Issue
I am trying to set up a JHipster app using KeyCloak via docker-compose.yml
On start up am getting:
The Issuer "http://localhost:9080/auth/realms/jhipster" provided in the configuration metadata did not match the requested issuer "http://keycloak:9080/auth/realms/jhipster"
As I understand it http://keycloak:9080/auth/realms/jhipster is correct - but where and what is "the configuration metadata"?
Explanations like this one are not specific enough for me to understand.: Keycloak / SpringBoot - The Issuer <https://example.com> provided in the OpenID Configuration did not match the requested issuer <https://bar.com>
In following the docs https://www.jhipster.tech/security/ I have set up the following
DOCKER_COMPOSE.YML
myapp:
depends_on:
- 'keycloak'
image: ....
environment:
- _JAVA_OPTIONS=-Xmx512m -Xms256m
- SPRING_PROFILES_ACTIVE=prod,api-docs
- MANAGEMENT_METRICS_EXPORT_PROMETHEUS_ENABLED=true
- SPRING_DATASOURCE_URL=...
- SPRING_LIQUIBASE_URL=...
- JHIPSTER_SLEEP=30 # gives time for other services to boot before the application
- SPRING_SECURITY_OAUTH2_CLIENT_PROVIDER_OIDC_ISSUER_URI=http://keycloak:9080/auth/realms/jhipster
- SPRING_SECURITY_OAUTH2_CLIENT_REGISTRATION_OIDC_CLIENT_ID=web_app
- SPRING_SECURITY_OAUTH2_CLIENT_REGISTRATION_OIDC_CLIENT_SECRET=web_app
- SPRING_SECURITY_OAUTH2_CLIENT_REGISTRATION_OIDC_REDIRECT_URI=http://localhost:8081/login/oauth2/code/oidc
- SPRING_SECURITY_OAUTH2_CLIENT_PROVIDER_OIDC_CLIENT_ID=admin
- SPRING_SECURITY_OAUTH2_CLIENT_PROVIDER_OIDC_CLIENT_SECRET=admin
- POSTGRES_USER=...
- POSTGRES_PASSWORD=...
ports:
- 8081:8080
keycloak:
image: jboss/keycloak:15.0.2
command:
[
'-b',
'0.0.0.0',
'-Dkeycloak.migration.action=import',
'-Dkeycloak.migration.provider=dir',
'-Dkeycloak.migration.dir=/opt/jboss/keycloak/realm-config',
'-Dkeycloak.migration.strategy=IGNORE_EXISTING',
'-Djboss.socket.binding.port-offset=1000',
'-Dkeycloak.profile.feature.upload_scripts=enabled'
]
volumes:
- ./realm-config:/opt/jboss/keycloak/realm-config
- keycloak-data:/opt/jboss
environment:
- KEYCLOAK_USER=admin # "${KEYCLOAK_USER}"
- KEYCLOAK_PASSWORD=admin # "${KEYCLOAK_PASSWORD}"
- DB_VENDOR=h2
- KEYCLOAK_FRONTEND_URL=http://localhost:9080/auth
# If you want to do not expose these ports outside your dev PC,
# add "127.0.0.1:" prefix
ports:
- 9080:9080
- 9443:9443
- 10990:10990
DOCKER_COMPOSE .ENV has
KEYCLOAK_URL=http://keycloak/auth/realms/jhipster
which I have confirmed by changing is the value from the error message.
/ETC/HOSTS FILE
In the browser http://keycloak:9080/auth/realms/jhipster gives
{
"realm":"jhipster",
"public_key":".....",
"token-service":"http://localhost:9080/auth/realms/jhipster/protocol/openid-connect",
"account-service":"http://localhost:9080/auth/realms/jhipster/account",
"tokens-not-before":0}
which I think means the windows /etc/hosts file is correct.
POM
In case its relevant the POM follows. Its a reasonably old version of JHipster.
<?xml version="1.0" encoding="UTF-8"?>
<project xmlns="http://maven.apache.org/POM/4.0.0"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0
https://maven.apache.org/xsd/maven-4.0.0.xsd">
<modelVersion>4.0.0</modelVersion>
<groupId>...</groupId>
<artifactId>...</artifactId>
<version>0.0.1-SNAPSHOT</version>
<packaging>jar</packaging>
<name>...</name>
<description>...</description>
<repositories>
<!-- jhipster-needle-maven-repository -->
</repositories>
<pluginRepositories>
<!-- jhipster-needle-maven-plugin-repository -->
</pluginRepositories>
<!-- jhipster-needle-distribution-management -->
<properties>
<!-- Build properties -->
<maven.version>3.3.9</maven.version>
<java.version>11</java.version>
<node.version>v14.17.6</node.version>
<npm.version>7.24.2</npm.version>
<project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
<project.reporting.outputEncoding>UTF-8</project.reporting.outputEncoding>
<maven.build.timestamp.format>yyyyMMddHHmmss</maven.build.timestamp.format>
<maven.compiler.source>${java.version}</maven.compiler.source>
<maven.compiler.target>${java.version}</maven.compiler.target>
<start-class>....</start-class>
<argLine>-Djava.security.egd=file:/dev/./urandom -Xmx256m</argLine>
<m2e.apt.activation>jdt_apt</m2e.apt.activation>
<run.addResources>false</run.addResources>
<!-- These remain empty unless the corresponding profile is active -->
<profile.no-liquibase />
<profile.api-docs />
<profile.tls />
<!-- Dependency versions -->
<jhipster-dependencies.version>7.3.0</jhipster-dependencies.version>
<!-- The spring-boot version should match the one managed by
https://mvnrepository.com/artifact/tech.jhipster/jhipster-dependencies/${jhipster-dependencies.version} -->
<spring-boot.version>2.5.5</spring-boot.version>
<!-- The hibernate version should match the one managed by
https://mvnrepository.com/artifact/org.springframework.boot/spring-boot-dependencies/${spring-boot.version} -->
<hibernate.version>5.4.32.Final</hibernate.version>
<!-- The javassist version should match the one managed by
https://mvnrepository.com/artifact/org.hibernate/hibernate-core/${hibernate.version} -->
<javassist.version>3.27.0-GA</javassist.version>
<!-- The liquibase version should match the one managed by
https://mvnrepository.com/artifact/org.springframework.boot/spring-boot-dependencies/${spring-boot.version} -->
<liquibase.version>4.5.0</liquibase.version>
<liquibase-hibernate5.version>4.5.0</liquibase-hibernate5.version>
<validation-api.version>2.0.1.Final</validation-api.version>
<jaxb-runtime.version>2.3.3</jaxb-runtime.version>
<archunit-junit5.version>0.21.0</archunit-junit5.version>
<mapstruct.version>1.4.2.Final</mapstruct.version>
<!-- Plugin versions -->
<maven-clean-plugin.version>3.1.0</maven-clean-plugin.version>
<maven-site-plugin.version>3.9.1</maven-site-plugin.version>
<maven-compiler-plugin.version>3.8.1</maven-compiler-plugin.version>
<maven-javadoc-plugin.version>3.3.1</maven-javadoc-plugin.version>
<maven-eclipse-plugin.version>2.10</maven-eclipse-plugin.version>
<maven-enforcer-plugin.version>3.0.0</maven-enforcer-plugin.version>
<maven-failsafe-plugin.version>3.0.0-M5</maven-failsafe-plugin.version>
<maven-idea-plugin.version>2.2.1</maven-idea-plugin.version>
<maven-resources-plugin.version>3.2.0</maven-resources-plugin.version>
<maven-surefire-plugin.version>3.0.0-M5</maven-surefire-plugin.version>
<maven-war-plugin.version>3.3.1</maven-war-plugin.version>
<maven-checkstyle-plugin.version>3.1.2</maven-checkstyle-plugin.version>
<checkstyle.version>9.0</checkstyle.version>
<nohttp-checkstyle.version>0.0.9</nohttp-checkstyle.version>
<frontend-maven-plugin.version>1.12.0</frontend-maven-plugin.version>
<checksum-maven-plugin.version>1.11</checksum-maven-plugin.version>
<maven-antrun-plugin.version>3.0.0</maven-antrun-plugin.version>
<git-commit-id-plugin.version>5.0.0</git-commit-id-plugin.version>
<modernizer-maven-plugin.version>2.3.0</modernizer-maven-plugin.version>
<jacoco-maven-plugin.version>0.8.7</jacoco-maven-plugin.version>
<jib-maven-plugin.version>3.1.4</jib-maven-plugin.version>
<jib-maven-plugin.image>eclipse-temurin:11-jre-focal</jib-maven-plugin.image>
<jib-maven-plugin.architecture>amd64</jib-maven-plugin.architecture>
<lifecycle-mapping.version>1.0.0</lifecycle-mapping.version>
<properties-maven-plugin.version>1.0.0</properties-maven-plugin.version>
<sonar-maven-plugin.version>3.9.0.2155</sonar-maven-plugin.version>
<!-- jhipster-needle-maven-property -->
</properties>
<dependencies>
<dependency>
<groupId>tech.jhipster</groupId>
<artifactId>jhipster-framework</artifactId>
</dependency>
<dependency>
<groupId>javax.annotation</groupId>
<artifactId>javax.annotation-api</artifactId>
</dependency>
<dependency>
<groupId>com.fasterxml.jackson.module</groupId>
<artifactId>jackson-module-jaxb-annotations</artifactId>
</dependency>
<dependency>
<groupId>com.fasterxml.jackson.datatype</groupId>
<artifactId>jackson-datatype-hibernate5</artifactId>
</dependency>
<dependency>
<groupId>com.fasterxml.jackson.datatype</groupId>
<artifactId>jackson-datatype-hppc</artifactId>
</dependency>
<dependency>
<groupId>com.fasterxml.jackson.datatype</groupId>
<artifactId>jackson-datatype-jsr310</artifactId>
</dependency>
<dependency>
<groupId>com.h2database</groupId>
<artifactId>h2</artifactId>
<scope>test</scope>
</dependency>
<dependency>
<groupId>io.springfox</groupId>
<artifactId>springfox-oas</artifactId>
</dependency>
<dependency>
<groupId>io.springfox</groupId>
<artifactId>springfox-swagger2</artifactId>
</dependency>
<dependency>
<groupId>io.springfox</groupId>
<artifactId>springfox-bean-validators</artifactId>
</dependency>
<dependency>
<groupId>com.zaxxer</groupId>
<artifactId>HikariCP</artifactId>
</dependency>
<dependency>
<groupId>org.apache.commons</groupId>
<artifactId>commons-lang3</artifactId>
</dependency>
<dependency>
<groupId>org.testcontainers</groupId>
<artifactId>postgresql</artifactId>
<scope>test</scope>
</dependency>
<dependency>
<groupId>org.hibernate</groupId>
<artifactId>hibernate-jpamodelgen</artifactId>
<scope>provided</scope>
</dependency>
<dependency>
<groupId>org.hibernate</groupId>
<artifactId>hibernate-core</artifactId>
</dependency>
<dependency>
<groupId>org.hibernate.validator</groupId>
<artifactId>hibernate-validator</artifactId>
</dependency>
<dependency>
<groupId>org.liquibase</groupId>
<artifactId>liquibase-core</artifactId>
<!-- Inherited version from Spring Boot can't be used because of regressions -->
<version>${liquibase.version}</version>
</dependency>
<dependency>
<groupId>org.postgresql</groupId>
<artifactId>postgresql</artifactId>
</dependency>
<dependency>
<groupId>org.mapstruct</groupId>
<artifactId>mapstruct</artifactId>
<version>${mapstruct.version}</version>
</dependency>
<dependency>
<groupId>org.mapstruct</groupId>
<artifactId>mapstruct-processor</artifactId>
<version>${mapstruct.version}</version>
<scope>provided</scope>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-configuration-processor</artifactId>
<scope>provided</scope>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-loader-tools</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-actuator</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-data-jpa</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-logging</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-mail</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-thymeleaf</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-web</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-test</artifactId>
<scope>test</scope>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-test</artifactId>
<scope>test</scope>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-test</artifactId>
<scope>test</scope>
</dependency>
<dependency>
<groupId>com.tngtech.archunit</groupId>
<artifactId>archunit-junit5-api</artifactId>
<version>${archunit-junit5.version}</version>
<scope>test</scope>
</dependency>
<!-- Adding the engine dependency to the surefire-plugin unfortunately does not work in the current version. -->
<!-- https://www.archunit.org/userguide/html/000_Index.html#_junit_5 -->
<dependency>
<groupId>com.tngtech.archunit</groupId>
<artifactId>archunit-junit5-engine</artifactId>
<version>${archunit-junit5.version}</version>
<scope>test</scope>
</dependency>
<dependency>
<groupId>org.zalando</groupId>
<artifactId>problem-spring-web</artifactId>
</dependency>
<!-- Spring Security OAuth 2.0 -->
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-oauth2-client</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-oauth2-resource-server</artifactId>
</dependency>
<!-- Spring Cloud -->
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-data</artifactId>
</dependency>
<dependency>
<groupId>io.micrometer</groupId>
<artifactId>micrometer-registry-prometheus</artifactId>
</dependency>
<dependency>
<groupId>io.dropwizard.metrics</groupId>
<artifactId>metrics-core</artifactId>
</dependency>
<!-- Cucumber -->
<dependency>
<groupId>io.cucumber</groupId>
<artifactId>cucumber-junit</artifactId>
<scope>test</scope>
</dependency>
<dependency>
<groupId>io.cucumber</groupId>
<artifactId>cucumber-java</artifactId>
<scope>test</scope>
</dependency>
<dependency>
<groupId>io.cucumber</groupId>
<artifactId>cucumber-spring</artifactId>
<scope>test</scope>
</dependency>
<dependency>
<groupId>com.amazonaws</groupId>
<artifactId>aws-java-sdk-core</artifactId>
<version>1.11.792</version>
</dependency>
<dependency>
<groupId>com.amazonaws</groupId>
<artifactId>aws-java-sdk-s3</artifactId>
<version>1.11.792</version>
</dependency>
<!-- jhipster-needle-maven-add-dependency -->
</dependencies>
Solution
Your problem is
- KEYCLOAK_FRONTEND_URL=http://localhost:9080/auth
You're requesting things from http://keycloak:9080/auth but the answers from Keycloak reference http://localhost:9080/auth. Spring complains about that discrepancy.
Either set KEYCLOAK_FRONTEND_URL=http://keycloak:9080/auth or don't set KEYCLOAK_FRONTEND_URL at all (Keycloak then deduces the URL from the request).
Answered By - Jürgen Kreileder
Answer Checked By - Timothy Miller (JavaFixing Admin)
