bijoythomask
commented
4 years ago I could resolve the issue. The issue is, the key cloak validates the issuer in the token, and the endpoint used for introspection are matching. This scenario is explained in detail in the below blog. https://www.jerney.io/secure-apis-kong-keycloak-2/
I have enabled the OIDC nokia/kong-oidcplugin globally with below for one api's with below configurations Deployment environment openshift v3.11.51 image: repository: revomatico/docker-kong-oidc tag: "2.0.4-1"
Deployed using Helm 3
{ "created_at": 1589024458, "config": { "response_type": "code", "introspection_endpoint": "https://sso:8443/auth/realms/davis/protocol/openid-connect/token/introspect", "timeout": null, "redirect_uri": null, "logout_path": "/logout", "filters": null, "disable_access_token_header": "no", "bearer_only": "yes", "access_token_header_as_bearer": "yes", "access_token_header_name": "X-Access-Token", "disable_id_token_header": "no", "ssl_verify": "no", "session_secret": null, "introspection_endpoint_auth_method": null, "groups_claim": "groups", "realm": "davis", "redirect_after_logout_uri": "/", "scope": "openid", "token_endpoint_auth_method": "client_secret_post", "client_secret": "515b87e1-9a0d-41ca-8e6e-ed7e65d65e59", "client_id": "kong", "userinfo_header_name": "X-USERINFO", "revoke_tokens_on_logout": "no", "discovery": "https://sso:8443/auth/realms/davis/.well-known/openid-configuration", "ignore_auth_filters": "", "disable_userinfo_header": "no", "id_token_header_name": "X-ID-Token", "recovery_page_path": null, "unauth_action": "auth" }, "id": "de08422d-7497-4b4a-bc38-9f45397b94a3", "service": null, "enabled": true, "protocols": [ "grpc", "grpcs", "http", "https" ], "name": "oidc", "consumer": null, "route": null, "tags": null }
However I am always getting WWW-Authenticate →Bearer realm="kong",error="invalid token"
Is there is suggestion to fix the issue