gatekeeper: [Update to 2.9.1] ID token signed with an unsupported algorithm
[Update to 2.9.1] ID token signed with an unsupported algorithm
Summary
Hi @p53, after the update to 2.9.1, I’m facing an issue with the ID token and the proxy mentioned that the signature algorithm is not supported. I’m running Keycloak with default settings and I’ve already tried to adjust the client settings and signature algorithm on the Keycloak side to a listed algorithm (error message). After changing the algorithm the issue persists. The corresponding error occurs after the update from Gatekeeper version 2.9.0 to 2.9.1. Do you have changed something related to the signature algorithm?
Environment
- OS: Debian 10 Buster
- Kernel: Linux 4.19.0-24-amd64
- Go: 1.20
- Server: Keycloak 23.0.1 (behind an Apache2 reverse proxy)
- Gatekeeper: 2.9.1
Expected Results
The calls should work as expected and deliver the same result as with version 2.9.0 of the gatekeeper.
Actual Results
refresh token failed verification {"error": "invalid token signature\noidc: id token signed with unsupported algorithm, expected [\"PS384\" \"ES384\" \"RS384\" \"ES256\" \"RS256\" \"ES512\" \"PS256\" \"PS512\" \"RS512\"] got \"HS256\""}
About this issue
- Original URL
- State: closed
- Created 7 months ago
- Comments: 18
It’s working with 2.9.3-rc2, thank you.
@p53 I’ve tested 2.9.3-rc1 and can confirm that it works on my side as expected. Thank you.