org.jose4j.lang.UnresolvableKeyException

15 views
Skip to first unread message

Fred Hauschel

unread,
Aug 26, 2020, 9:27:20 AM8/26/20
to Trellis LDP
Hi,
in the trellis docker-compose i configure
MP_JWT_VERIFY_PUBLICKEY_LOCATION: https://sso.fairkom.net/auth/realms/osalliance-dev
But trellis seems to have problems with the url. Where do i find the documentation for the env variables? I didn't find a description of MP_JWT_VERIFY_PUBLICKEY_LOCATION.

Thanks Fredy

trellis_1  | 2020-08-26 13:18:27,609 DEBUG [io.sma.jwt.aut.pri.KeyLocationResolver] (vert.x-eventloop-thread-15) Checking if the key content is a Base64 encoded PEM certificate
trellis_1  | 2020-08-26 13:18:27,609 DEBUG [io.sma.jwt.aut.pri.KeyLocationResolver] (vert.x-eventloop-thread-15) The key content is not a valid encoded PEM certificate: java.lang.IllegalArgumentException: Illegal base64 character 7b
trellis_1  |     at java.base/java.util.Base64$Decoder.decode0(Unknown Source)
trellis_1  |     at java.base/java.util.Base64$Decoder.decode(Unknown Source)
trellis_1  |     at java.base/java.util.Base64$Decoder.decode(Unknown Source)
trellis_1  |     at io.smallrye.jwt.KeyUtils.decodeCertificate(KeyUtils.java:234)
trellis_1  |     at io.smallrye.jwt.auth.principal.KeyLocationResolver.tryAsPEMCertificate(KeyLocationResolver.java:332)
trellis_1  |     at io.smallrye.jwt.auth.principal.KeyLocationResolver.initializeKeyContent(KeyLocationResolver.java:237)
trellis_1  |     at io.smallrye.jwt.auth.principal.KeyLocationResolver.<init>(KeyLocationResolver.java:88)
trellis_1  |     at io.smallrye.jwt.auth.principal.DefaultJWTTokenParser.getKeyResolver(DefaultJWTTokenParser.java:292)
trellis_1  |     at io.smallrye.jwt.auth.principal.DefaultJWTTokenParser.parse(DefaultJWTTokenParser.java:79)
trellis_1  |     at io.smallrye.jwt.auth.principal.DefaultJWTCallerPrincipalFactory.parse(DefaultJWTCallerPrincipalFactory.java:31)
trellis_1  |     at io.smallrye.jwt.auth.principal.DefaultJWTParser.parse(DefaultJWTParser.java:43)
trellis_1  |     at io.smallrye.jwt.auth.principal.DefaultJWTParser_ClientProxy.parse(DefaultJWTParser_ClientProxy.zig:186)
trellis_1  |     at io.quarkus.smallrye.jwt.runtime.auth.MpJwtValidator$1.accept(MpJwtValidator.java:53)

Aaron Coburn

unread,
Aug 26, 2020, 9:30:56 AM8/26/20
to trell...@googlegroups.com
That error would be expected. The URL at that location is not in JWKS format. You should use this URL instead: https://sso.fairkom.net/auth/realms/osalliance-dev/protocol/openid-connect/certs

--
You received this message because you are subscribed to the Google Groups "Trellis LDP" group.
To unsubscribe from this group and stop receiving emails from it, send an email to trellis-ldp...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/trellis-ldp/b5995c1f-af58-43d3-90e7-954ffd6198dfn%40googlegroups.com.

Fred Hauschel

unread,
Aug 26, 2020, 9:37:28 AM8/26/20
to Trellis LDP
wow, that was fast !! i've to invite you to a lot of beers ;-) If you are in germany/munich, let me know ;-)
No it works, but the jwt is expired. there is a problem with the timezone ;-(

New problem, new chance!

thanks a lot.
Fredy
Reply all
Reply to author
Forward
0 new messages