Question: which parameter of Keycloak API is dedicated to ‘Signature Algorithm’?
Which “Signature Algorithm” do you mean? In creating a Client, there are several. You can set them in the attributes hash of the Client object when updating/creating:
- Access Token Signature Algorithm
access.token.signed.response.alg - ID Token Encryption Key Management Algorithm
id.token.encrypted.response.alg - ID Token Signature Algorithm
id.token.signed.response.alg - ID Token Encryption Content Encryption Algorithm
id.token.encrypted.response.enc - Request Object Signature Algorithm
request.object.signature.alg - User Info Signed Response Algorithm
user.info.response.signature.alg
Your response is really appreciated. However none of those attributes works for me. My case:
Create new client with Client Authenticator ‘Signed Jwt’.
Authenticator and Certificate are setup correctly, but Signature Algorithm is empty. This is what I need to setup.
JSON Request:
{“name”: “Test Client 2”,“enabled”: true,“id”: “test_client_2”,“description”: “API Test 2”,“publicClient”: “false”,“protocol”: “openid-connect”,“rootUrl”: “http://localhost/8080/","adminUrl”: “http://localhost/8080/","authorizationServicesEnabled”: “false”, “attributes”:{“jwt.credential.certificate”: “QWdeR130Iyt167YnfR…”},“clientAuthenticatorType”: “client-jwt”}
Thank you.
A good way to figure out the representation to use is to go into the Admin UI, open your browser’s inspector to the network tab, and then do the action you want (e.g. create or update a client). The API request will appear in the list of network requests, and allow you to copy it (as curl, fetch, etc.).
Your advice is highly appreciated. I found it an it works!
Just FYI: the name of attribute is ‘token.endpoint.auth.signing.alg’
Thanks a lot…
Good to hear. And thank you for sharing the attribute you were looking for!
Again: thanks for your help.