Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Keycloak: missing realm public key

Tags:

keycloak

when I access keycloak admin console (!remotely) and create client:

keycloak client settings

the keycloak OIDC JSON doesn't have public key

keycloak OIDC JSON

I would expect having in JSON something like:

 "realm-public-key": "MIIBIjANBg....
like image 890
Tomas Marik Avatar asked Nov 09 '16 09:11

Tomas Marik


2 Answers

keycloak.json in newest keycloak doesnot have any realm public key ... actually it appears that you are using keycloak version 2.3.x there have been some changes in it . Basically you can rotate multiple public keys for a realm . The document says this :-

In 2.3.0 release we added support for Public Key Rotation. When admin rotates the realm keys in Keycloak admin console, the Client Adapter will be able to recognize it and automatically download new public key from Keycloak. However this automatic download of new keys is done just if you don’t have realm-public-key option in your adapter with the hardcoded public key. For this reason, we don’t recommend to use realm-public-key option in adapter configuration anymore. Note this option is still supported, but it may be useful just if you really want to have hardcoded public key in your adapter configuration and never download the public key from Keycloak. In theory, one reason for this can be to avoid man-in-the-middle attack if you have untrusted network between adapter and Keycloak, however in that case, it is much better option to use HTTPS, which will secure all the requests between adapter and Keycloak.

like image 94
UchihaItachi-Inactive-Account Avatar answered Oct 10 '22 05:10

UchihaItachi-Inactive-Account


I still don't know why there is no public key in keycloak OIDC JSON (probably from security reason), but I have found it under:

Realm Settings > Keys > Public Key View

enter image description here

like image 37
Tomas Marik Avatar answered Oct 10 '22 03:10

Tomas Marik