Keycloak: no more working with Keycloak 23.0.6

Question

Keycloak: no more working with Keycloak 23.0.6

Leopol123 opened this issue 5 months ago · 2 comments

Hello,

We are working with Signmykey for years using Keycloak for auth and vault for signing SSH key. It was working like a charm. I am migrating Keycloak to 23.0.6, exporting/importing "Keycloak clients" including "signmykey" client. And Signmykey no working anymore...

It seems there is an issue when Signmykey tries to get list of principals for my user:

Keycloak 23.0.6 (using Quarkus)
{"ctx":"api","error":"unexpected end of JSON input","handler":"sign","level":"error","msg":"Getting list of user principals","req_id":"signmykey-785c7cf4cd-4q7tj/oqgurNDsH1-000001","user":"oidc-my-user"}

When I roll back to old Keycloak, I have this logs :
Keycloak 17.0.0 (using Wildfly)
{"ctx":"api","handler":"sign","level":"info","msg":"User principals retrieved","principals":["MYGROUP1","MYGROUP2"],"req_id":"signmykey-785c7cf4cd-f2pmw/ChOwIytdnP-000003","user":"oidc-my-user"}

Do you have any idea to solve this issue ? I can do some tests if needed. Thanks for your help !

Answer 1 · 2024-04-02T16:41:03.000Z

Hey @Leopol123,

Thanks for pointing out that issue. I took a look and realized the token request from Signmykey to Keycloak was missing the "openid" scope – something that's needed after a recent change in Keycloak (more about that here: keycloak/keycloak#14237). I've patched it up in this PR: #212.

Would you mind giving the latest release (https://github.com/signmykeyio/signmykey/releases/tag/v0.8.6) a spin to see if it sorts things out for you?

Answer 2 · 2024-04-04T09:13:24.000Z

Hello @pablo-ruth,

I do the same test using the new release, it's working ! Thanks you a lot !