Home > front end >  KeyCloak ISS claim URL Authority incorrect in bearer token
KeyCloak ISS claim URL Authority incorrect in bearer token

Time:10-08

I have setup an NGINX Reverse Proxy; using Keycloak 18 to validate users. Moving onto the customer network, I had to change the port mapping of the NGINX-RP to 9443 from 443. Keycloak provides a bearer token upon login. The bearer token will have the iss claim url: xx.xx.xx.xx:9443. This creates an authentication error, because the the expected value is xx.xx.xx.xx. Is there any way for me to change the url authority to contain the new port number?

CodePudding user response:

In the nginx you could use the X-Forwarded headers to tweak the request and update the host and port for downstream calls.
But, you could also handle all your authentication related api calls under the same port (server{} block with location{} sub blocks) and that way you don't have to make this change plus you can also preserve the integrity of the request.

  • Related