Hello together,
I already want to thank you for your advices and hints.
Currently I am trying to fetch a token from the token endpoint of keycloak with a java app using pac4j and nimbus.
The app is configured with HS256 as preferred signature algorithm.
I configured keycloak with a client id and a secret and also entered both into the configuration of pac4j.
When I try to authenticate with keycloak I receive the following error message:
Signed JWT rejected: Another algorithm expected, or no matching key(s) found
The reason for that is, that the kid and the client secret (which is used by nimbus) do not match.
So there are basically 2 approaches which I have tried.
-
I tried to add a 2nd secret to pac4j which fits the kid defined in the realm keys for hmac-generated
-
I tried to change the kid which is sent by keycloak to the client secret.
Unfortunately I have not managed to force keycloak to use the client secret instead of the generated kid.
Is there are any chance or another approach how I can connect these two applications?
Again thank you very much and best regards,
Timo