'Keycloak / SpringBoot - The Issuer <https://example.com> provided in the OpenID Configuration did not match the requested issuer <https://bar.com>

I have an issue with a project I just join.

The technical stack :

  • Jhipster with Angular and SpringBoot
  • Keycloak

I replace the right url by example.com and bar.com

application.yaml

The endpoint https://bar.com/auth/realms/artemis/.well-known/openid-configuration returns this :

{
  "issuer": "https://example.com/auth/realms/artemis",
  "authorization_endpoint": "https://example.com/auth/realms/artemis/protocol/openid-connect/auth",
  "token_endpoint": "https://bar.com/auth/realms/artemis/protocol/openid-connect/token",
  "token_introspection_endpoint": "https://bar.com/auth/realms/artemis/protocol/openid-connect/token/introspect",
  "userinfo_endpoint": "https://bar.com/auth/realms/artemis/protocol/openid-connect/userinfo",
  "end_session_endpoint": "https://example.com/auth/realms/artemis/protocol/openid-connect/logout",
  "jwks_uri": "https://bar.com/auth/realms/artemis/protocol/openid-connect/certs",
  "check_session_iframe": "https://example.com/auth/realms/artemis/protocol/openid-connect/login-status-iframe.html",
}

When I run the App I got this error :

Caused by: java.lang.IllegalStateException: The Issuer "https://example.com/auth/realms/artemis" provided in the OpenID Configuration did not match the requested issuer "https://bar.com:8443/auth/realms/artemis"
    at org.springframework.security.oauth2.client.registration.ClientRegistrations.fromOidcIssuerLocation(ClientRegistrations.java:76)
    at org.springframework.boot.autoconfigure.security.oauth2.client.OAuth2ClientPropertiesRegistrationAdapter.getBuilderFromIssuerIfPossible(OAuth2ClientPropertiesRegistrationAdapter.java:84)
    at org.springframework.boot.autoconfigure.security.oauth2.client.OAuth2ClientPropertiesRegistrationAdapter.getClientRegistration(OAuth2ClientPropertiesRegistrationAdapter.java:60)
    at org.springframework.boot.autoconfigure.security.oauth2.client.OAuth2ClientPropertiesRegistrationAdapter.lambda$getClientRegistrations$0(OAuth2ClientPropertiesRegistrationAdapter.java:53)
    at java.util.HashMap.forEach(HashMap.java:1289)
    at org.springframework.boot.autoconfigure.security.oauth2.client.OAuth2ClientPropertiesRegistrationAdapter.getClientRegistrations(OAuth2ClientPropertiesRegistrationAdapter.java:52)
    at org.springframework.boot.autoconfigure.security.oauth2.client.servlet.OAuth2ClientRegistrationRepositoryConfiguration.clientRegistrationRepository(OAuth2ClientRegistrationRepositoryConfiguration.java:55)
    at org.springframework.boot.autoconfigure.security.oauth2.client.servlet.OAuth2ClientRegistrationRepositoryConfiguration$$EnhancerBySpringCGLIB$$c9d328e3.CGLIB$clientRegistrationRepository$0(<generated>)
    at org.springframework.boot.autoconfigure.security.oauth2.client.servlet.OAuth2ClientRegistrationRepositoryConfiguration$$EnhancerBySpringCGLIB$$c9d328e3$$FastClassBySpringCGLIB$$1d0ccf00.invoke(<generated>)
    at org.springframework.cglib.proxy.MethodProxy.invokeSuper(MethodProxy.java:244)
    at org.springframework.context.annotation.ConfigurationClassEnhancer$BeanMethodInterceptor.intercept(ConfigurationClassEnhancer.java:363)
    at org.springframework.boot.autoconfigure.security.oauth2.client.servlet.OAuth2ClientRegistrationRepositoryConfiguration$$EnhancerBySpringCGLIB$$c9d328e3.clientRegistrationRepository(<generated>)
    at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
    at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
    at java.lang.reflect.Method.invoke(Method.java:498)
    at org.springframework.beans.factory.support.SimpleInstantiationStrategy.instantiate(SimpleInstantiationStrategy.java:154)
    ... 92 common frames omitted

I'm new with Spring Boot. I don't really understand what I have to do to be able to use 2 differents url.

Thx for the help ! I can give you more informations if you need.

spring-bootjhipsterkeycloak


Solution 1:[1]

Your application.yaml config issuer-uri is not matching issuer of used OIDC Keycloak realm. Set it to https://example.com/auth/realms/artemis and it should be fine.

Solution 2:[2]

-- This may not be relative to OP's case. But for other cases. -- Just a headsup. -- I am not a professional on this, I could be wrong, but it helped in my case.

The problem could occur from the other side, in the Authorization Server.

So, for example, you may not only need to look at the application.yml in the Resource Server:

spring.security.oauth2.resourceserver.jwt.issuer-uri: http://localhost:9999

you may also need to look at the Authorization Server:

  @Bean
  public ProviderSettings providerSettings() {
    return new ProviderSettings().issuer("http://localhost:9999"); 
  }

Sources

This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.

Source: Stack Overflow

Solution Source
Solution 1 Jan Garaj
Solution 2 Nor.Z

Related Questions

Spring boot: ERROR StatusLogger Log4j2 could not find a logging implementation

Spring boot: ERROR StatusLogger Log4j2 could not find a logging implementation

Spring boot: ERROR StatusLogger Log4j2 could not find a logging implementation

Spring boot: ERROR StatusLogger Log4j2 could not find a logging implementation

CORS : Response to preflight request doesn't pass access control check: Redirect is not allowed for a preflight request [duplicate]

SonnarQube's issue: change code to not construct the URL from user-controlled data

Postman returns null when using POST (Spring Boot)

Custom HealthIndicator not invoked during startup

How to configure hikari pool for eager initialization?

How to set default current date in jpa for mysql

JdbcBatchItemWriter - setSql - How to fix timestamp type mismatch

AuthenticationSuccessEvent never fired

How to read geography values using hibernate?

Getting java.lang.NoSuchMethodError: org.yaml.snakeyaml.Yaml.<init> while running spark based spring boot application

Need a direct way of implementing Azure spring data cosmos db query implementation for a nested parameter