8000 PAR Request fails when using Keycloak · Issue #443 · erlef/oidcc · GitHub
[go: up one dir, main page]
More Web Proxy on the site http://driver.im/
Skip to content
PAR Request fails when using Keycloak #443
Open
@dabaer

Description

@dabaer

oidcc version

3.5.1

Erlang version

27.3.3

Elixir version

1.18.3

Summary

Under certain circumstances, the PAR request to Keycloak will fail. This seems to be partially related to #391, or at least that issue pointed me in the right direction.

Keycloak 26.2.0 seems to include the fix to the linked issue (and is the version I run), so I'm not sure if this is a Keycloak issue or an oidcc issue, but I'm hoping the maintainers would have a better idea of which system the issue lies in.

Current behavior

Keycloak refuses the initial PAR request with an error:

Invalid request: java.lang.RuntimeException: Request object encrypted with different algorithm than client requested algorithm

How to reproduce

I've narrowed it down to a very specific setting in the Keycloak client configuration.

When the advanced setting "Request Object Encryption Algorithm" is not set (i.e. doesn't appear in the attributes list of an export) everything works fine.

If the setting is set to "Any", or any of the available options, the PAR request is rejected and oidcc returns the dreaded Redirect URI Generation Failed error.

In the client export from Keycloak, the related setting is request.object.encryption.alg in the attributes object. I found while fiddling with the client settings it would randomly start failing, and apparently some unrelated options being saved will cause this setting to be added to the list with a value of any, and causes the error described.

Expected behavior

There should be an agreement between the requested encryption algorithm, and the actual encryption algorithm used in the PAR request.

Metadata

Metadata

Assignees

Labels

Type

No type

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions

    0