Home > Blockchain >  How to configure keycloak in kubernetes?
How to configure keycloak in kubernetes?

Time:12-28

I have a Spring cloud API gateway talking to keycloak server for JWT authentication. If I run my application from eclipse and keycloak as single docker container, it works fine. However when I run my spring boot application as docker container(using docker compose or kubernetes) its unable to authorize with keycloak throws following error.

org.springframework.security.oauth2.jwt.JwtDecoderInitializationException: Failed to lazily resolve the supplied JwtDecoder instance
 at org.springframework.security.oauth2.jwt.SupplierReactiveJwtDecoder.wrapException(SupplierReactiveJwtDecoder.java:48) ~[spring-security-oauth2-jose-5.7.6.jar!/:5.7.6]
 Suppressed: reactor.core.publisher.FluxOnAssembly$OnAssemblyException: 
.
.
Caused by: java.lang.IllegalArgumentException: Unable to resolve the Configuration with the provided Issuer of "http://keycloak-server:8080/realms/master"
 at org.springframework.security.oauth2.jwt.JwtDecoderProviderConfigurationUtils.getConfiguration(JwtDecoderProviderConfigurationUtils.java:161) ~[spring-security-oauth2-jose-5.7.6.jar!/:5.7.6]
 at org.springframework.security.oauth2.jwt.JwtDecoderProviderConfigurationUtils.getConfigurationForIssuerLocation(JwtDecoderProviderConfigurationUtils.java:79) ~[spring-security-oauth2-jose-5.7.6.jar!/:5.7.6]

Are there any additional configurations required for this situation?

CodePudding user response:

If the keycloak and springboot applications are deployed in different namespace, you would need to include the namespace in the keycloak url configured in your springboot application (https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/#namespaces-of-services).

Also you might need to check if the kubernetes service for keycloak is configured correctly.

CodePudding user response:

Please check below links may help

https://www.keycloak.org/getting-started/getting-started-kube

java.lang.IllegalArgumentException: Unable to resolve the Configuration with the provided Issuer

  • Related