elition
Reputation: 71
Keycloak / SpringBoot - The Issuer <https://example.com> provided in the OpenID Configuration did not match the requested issuer <https://bar.com>
I have an issue with a project I just join.
The technical stack :
- Jhipster with Angular and SpringBoot
- Keycloak
I replace the right url by example.com and bar.com
The endpoint https://bar.com/auth/realms/artemis/.well-known/openid-configuration returns this :
{
"issuer": "https://example.com/auth/realms/artemis",
"authorization_endpoint": "https://example.com/auth/realms/artemis/protocol/openid-connect/auth",
"token_endpoint": "https://bar.com/auth/realms/artemis/protocol/openid-connect/token",
"token_introspection_endpoint": "https://bar.com/auth/realms/artemis/protocol/openid-connect/token/introspect",
"userinfo_endpoint": "https://bar.com/auth/realms/artemis/protocol/openid-connect/userinfo",
"end_session_endpoint": "https://example.com/auth/realms/artemis/protocol/openid-connect/logout",
"jwks_uri": "https://bar.com/auth/realms/artemis/protocol/openid-connect/certs",
"check_session_iframe": "https://example.com/auth/realms/artemis/protocol/openid-connect/login-status-iframe.html",
}
When I run the App I got this error :
Caused by: java.lang.IllegalStateException: The Issuer "https://example.com/auth/realms/artemis" provided in the OpenID Configuration did not match the requested issuer "https://bar.com:8443/auth/realms/artemis"
at org.springframework.security.oauth2.client.registration.ClientRegistrations.fromOidcIssuerLocation(ClientRegistrations.java:76)
at org.springframework.boot.autoconfigure.security.oauth2.client.OAuth2ClientPropertiesRegistrationAdapter.getBuilderFromIssuerIfPossible(OAuth2ClientPropertiesRegistrationAdapter.java:84)
at org.springframework.boot.autoconfigure.security.oauth2.client.OAuth2ClientPropertiesRegistrationAdapter.getClientRegistration(OAuth2ClientPropertiesRegistrationAdapter.java:60)
at org.springframework.boot.autoconfigure.security.oauth2.client.OAuth2ClientPropertiesRegistrationAdapter.lambda$getClientRegistrations$0(OAuth2ClientPropertiesRegistrationAdapter.java:53)
at java.util.HashMap.forEach(HashMap.java:1289)
at org.springframework.boot.autoconfigure.security.oauth2.client.OAuth2ClientPropertiesRegistrationAdapter.getClientRegistrations(OAuth2ClientPropertiesRegistrationAdapter.java:52)
at org.springframework.boot.autoconfigure.security.oauth2.client.servlet.OAuth2ClientRegistrationRepositoryConfiguration.clientRegistrationRepository(OAuth2ClientRegistrationRepositoryConfiguration.java:55)
at org.springframework.boot.autoconfigure.security.oauth2.client.servlet.OAuth2ClientRegistrationRepositoryConfiguration$$EnhancerBySpringCGLIB$$c9d328e3.CGLIB$clientRegistrationRepository$0(<generated>)
at org.springframework.boot.autoconfigure.security.oauth2.client.servlet.OAuth2ClientRegistrationRepositoryConfiguration$$EnhancerBySpringCGLIB$$c9d328e3$$FastClassBySpringCGLIB$$1d0ccf00.invoke(<generated>)
at org.springframework.cglib.proxy.MethodProxy.invokeSuper(MethodProxy.java:244)
at org.springframework.context.annotation.ConfigurationClassEnhancer$BeanMethodInterceptor.intercept(ConfigurationClassEnhancer.java:363)
at org.springframework.boot.autoconfigure.security.oauth2.client.servlet.OAuth2ClientRegistrationRepositoryConfiguration$$EnhancerBySpringCGLIB$$c9d328e3.clientRegistrationRepository(<generated>)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:498)
at org.springframework.beans.factory.support.SimpleInstantiationStrategy.instantiate(SimpleInstantiationStrategy.java:154)
... 92 common frames omitted
I'm new with Spring Boot. I don't really understand what I have to do to be able to use 2 differents url.
Thx for the help ! I can give you more informations if you need.
Upvotes: 5
Views: 9973
Answers (2)
Nor.Z
Reputation: 1349
-- This may not be relative to OP's case. But for other cases. -- Just a headsup. -- I am not a professional on this, I could be wrong, but it helped in my case.
The problem could occur from the other side, in the Authorization Server.
So, for example, you may not only need to look at the application.yml in the Resource Server:
spring.security.oauth2.resourceserver.jwt.issuer-uri: http://localhost:9999
you may also need to look at the Authorization Server:
@Bean
public ProviderSettings providerSettings() {
return new ProviderSettings().issuer("http://localhost:9999");
}
Upvotes: 4
Jan Garaj
Reputation: 28656
Your application.yaml config issuer-uri is not matching issuer of used OIDC Keycloak realm. Set it to https://example.com/auth/realms/artemis and it should be fine.
Upvotes: 2
Related Questions
- java.lang.IllegalArgumentException: Unable to resolve the Configuration with the provided Issuer
- Iss claim not valid Keycloak
- Keycloak cannot identify clientAuthenticator from the configuration
- Spring Boot // Keycloak HTTPS : Could not obtain the keys oauth2.jwt.NimbusReactiveJwtDecoder$JwkSetUriReactiveJwtDecoderBuilder
- Keycloak with Spring Boot KeycloakSecurityContext always null
- Unable to resolve the OpenID Configuration with the provided Issuer (JHipster with KeyCloak)
- Communication issue between Spring Boot application (JHipster) and Keycloak through HTTPS
- Keycloak with spring boot CODE_TO_TOKEN_ERROR
- Oauth2 login fails for Spring boot application using Keycloak
- jhipster keycloak integration always redirect to localhost:8080