TechQA.

Issuer provided in the configuration metadata did not match the requested issuer, using Keycloak and Springboot in a DockerCompose

242 views Asked by At

I want to create a docker-compose configuration for a springboot backend connecting to a keycloak server.

I have the following error when starting the services :

Caused by: java.lang.IllegalStateException: The Issuer "http://localhost:8080/realms/RepitRealm" provided in the configuration metadata did not match the requested issuer "http://keycloak:8080/realms/RepitRealm"

Here is the relevant lines in my docker-compose.yml :

networks:
  local-keycloak:

volumes:
[...]

services:

  keycloak-db:
[...]

  keycloak:
    build: ./keycloak/
    container_name: repit-keycloak
    ports:
      - "8881:8080"
      - "8443:8443"
    volumes:
      - ./keycloak/data:/opt/keycloak/data/import
    environment:
      KEYCLOAK_ADMIN: "admin"
      KEYCLOAK_ADMIN_PASSWORD: "admin"
#      KC_HOSTNAME: "keycloak"
    networks:
      - local-keycloak
    depends_on:
      - keycloak-db
    restart: unless-stopped
    command:
      - start-dev
      - --import-realm

  backend:
    image: [...]
    container_name: repit-backend
    environment:
      spring_profiles_active: "external"
      KEYCLOAK_URL: "http://keycloak:8080/realms/RepitRealm"
      APPLICATION_PORT: "8880"
    ports:
      - "8880:8880"
    networks:
      - local-keycloak
    depends_on:
      - keycloak
    restart: unless-stopped

Here is the dockerfile used to build the keycloak service

FROM quay.io/keycloak/keycloak:latest as builder

# Enable health and metrics support
ENV KC_HEALTH_ENABLED=true
ENV KC_METRICS_ENABLED=true

# Configure a database vendor
ENV KC_DB=postgres

WORKDIR /opt/keycloak
# for demonstration purposes only, please make sure to use proper certificates in production instead
RUN keytool -genkeypair -storepass password -storetype PKCS12 -keyalg RSA -keysize 2048 -dname "CN=server" -alias server -ext "SAN:c=DNS:localhost,IP:127.0.0.1" -keystore conf/server.keystore
RUN /opt/keycloak/bin/kc.sh build

FROM quay.io/keycloak/keycloak:latest
COPY --from=builder /opt/keycloak/ /opt/keycloak/

# change these values to point to a running postgres instance
ENV KC_DB=postgres
ENV KC_DB_URL=jdbc:postgresql://keycloak-db:5432/keycloak
ENV KC_DB_USERNAME=keycloak
ENV KC_DB_PASSWORD=password
ENV KC_HOSTNAME=localhost
ENTRYPOINT ["/opt/keycloak/bin/kc.sh"]

Here is the relevant lines for the "external" profile of my springboot backend

spring.security.oauth2.client.registration.keycloak.client-id=repit
spring.security.oauth2.client.registration.keycloak.authorization-grant-type=authorization_code
spring.security.oauth2.client.registration.keycloak.scope=openid
spring.security.oauth2.client.provider.keycloak.issuer-uri=${KEYCLOAK_URL}
spring.security.oauth2.client.provider.keycloak.user-name-attribute=preferred_username
spring.security.oauth2.resourceserver.jwt.issuer-uri=${KEYCLOAK_URL}

Note : if I remove the backend service from the docker-compose and start the backend application directly from my IDE, it works like a charm.

I tried to change the KC_HOSTNAME in the keycloak service to keycloak instead of localhost and it did start, but then I get redirected to http://keycloak:8881/realms/RepitRealm when authenticating in my browser from my frontend application.

spring-boot docker-compose keycloak spring-boot-security
Original Q&A
0

There are 0 answers

Related Questions in SPRING-BOOT

Related Questions in DOCKER-COMPOSE

Related Questions in KEYCLOAK

Related Questions in SPRING-BOOT-SECURITY

Popular Questions

Popular Tags

javascript python java c# php android html jquery c++ css ios sql mysql r reactjs node.js arrays c asp.net json python-3.x ruby-on-rails .net sql-server swift django angular objective-c pandas excel

Trending Questions