <[email protected]> Envoyé: Lundi 16 Janvier 2023 18:01:57 Objet: [*EXT*] auth-openid (1.4.0) not working with latest Keycloak server Hi, I tried to change auth-openid to use new keycloak server but it doesn’t work. Old keycloak server is version 17.0.0 and it works, but when I try to use new keycloak server (latest 20.0.3 version) I got authentication loop. Guacamole server log shows following: 16:28:13.882 [http-nio-8080-exec-10] INFO o.a.g.a.o.t.TokenValidationService - Rejected invalid OpenID token: JWT processing failed. Additional details: [[17] Unable to process JOSE object (cause: org.jose4j.lang.UnresolvableKeyException: Unable to find a suitable verification key for JWS w/ header {"alg":"RS256","typ" : "JWT","kid" : "LaAKcXQe35CMuemrPU3S3IrkTYh6DqKpF3fmx6kJJdE"} due to an unexpected exception (java.io.IOException: Non 200 status code (403 Forbidden) returned from [ https://id.xxxxxxx.com/realms/master/protocol/openid-connect/certs | https://id.xxxxxxx.com/realms/master/protocol/openid-connect/certs ] ) while obtaining or using keys from JWKS endpoint at [ https://id.xxxxxx.com/realms/master/protocol/openid-connect/certs | https://id.xxxxxx.com/realms/master/protocol/openid-connect/certs ] ): JsonWebSignature{"alg":"RS256","typ" : "JWT","kid" : "LaAKcXQe35CMuemrPU3S3IrkTYh6DqKpF3fmx6kJJdE"}->eyJhbGciOiJSUzI1NiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICJMYUFLY1hRZTM1Q011ZW1yUFUzUzNJcmtUWWg2RHFLcEYzZm14NmtKSmRFIn0.eyJleHAiOjE2NzM4ODczOTIsImlhdCI6MTY3Mzg4NjQ5MiwiYXV0aF90aW1lIjoxNjczODg1NjI5LCJqdGkiOiJhYzRkNGY4Mi1iNzg2LTQ0NWMtYmNhZi1jMmQyYzQzYzI4MWEiLCJpc3MiOiJodHRwczovL2lkLm5pc3VsYWZvcmVzdC5jb20vcmVhbG1zL25pc3VsYSIsImF1ZCI6Imd1YWNhbW9sZSIsInN1YiI6Ijk4MTc0Y2NhLTZhYmUtNDY3NS04MGQ2LWRkYzBlOTQzN2E1ZSIsInR5cCI6IklEIiwiYXpwIjoiZ3VhY2Ftb2xlIiwibm9uY2UiOiJjdjE1ZW1oNTh0am9ubHF2YnNvcjVmbWdmMiIsInNlc3Npb25fc3RhdGUiOiI4OWE0NDZkOS03NzFmLTRjMTQtYmQxZi03YjdmNjA0MjVlN2EiLCJzaWQiOiI4OWE0NDZkOS03NzFmLTRjMTQtYmQxZi03YjdmNjA0MjVlN2EiLCJlbWFpbF92ZXJpZmllZCI6ZmFsc2UsIm5hbWUiOiJUaW1vIE5pc3VsYSIsImdyb3VwcyI6WyJvZmZsaW5lX2FjY2VzcyIsInVtYV9hdXRob3JpemF0aW9uIiwiZGVmYXVsdC1yb2xlcy1uaXN1bGEiXSwicHJlZmVycmVkX3VzZXJuYW1lIjoidGltbmlzIiwiZ2l2ZW5fbmFtZSI6IlRpbW8iLCJmYW1pbHlfbmFtZSI6Ik5pc3VsYSIsImVtYWlsIjoidGltby5uaXN1bGFAbmlzdWxhZm9yZXN0LmNvbSJ9.FWmnWHfjxNuLH9aSv4W2oOHiqKYEmczIFA-qw8RioWoSHUZa1mMfMXAaA3VbbeyyXXHzjk-PiItO6V01_F4Y2zbpJCoOl5vN8Si0a80P8mtOPDCel5PoDpqEQU_loF89v4n-V8aoWtEnW6HygW_TePs9qLmMqhtzdt9v4Onytq2An6B6etfvnkGi37cD69z-6nnsPsRs7W9j-tinUKxRq8GZJh15LNmaCHgkZYB9OpDXARY2tbJnc9f3k8StHm6G33HJRv0bPAZGz5p-WbF1Z7Ep2Ts1DGVVVXvsrCT9ho8JTAsBN_7TRps3F5p3HntwA1psfktIHWQ8kGHWgkul5g] What could be the problem? -Timo -- 232 avenue Napoleon BONAPARTE 92500 RUEIL MALMAISON Capital EUR 219 300,00 - RCS Nanterre B 408 832 301 - TVA FR 09 408 832 301
