web-dev-qa-db-fra.com

Vous n'avez pas trouvé publicKey pour enfant, Keycloak?

J'obtiens cette exception "N'a pas trouvé publicKey pour enfant" lors de l'appel du point de terminaison de angular js 2 au serveur widlfly.

l'authentification s'est produite dans keycloak, mais j'appelle environ 8 points de terminaison de différents clients (différents micro services) dans le même domaine en utilisant le même jeton, mais j'ai obtenu cette exception uniquement pour cet appel de microservice.

je suis sûr que l'utilisateur a tous les rôles pour tous les clients. j'ai également décodé le jeton sur JWT pour le vérifier.

parfois ça marche et parfois non !! ceci la trace de la pile d'exceptions:

Caused by: Java.lang.RuntimeException: Unexpected error: Java.security.InvalidAlgorithmParameterException: the trustAnchors parameter must be non-empty
    at Sun.security.validator.PKIXValidator.<init>(PKIXValidator.Java:90)
    at Sun.security.validator.Validator.getInstance(Validator.Java:179)
    at Sun.security.ssl.X509TrustManagerImpl.getValidator(X509TrustManagerImpl.Java:312)
    at Sun.security.ssl.X509TrustManagerImpl.checkTrustedInit(X509TrustManagerImpl.Java:171)
    at Sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.Java:184)
    at Sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.Java:124)
    at Sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.Java:1491)
    at Sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.Java:216)
    at Sun.security.ssl.Handshaker.processLoop(Handshaker.Java:979)
    at Sun.security.ssl.Handshaker.process_record(Handshaker.Java:914)
    at Sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.Java:1062)
    at Sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.Java:1375)
    at Sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.Java:1403)
    ... 55 more
Caused by: Java.security.InvalidAlgorithmParameterException: the trustAnchors parameter must be non-empty
    at Java.security.cert.PKIXParameters.setTrustAnchors(PKIXParameters.Java:200)
    at Java.security.cert.PKIXParameters.<init>(PKIXParameters.Java:120)
    at Java.security.cert.PKIXBuilderParameters.<init>(PKIXBuilderParameters.Java:104)
    at Sun.security.validator.PKIXValidator.<init>(PKIXValidator.Java:88)
    ... 67 more

2017-06-09 00:33:35,994 ERROR [org.keycloak.adapters.rotation.AdapterRSATokenVerifier] (default task-445) Didn't find publicKey for kid: QSm64gYAxG5-5Lt5r-T2dqQmHb8KKJ2dL3h_3Y8zXBE
2017-06-09 00:33:35,994 ERROR [org.keycloak.adapters.BearerTokenRequestAuthenticator] (default task-445) Failed to verify token: org.keycloak.common.VerificationException: Didn't find publicKey for specified kid
    at org.keycloak.adapters.rotation.AdapterRSATokenVerifier.getPublicKey(AdapterRSATokenVerifier.Java:47)
    at org.keycloak.adapters.rotation.AdapterRSATokenVerifier.verifyToken(AdapterRSATokenVerifier.Java:55)
    at org.keycloak.adapters.rotation.AdapterRSATokenVerifier.verifyToken(AdapterRSATokenVerifier.Java:37)
    at org.keycloak.adapters.BearerTokenRequestAuthenticator.authenticateToken(BearerTokenRequestAuthenticator.Java:87)
    at org.keycloak.adapters.BearerTokenRequestAuthenticator.authenticate(BearerTokenRequestAuthenticator.Java:82)
    at org.keycloak.adapters.RequestAuthenticator.authenticate(RequestAuthenticator.Java:67)
    at org.keycloak.adapters.undertow.AbstractUndertowKeycloakAuthMech.keycloakAuthenticate(AbstractUndertowKeycloakAuthMech.Java:110)
    at org.keycloak.adapters.undertow.ServletKeycloakAuthMech.authenticate(ServletKeycloakAuthMech.Java:92)
    at io.undertow.security.impl.SecurityContextImpl$AuthAttempter.transition(SecurityContextImpl.Java:233)
    at io.undertow.security.impl.SecurityContextImpl$AuthAttempter.transition(SecurityContextImpl.Java:250)
    at io.undertow.security.impl.SecurityContextImpl$AuthAttempter.access$100(SecurityContextImpl.Java:219)
    at io.undertow.security.impl.SecurityContextImpl.attemptAuthentication(SecurityContextImpl.Java:121)
    at io.undertow.security.impl.SecurityContextImpl.authTransition(SecurityContextImpl.Java:96)
    at io.undertow.security.impl.SecurityContextImpl.authenticate(SecurityContextImpl.Java:89)
    at io.undertow.servlet.handlers.security.ServletAuthenticationCallHandler.handleRequest(ServletAuthenticationCallHandler.Java:55)
    at io.undertow.server.handlers.DisableCacheHandler.handleRequest(DisableCacheHandler.Java:33)
    at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.Java:43)
    at io.undertow.security.handlers.AuthenticationConstraintHandler.handleRequest(AuthenticationConstraintHandler.Java:51)
    at io.undertow.security.handlers.AbstractConfidentialityHandler.handleRequest(AbstractConfidentialityHandler.Java:46)
    at io.undertow.servlet.handlers.security.ServletConfidentialityConstraintHandler.handleRequest(ServletConfidentialityConstraintHandler.Java:64)
    at io.undertow.servlet.handlers.security.ServletSecurityConstraintHandler.handleRequest(ServletSecurityConstraintHandler.Java:56)
    at io.undertow.security.handlers.AuthenticationMechanismsHandler.handleRequest(AuthenticationMechanismsHandler.Java:60)
    at io.undertow.servlet.handlers.security.CachedAuthenticatedSessionHandler.handleRequest(CachedAuthenticatedSessionHandler.Java:77)
    at io.undertow.security.handlers.NotificationReceiverHandler.handleRequest(NotificationReceiverHandler.Java:50)
    at io.undertow.security.handlers.AbstractSecurityContextAssociationHandler.handleRequest(AbstractSecurityContextAssociationHandler.Java:43)
    at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.Java:43)
    at org.wildfly.extension.undertow.security.jacc.JACCContextIdHandler.handleRequest(JACCContextIdHandler.Java:61)
    at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.Java:43)
    at org.keycloak.adapters.undertow.ServletPreAuthActionsHandler.handleRequest(ServletPreAuthActionsHandler.Java:69)
    at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.Java:43)
    at io.undertow.servlet.handlers.ServletInitialHandler.handleFirstRequest(ServletInitialHandler.Java:284)
    at io.undertow.servlet.handlers.ServletInitialHandler.dispatchRequest(ServletInitialHandler.Java:263)
    at io.undertow.servlet.handlers.ServletInitialHandler.access$000(ServletInitialHandler.Java:81)
    at io.undertow.servlet.handlers.ServletInitialHandler$1.handleRequest(ServletInitialHandler.Java:174)
    at io.undertow.server.Connectors.executeRootHandler(Connectors.Java:202)
    at io.undertow.server.HttpServerExchange$1.run(HttpServerExchange.Java:793)
    at Java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.Java:1142)
    at Java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.Java:617)
    at Java.lang.Thread.run(Thread.Java:745)
javaauthenticationjwtkeycloakkeycloak-services
11
Ahmed Gamal

Si cela est toujours d'actualité, j'ai eu le même problème. Dans mon cas, le problème était que dans Keycloak, le nom du client n'était pas configuré correctement. Après avoir corrigé le nom du client dans Keycloak, tout fonctionne très bien.

7
buderu