I got Gatekeeper running, I share my realm-export file at the end. As you can see I’m first using a confidential client with client authenticator “Client id and Client Secret”. HS256.
I’m using the gatekeeper code from bitnami-docker-keycloak-gatekeeper.
With this setup the gatekeeper works fine.
The problem I have is that when I change the client authenticator to “Signed JWT with client secret”, gatekeeper fails and gives me this error when I try to login using POST /oauth/login
error unable to request the access token via grant_type 'password' {"client_ip": "172.29.0.1:50854", "error": "invalid_client: Parameter client_assertion_type is missing"}
The app I’m trying to connect is Jitsi, which (I think) needs their JWT tokens to be signed with client secret, not both, secret and id.
Maybe am I missing something on Gatekeeper’s functionality?
Environment:
Mac OS Catalina 10.15.4
Docker: Docker version 19.03.8, build afacb8b
Keycloak Server: jboss/keycloak 10.0.1
Keycloak Gatekeeper: https://github.com/bitnami/bitnami-docker-keycloak-gatekeeper
Keycloak Gatekeeper Configuration file:
{
"realm": "Scientia",
"auth-server-url": "http://localhost:8080/auth/",
"ssl-required": "external",
"resource": "jitsi",
"verify-token-audience": true,
"credentials": {
"secret-jwt": {
"secret": "6e99879f-2cce-49a4-83da-9daec7473ba9"
}
},
"use-resource-role-mappings": true,
"confidential-port": 0,
"policy-enforcer": {}
}
My realm export file: