I am using Keycloak to secure my rest api
I have 2 clients in Keycloak:
-My front-end: React app
-My back-end: Spring boot (bearer only type)
Everything works properly when I run spring boot application. But I got the error 401 "Didn't find publicKey for specified kid" when I run it in tomcat. Some configuration below:
keycloak.json
{
"realm": "pet",
"bearer-only": true,
"auth-server-url": "http://localhost:8080/auth",
"ssl-required": "none",
"resource": "secure-api",
"confidential-port": 0,
"enable-cors" : true,
"cors-max-age" : 1000,
"cors-allowed-methods" : "POST, PUT, DELETE, GET",
"cors-exposed-headers" : "WWW-Authenticate, My-custom-exposed-Header"
}
web.xml
<web-app xmlns="http://java.sun.com/xml/ns/javaee"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd"
version="3.0">
<module-name>myapp</module-name>
<security-constraint>
<web-resource-collection>
<web-resource-name>Authors</web-resource-name>
<url-pattern>/management/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>user</role-name>
</auth-constraint>
</security-constraint>
<login-config>
<auth-method>BASIC</auth-method>
<realm-name>pet</realm-name>
</login-config>
<security-role>
<role-name>admin</role-name>
</security-role>
<security-role>
<role-name>user</role-name>
</security-role>
</web-app>
context.xml
<Context path="/myapp">
<Valve className="org.keycloak.adapters.tomcat.KeycloakAuthenticatorValve"/>
</Context>
keycloak-7.0 and tomcat-8
Do you have any idea?
Finally, I found the solution.
Be aware of your default signature algorithm token configured in KC admin dashboard:
HS256 required public key in http://{domain}:8080/auth/realms/{realm-name}/.well-known/openid-configuration, unfortunately somehow It's not there. And then “Didn't find publicKey for specified kid” error occured
FYI: RS256 vs HS256: What's the difference?
Make sure public key in The OIDC metadata endpoint if you use HS256
or Using other Algorithm