The standard keycloak realm which is created for a fresh Renku keycloak instance should be modified such that the aud claims of access tokens issued by keycloak contains the client_id of the respective client application. See also https://github.com/SwissDataScienceCenter/renku-gateway/issues/90. Note that this configuration will allow Renku to run with newer Keycloak versions but also works with older Keycloak versions (eg 4.5.0).
Closing, as this seems to be fixed now.
Both renku and renku-cli Keycloak clients have their respective mappers configured as needed. Another related PR: #662.
pameladelgado
commented
3 years ago
The standard keycloak realm which is created for a fresh Renku keycloak instance should be modified such that the
audclaims of access tokens issued by keycloak contains theclient_idof the respective client application. See also https://github.com/SwissDataScienceCenter/renku-gateway/issues/90. Note that this configuration will allow Renku to run with newer Keycloak versions but also works with older Keycloak versions (eg 4.5.0).