Reputation: 73
iss claim is not valid Keycloak
I'm using Spring Boot, Angular and Keycloak are dockerized in own containers in same network.
The issuer-uri in spring-boot backend is http://keycloak:8080/realms/sales and the
iss from decoded JWT token is http://localhost:8082/realms/sales.
Problem: My browser cannot use docker network hostnames. I have to use localhost to access keycloak.
I tried KEYCLOAK_FRONTEND_URL and other env variables, but did not fix my problem.
Anyone know how to make iss on both the same in this scenario?
Upvotes: 3
Views: 1075
Answers (1)
Reputation: 795
This is a typical problem when moving from your pc - all localhost services - to dockerized environment.
The best and correct approach is to get a domain name for your keycloak instance and refer to the auth url as https://mykeycloak.something.com so the issuer is always this.
Another approach, but similar is to refer by the IP of the machine, so something like http://192.168.x.x:8082/realms/sales
EDIT: you should not go to production with a machine IP as issuer...
Upvotes: 1
Related Questions
- Keycloak redirect to login page after login due to Samesite issue
- Iss claim not valid Keycloak
- Angular - Spring Boot - Keycloak - 401 Error
- Keycloak with Angular and Spring error: GET http://localhost:8180/auth/realms/Storage/protocol/openid-connect/3p-cookies/step1.html 404 (Not Found)
- Keycloak 18 +Spring boot
- Keycloak with spring boot CODE_TO_TOKEN_ERROR
- Keycloak- Angular-Rest Integration - Roles are always empty
- Spring Boot Configuration -- keycloak
- Spring boot and Keycloak
- 403 spring-boot-2-keycloak-adapter