skip to Main Content

I have a Spring cloud API gateway talking to keycloak server for JWT authentication. If I run my application from eclipse and keycloak as single docker container, it works fine. However when I run my spring boot application as docker container(using docker compose or kubernetes) its unable to authorize with keycloak throws following error.

org.springframework.security.oauth2.jwt.JwtDecoderInitializationException: Failed to lazily resolve the supplied JwtDecoder instance
 at org.springframework.security.oauth2.jwt.SupplierReactiveJwtDecoder.wrapException(SupplierReactiveJwtDecoder.java:48) ~[spring-security-oauth2-jose-5.7.6.jar!/:5.7.6]
 Suppressed: reactor.core.publisher.FluxOnAssembly$OnAssemblyException: 
.
.
Caused by: java.lang.IllegalArgumentException: Unable to resolve the Configuration with the provided Issuer of "http://keycloak-server:8080/realms/master"
 at org.springframework.security.oauth2.jwt.JwtDecoderProviderConfigurationUtils.getConfiguration(JwtDecoderProviderConfigurationUtils.java:161) ~[spring-security-oauth2-jose-5.7.6.jar!/:5.7.6]
 at org.springframework.security.oauth2.jwt.JwtDecoderProviderConfigurationUtils.getConfigurationForIssuerLocation(JwtDecoderProviderConfigurationUtils.java:79) ~[spring-security-oauth2-jose-5.7.6.jar!/:5.7.6]

Are there any additional configurations required for this situation?

2

Answers


  1. Chosen as BEST ANSWER

    To solve this modified few things

    1. Created new realm instead of using default master realm
    2. Instead of using keycloak kubernetes service name in issuer url, used host.docker.internal ip
    3. While generating JWT from postman used same host.docker.internal ip in the token generation url

  2. If the keycloak and springboot applications are deployed in different namespace, you would need to include the namespace in the keycloak url configured in your springboot application (https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/#namespaces-of-services).

    Also you might need to check if the kubernetes service for keycloak is configured correctly.

    Login or Signup to reply.
Please signup or login to give your own answer.
Back To Top
Search