-
|
Hi All, Can I clarify what the correct provider settings should be in the dab-config.json authentication section for authenticating using JWT tokens issued by Keycloak for an on-premise deployment running fully on Docker? Some older discussions mention a provider "jwt" (such as this excellent write-up here: #2364 ) but it's not mentioned in the documentation anywhere and now results in an error: System.InvalidOperationException: No authentication handler is registered for the scheme 'OAuthAuthentication'. I've tried using provider 'AzureAD' as the documentation seems to indicate this should be used when using JWT authentication, however when connecting to my rest endpoint, I get an error response in postman: Bearer error="invalid_token", error_description="The signature key was not found" Here's a snip from my dab-config.json file... I've checked my JWT token in jwt.io and it all looks good with matching issuer, audience etc. so am running out of ideas on how I could get this to work. I'm using self-signed certificates but have gone through the process of installing these into the container trusted certs in case that was the issue. I'm running the latest docker image, but have also tried dropping back to some older versions. Any help would be much appreciated, thanks! |
Beta Was this translation helpful? Give feedback.
Replies: 1 comment
-
|
Finally got to the bottom of this and got it working. 'AzureAD' is the correct setting but the root cause turned out to be the use of self-signed certificates in my sandbox setup. To fix this, I created a new self-signed root cert and generated a new server cert for keycloak using that. I then imported the self-signed CA root cert into my dab container (into /etc/pki/ca-trust/source/anchors/) and ran update-ca-trust to update the trusted root bundle in the container. Would be nice if the .Net JWT handler had a more descriptive error, but hey, at least it's working now. |
Beta Was this translation helpful? Give feedback.
Finally got to the bottom of this and got it working. 'AzureAD' is the correct setting but the root cause turned out to be the use of self-signed certificates in my sandbox setup. To fix this, I created a new self-signed root cert and generated a new server cert for keycloak using that. I then imported the self-signed CA root cert into my dab container (into /etc/pki/ca-trust/source/anchors/) and ran update-ca-trust to update the trusted root bundle in the container. Would be nice if the .Net JWT handler had a more descriptive error, but hey, at least it's working now.