'Keycloak / SpringBoot - The Issuer <https://example.com> provided in the OpenID Configuration did not match the requested issuer <https://bar.com>
I have an issue with a project I just join.
The technical stack :
- Jhipster with Angular and SpringBoot
- Keycloak
I replace the right url by example.com and bar.com
The endpoint https://bar.com/auth/realms/artemis/.well-known/openid-configuration returns this :
{
"issuer": "https://example.com/auth/realms/artemis",
"authorization_endpoint": "https://example.com/auth/realms/artemis/protocol/openid-connect/auth",
"token_endpoint": "https://bar.com/auth/realms/artemis/protocol/openid-connect/token",
"token_introspection_endpoint": "https://bar.com/auth/realms/artemis/protocol/openid-connect/token/introspect",
"userinfo_endpoint": "https://bar.com/auth/realms/artemis/protocol/openid-connect/userinfo",
"end_session_endpoint": "https://example.com/auth/realms/artemis/protocol/openid-connect/logout",
"jwks_uri": "https://bar.com/auth/realms/artemis/protocol/openid-connect/certs",
"check_session_iframe": "https://example.com/auth/realms/artemis/protocol/openid-connect/login-status-iframe.html",
}
When I run the App I got this error :
Caused by: java.lang.IllegalStateException: The Issuer "https://example.com/auth/realms/artemis" provided in the OpenID Configuration did not match the requested issuer "https://bar.com:8443/auth/realms/artemis"
at org.springframework.security.oauth2.client.registration.ClientRegistrations.fromOidcIssuerLocation(ClientRegistrations.java:76)
at org.springframework.boot.autoconfigure.security.oauth2.client.OAuth2ClientPropertiesRegistrationAdapter.getBuilderFromIssuerIfPossible(OAuth2ClientPropertiesRegistrationAdapter.java:84)
at org.springframework.boot.autoconfigure.security.oauth2.client.OAuth2ClientPropertiesRegistrationAdapter.getClientRegistration(OAuth2ClientPropertiesRegistrationAdapter.java:60)
at org.springframework.boot.autoconfigure.security.oauth2.client.OAuth2ClientPropertiesRegistrationAdapter.lambda$getClientRegistrations$0(OAuth2ClientPropertiesRegistrationAdapter.java:53)
at java.util.HashMap.forEach(HashMap.java:1289)
at org.springframework.boot.autoconfigure.security.oauth2.client.OAuth2ClientPropertiesRegistrationAdapter.getClientRegistrations(OAuth2ClientPropertiesRegistrationAdapter.java:52)
at org.springframework.boot.autoconfigure.security.oauth2.client.servlet.OAuth2ClientRegistrationRepositoryConfiguration.clientRegistrationRepository(OAuth2ClientRegistrationRepositoryConfiguration.java:55)
at org.springframework.boot.autoconfigure.security.oauth2.client.servlet.OAuth2ClientRegistrationRepositoryConfiguration$$EnhancerBySpringCGLIB$$c9d328e3.CGLIB$clientRegistrationRepository$0(<generated>)
at org.springframework.boot.autoconfigure.security.oauth2.client.servlet.OAuth2ClientRegistrationRepositoryConfiguration$$EnhancerBySpringCGLIB$$c9d328e3$$FastClassBySpringCGLIB$$1d0ccf00.invoke(<generated>)
at org.springframework.cglib.proxy.MethodProxy.invokeSuper(MethodProxy.java:244)
at org.springframework.context.annotation.ConfigurationClassEnhancer$BeanMethodInterceptor.intercept(ConfigurationClassEnhancer.java:363)
at org.springframework.boot.autoconfigure.security.oauth2.client.servlet.OAuth2ClientRegistrationRepositoryConfiguration$$EnhancerBySpringCGLIB$$c9d328e3.clientRegistrationRepository(<generated>)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:498)
at org.springframework.beans.factory.support.SimpleInstantiationStrategy.instantiate(SimpleInstantiationStrategy.java:154)
... 92 common frames omitted
I'm new with Spring Boot. I don't really understand what I have to do to be able to use 2 differents url.
Thx for the help ! I can give you more informations if you need.
Solution 1:[1]
Your application.yaml
config issuer-uri
is not matching issuer
of used OIDC Keycloak realm. Set it to https://example.com/auth/realms/artemis
and it should be fine.
Solution 2:[2]
-- This may not be relative to OP's case. But for other cases. -- Just a headsup. -- I am not a professional on this, I could be wrong, but it helped in my case.
The problem could occur from the other side, in the Authorization Server
.
So, for example, you may not only need to look at the application.yml
in the Resource Server
:
spring.security.oauth2.resourceserver.jwt.issuer-uri: http://localhost:9999
you may also need to look at the Authorization Server
:
@Bean
public ProviderSettings providerSettings() {
return new ProviderSettings().issuer("http://localhost:9999");
}
Sources
This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.
Source: Stack Overflow
Solution | Source |
---|---|
Solution 1 | Jan Garaj |
Solution 2 | Nor.Z |