Uploaded image for project: 'Keycloak'
  1. Keycloak
  2. KEYCLOAK-8954

client_id not in aud when using keycloak gatekeeper

    Details

    • Type: Bug
    • Status: Open (View Workflow)
    • Priority: Major
    • Resolution: Unresolved
    • Affects Version/s: 4.6.0.Final
    • Fix Version/s: None
    • Component/s: Gatekeeper
    • Labels:
    • Story Points:
      5
    • Steps to Reproduce:
      Hide

      Start keycloak using Docker:

      docker run --rm -p 8080:8080 -e KEYCLOAK_USER=foo -e KEYCLOAK_PASSWORD=foo jboss/keycloak:4.6.0.Final

      Add a new client, set Access Type to Confidential and set Valid Redirect URIs http://localhost:8001/*

      Run gatekeeper with the following config:

      listen: :8001
      upstream-url: http://127.0.0.1:8000
      redirection-url: http://localhost:8001
      
      client-id: foo_test
      client-secret: db7d6057-52fe-41a3-88dc-4d8d5563dc07
      encryption-key: B7pTUNy7kWL78TCy1t6sxUrMUs9SmBMR
      
      discovery-url: http://localhost:8080/auth/realms/master
      
      enable-refresh-tokens: true
      secure-cookie: false
      
      
      Show
      Start keycloak using Docker: docker run --rm -p 8080:8080 -e KEYCLOAK_USER=foo -e KEYCLOAK_PASSWORD=foo jboss/keycloak:4.6.0.Final Add a new client, set Access Type to Confidential and set Valid Redirect URIs http://localhost:8001/* Run gatekeeper with the following config: listen: : 8001 upstream- url: http:// 127 . 0 . 0 . 1 : 8000 redirection- url: http://localhost: 8001 client- id: foo_test client- secret: db 7 d 6057 - 52 fe- 41 a 3 - 88 dc- 4 d 8 d 5563 dc 07 encryption- key: B 7 pTUNy 7 kWL 78 TCy 1 t 6 sxUrMUs 9 SmBMR discovery- url: http://localhost: 8080 /auth/realms/master enable-refresh- tokens: true secure- cookie: false
    • Docs QE Status:
      NEW
    • QE Status:
      NEW

      Description

      When using the latest 4.6.0 version of Keycloak i am not able to login via the Keycloak Gatekeeper proxy.

      unable to verify the id token	{"error": "oidc: JWT claims invalid: invalid claims, cannot find 'client_id' in 'aud' claim, aud=[master-realm account], client_id=foo_test"}
      

      Previous versions worked out of the box (i tested 4.4.0 and 4.5.0).

        Gliffy Diagrams

          Attachments

            Issue Links

              Activity

                People

                • Assignee:
                  Unassigned
                  Reporter:
                  foosinn Stefan Schwarz
                • Votes:
                  11 Vote for this issue
                  Watchers:
                  18 Start watching this issue

                  Dates

                  • Created:
                    Updated: