I have a Spring cloud API gateway talking to keycloak server for JWT authentication. If I run my application from eclipse and keycloak as single docker container, it works fine. However when I run my spring boot application as docker container(using docker compose or kubernetes) its unable to authorize with keycloak throws following error.
org.springframework.security.oauth2.jwt.JwtDecoderInitializationException: Failed to lazily resolve the supplied JwtDecoder instance
at org.springframework.security.oauth2.jwt.SupplierReactiveJwtDecoder.wrapException(SupplierReactiveJwtDecoder.java:48) ~[spring-security-oauth2-jose-5.7.6.jar!/:5.7.6]
Suppressed: reactor.core.publisher.FluxOnAssembly$OnAssemblyException:
.
.
Caused by: java.lang.IllegalArgumentException: Unable to resolve the Configuration with the provided Issuer of "http://keycloak-server:8080/realms/master"
at org.springframework.security.oauth2.jwt.JwtDecoderProviderConfigurationUtils.getConfiguration(JwtDecoderProviderConfigurationUtils.java:161) ~[spring-security-oauth2-jose-5.7.6.jar!/:5.7.6]
at org.springframework.security.oauth2.jwt.JwtDecoderProviderConfigurationUtils.getConfigurationForIssuerLocation(JwtDecoderProviderConfigurationUtils.java:79) ~[spring-security-oauth2-jose-5.7.6.jar!/:5.7.6]
Are there any additional configurations required for this situation?
2
Answers
To solve this modified few things
If the keycloak and springboot applications are deployed in different namespace, you would need to include the namespace in the keycloak url configured in your springboot application (https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/#namespaces-of-services).
Also you might need to check if the kubernetes service for keycloak is configured correctly.