I have a Spring cloud API gateway talking to keycloak server for JWT authentication. If I run my application from eclipse and keycloak as single docker container, it works fine. However when I run my spring boot application as docker container(using docker compose or kubernetes) its unable to authorize with keycloak throws following error.
org.springframework.security.oauth2.jwt.JwtDecoderInitializationException: Failed to lazily resolve the supplied JwtDecoder instance
at org.springframework.security.oauth2.jwt.SupplierReactiveJwtDecoder.wrapException(SupplierReactiveJwtDecoder.java:48) ~[spring-security-oauth2-jose-5.7.6.jar!/:5.7.6]
Suppressed: reactor.core.publisher.FluxOnAssembly$OnAssemblyException:
.
.
Caused by: java.lang.IllegalArgumentException: Unable to resolve the Configuration with the provided Issuer of "http://keycloak-server:8080/realms/master"
at org.springframework.security.oauth2.jwt.JwtDecoderProviderConfigurationUtils.getConfiguration(JwtDecoderProviderConfigurationUtils.java:161) ~[spring-security-oauth2-jose-5.7.6.jar!/:5.7.6]
at org.springframework.security.oauth2.jwt.JwtDecoderProviderConfigurationUtils.getConfigurationForIssuerLocation(JwtDecoderProviderConfigurationUtils.java:79) ~[spring-security-oauth2-jose-5.7.6.jar!/:5.7.6]
Are there any additional configurations required for this situation?
CodePudding user response:
If the keycloak and springboot applications are deployed in different namespace, you would need to include the namespace in the keycloak url configured in your springboot application (https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/#namespaces-of-services).
Also you might need to check if the kubernetes service for keycloak is configured correctly.
CodePudding user response:
Please check below links may help
https://www.keycloak.org/getting-started/getting-started-kube
java.lang.IllegalArgumentException: Unable to resolve the Configuration with the provided Issuer