Hi , @VonDerBeck
I am trying integrate Key-Cloak with camunda but facing some issue while running camunda spring boot application.
I have followed steps as mentioned in this github repository.
do you have Keycloak running under localhost:9000 (localhost! port 9000!) and setup a realm named camunda
Keycloak running on port 9000 with realm name as ‘camunda’.
It looks like you are trying to implement SSO?
Yes I am trying to implement SSO. I had already looked upon above github repo and receiving similar error mesage as "Unable to resolve Configuration with the provided Issuer of “http://localhost:9000/auth/realms/camunda”
@VonDerBeck Please let me know if you need any additional information from my side.
This is clearly a problem of your Spring Security configuration. Together with your individual Keycloak setup. So far it has nothing to do with the Keycloak Identity Provider Plugin.
Some hints from your stacktrace:
Caused by: java.lang.IllegalArgumentException: Unable to resolve Configuration with the provided Issuer of "http://localhost:9000/auth/realms/camunda"
at org.springframework.security.oauth2.client.registration.ClientRegistrations.getBuilder(ClientRegistrations.java:221) ~[spring-security-oauth2-client-5.4.5.jar:5.4.5]
...
Caused by: java.lang.RuntimeException: com.nimbusds.oauth2.sdk.ParseException: Unexpected type of JSON object member with key mtls_endpoint_aliases
at org.springframework.security.oauth2.client.registration.ClientRegistrations.parse(ClientRegistrations.java:232) ~[spring-security-oauth2-client-5.4.5.jar:5.4.5]
...
Caused by: com.nimbusds.oauth2.sdk.ParseException: Unexpected type of JSON object member with key mtls_endpoint_aliases
at com.nimbusds.oauth2.sdk.util.JSONObjectUtils.getGeneric(JSONObjectUtils.java:161) ~[oauth2-oidc-sdk-8.36.jar:8.36]
...
Caused by: com.nimbusds.oauth2.sdk.ParseException: Unexpected type: class java.util.LinkedHashMap
Spring Security is not able to parse information received from Keycloak. Especially the content of mtls_endpoint_aliases. This is what you should look for.
Is there any additional configuration I have to do on keycloak portal?
Any help into right direction will be appreciate ,as don’t have much exposure on SSO part.
You have to adjust the “Valid Redirect URIs” configuration of the corresponding client service in Keycloak.
For example if your root context is under http://localhost:8080/camunda then try to set the valid Redirect URIs to http://localhost:8080/camunda/* and afterwards go to http://localhost:8080/camunda, login with Keycloak and watch Camunda’s welcome page showing up. In real environments or other setups adjust accordingly.