tma
December 28, 2020, 5:45pm
1
I am having trouble authentication an asp.net MVC app (Framework 4.8).
DX10500: Signature validation failed. Unable to resolve SecurityKeyIdentifier: 'SecurityKeyIdentifierhttps://auth.justbytes.io/auth/realms/test",“aud”:“account”,“sub”:“343b94bb-f994-4561-ad3b-9b9eff7e3513”,“typ”:“Bearer”,“azp”:“testapp”,“session_state”:“d3b486f8-da68-4c56-9680-71b8c44a0d14”,“acr”:“0”,“allowed-origins”:["*"],“realm_access”:{“roles”:[“TestAppAccess”,“offline_access”,“sg_SamlApp”,“uma_authorization”]},“resource_access”:{“account”:{“roles”:[“manage-account”,“manage-account-links”,“view-profile”]}},“scope”:"openid profile email”,“email_verified”:false,“name”:“Thomas Hansen”,“preferred_username”:“gnu”,“given_name”:“Thomas”,“family_name”:“Hansen”,“email”:“gnu@tbma.dk”}’.
Any help?
Kind regards
Are you sure that HS512 signing algorithm (used in your token) is supported by your app/code?
I would go with more common RS256 algorithm in your case. You can configure that one in the Realm settings -> Tokens -> Default Signature Algorithm.
tma
December 28, 2020, 8:06pm
3
jangaraj:
RS25
Hello Jangaraj,
IDX10500: Signature validation failed. Unable to resolve SecurityKeyIdentifier: 'SecurityKeyIdentifierhttps://auth.justbytes.io/auth/realms/test2",“aud”:“https://auth.justbytes.io/auth/realms/test2”,“sub”:“ce8e8b4d-1edc-4aab-b0c1-5b6ab0b2b674”,“typ”:“Refresh”,“azp”:“apptest”,“session_state”:“8e2ba602-899e-409e-90f4-d83d34806cc4”,“scope”:"openid email profile”}’.
I am using version 12.0.1 in Docker
I guess your are configuring that for master realm, but your app is using test realm. Make sure you are configuring right realm.
tma
December 28, 2020, 9:05pm
5
Sorry - but it looks right…
tma
December 28, 2020, 9:36pm
6
tma:
IDX10500
I found this
opened 03:12PM - 08 Aug 19 UTC
Hi,
Thank you for creating this library. I just cloned the sample ASP.Net 5 p… roject and tried to ran the app with my own keycloak server settings. For the first time I received an exception related to the "audience" validation, since I dont need that I just disabled that using the property "DisableAudienceValidation". Now I am getting another exception related to SecurityKeyIdentifier.
Could you please let me know what is missing?
The exception is as below.
IDX10500: Signature validation failed. Unable to resolve SecurityKeyIdentifier: 'SecurityKeyIdentifier
(
IsReadOnly = False,
Count = 1,
Clause[0] = System.IdentityModel.Tokens.NamedKeySecurityKeyIdentifierClause
)
',
token: '{"alg":"HS256","typ":"JWT","kid":"4718be89-a61c-4007-b355-6c85319c9c9f"}.{"jti":"8635361e-7825-40d9-94a4-faae4b3fe264","exp":1565278106,"nbf":0,"iat":1565276306,"iss":"http://localhost:8080/auth/realms/master","aud":"http://localhost:8080/auth/realms/master","sub":"dd09c01c-be26-48b6-9942-efc0b1abc3b6","typ":"Refresh","azp":"sampleclient","auth_time":0,"session_state":"a59830f0-9fd2-4bf4-ae74-7dda461aab0f","realm_access":{"roles":["offline_access","uma_authorization"]},"resource_access":{"account":{"roles":["manage-account","manage-account-links","view-profile"]}},"scope":"openid email profile"}'.
That’s pretty bad if that is the case.
I would say no problem. Just select another OIDC certified library for your use case - https://openid.net/developers/certified/ . It really doesn’t need to have have “keycloak” in the name, because OIDC is not a Keycloak specific protocol.
tma
December 29, 2020, 2:29pm
8
We have a success - thanks you for your help in pointing me in the right direction Jangaraj
Hi tma,
It shall be great if you can share the startup.cs configuration code snippet for the same.
I am facing the similar issue.
IDX10500: Signature validation failed. Unable to resolve SecurityKeyIdentifier: 'SecurityKeyIdentifier
(
IsReadOnly = False,
Count = 1,
Clause[0] = System.IdentityModel.Tokens.NamedKeySecurityKeyIdentifierClause
)
',
token: '{"alg":"HS256","typ":"JWT","kid":"d4475260-88c4-4df9-82ca-b4f20000ec5a"}.{"exp":1645529349,"iat":1645527549,"jti":"716d29b1-0e51-42c7-ac1d-48b391a673fd","iss":"http://localhost:8080/realms/mirsal","aud":"http://localhost:8080/realms/mirsal","sub":"c0f5c079-f104-42ce-ad23-a6c727084c82","typ":"Refresh","azp":"booqchat","session_state":"efe6ddf1-2bee-48b0-884b-88e6ddd5978e","scope":"openid email profile","sid":"efe6ddf1-2bee-48b0-884b-88e6ddd5978e"}'.
kttary
March 16, 2022, 4:11pm
10
the same here… somebody has a solution pls?
I couldn’t find any help on the above, now I have achieved it using “OpenIdConnectAuthentication” in ASP.NET .
asaf
January 9, 2023, 11:48am
12
how did you resolve this?
