Uploaded image for project: 'Keycloak'
  1. Keycloak
  2. KEYCLOAK-8954

client_id not in aud when using keycloak gatekeeper

    Details

    • Type: Bug
    • Status: Open (View Workflow)
    • Priority: Major
    • Resolution: Unresolved
    • Affects Version/s: 4.6.0.Final
    • Fix Version/s: None
    • Component/s: Gatekeeper
    • Labels:
      None
    • Steps to Reproduce:
      Hide

      Start keycloak using Docker:

      docker run --rm -p 8080:8080 -e KEYCLOAK_USER=foo -e KEYCLOAK_PASSWORD=foo jboss/keycloak:4.6.0.Final

      Add a new client, set Access Type to Confidential and set Valid Redirect URIs http://localhost:8001/*

      Run gatekeeper with the following config:

      listen: :8001
      upstream-url: http://127.0.0.1:8000
      redirection-url: http://localhost:8001
       
      client-id: foo_test
      client-secret: db7d6057-52fe-41a3-88dc-4d8d5563dc07
      encryption-key: B7pTUNy7kWL78TCy1t6sxUrMUs9SmBMR
       
      discovery-url: http://localhost:8080/auth/realms/master
       
      enable-refresh-tokens: true
      secure-cookie: false
      
      

      Show
      Start keycloak using Docker: docker run --rm -p 8080:8080 -e KEYCLOAK_USER=foo -e KEYCLOAK_PASSWORD=foo jboss/keycloak:4.6.0.Final Add a new client, set Access Type to Confidential and set Valid Redirect URIs http://localhost:8001/* Run gatekeeper with the following config: listen: :8001 upstream-url: http://127.0.0.1:8000 redirection-url: http://localhost:8001   client-id: foo_test client-secret: db7d6057-52fe-41a3-88dc-4d8d5563dc07 encryption-key: B7pTUNy7kWL78TCy1t6sxUrMUs9SmBMR   discovery-url: http://localhost:8080/auth/realms/master   enable-refresh-tokens: true secure-cookie: false
    • Docs QE Status:
      NEW
    • QE Status:
      NEW

      Description

      When using the latest 4.6.0 version of Keycloak i am not able to login via the Keycloak Gatekeeper proxy.

      unable to verify the id token	{"error": "oidc: JWT claims invalid: invalid claims, cannot find 'client_id' in 'aud' claim, aud=[master-realm account], client_id=foo_test"}
      

      Previous versions worked out of the box (i tested 4.4.0 and 4.5.0).

        Gliffy Diagrams

          Attachments

            Issue Links

              Activity

                People

                • Assignee:
                  Unassigned
                  Reporter:
                  foosinn Stefan Schwarz
                • Votes:
                  5 Vote for this issue
                  Watchers:
                  11 Start watching this issue

                  Dates

                  • Created:
                    Updated: