I am using Keycloak 2.5.0.CR1 for identity and access management to secure Spring Cload microservices with OAUTH2 and JWT. This works fine with angular frontend and spring security in combination with keycloak-spring-security-adapter.
The problem is in combination with Netflix Zuul Reverse Proxy:
I want to use Netflix Zuul Reverse Proxy in one separated service to only send request from the frontend to this apigateway and then this one sends the request to corresponding microservice in the backend. Every microservice uses the token for authorization and handles security with keycloak on his one.
Following I have tried:
apigateway microservice:
@EnableEurekaClient
@EnableZuulProxy
@EnableOauth2Sso
@SpringBootApplication
public class ApigatewayApplication {
public static void main(String[] args) {
SpringApplication.run(ApigatewayApplication.class, args);
}
application.properties:
security.oauth2.client.access-token-uri:http://localhost:8080/auth/realms/myrealm/protocol/openid-connect/token
security.oauth2.client.userAuthorizationUri:http://localhost:8080/auth/realms/myrealm/protocol/openid-connect/auth
security.oauth2.client.clientId:tutorial-frontend
security.oauth2.client.clientSecret:
security.oauth2.resource.user-info-uri=http://authrealms/myrealm/protocol/openid-connect/userinfo
zuul.sensitive-headers=Cookie,Set-Cookie
one of the securing microservice:
@EnableResourceServer
@EnableDiscoveryClient
@SpringBootApplication
public class BusinessApplication {
public static void main(String[] args) {
SpringApplication.run(BusinessApplication.class, args);
}
}
It seems Netflix Zuul doesn't send the token to the backend mircoservice and tries to call all the time http://localhost:8080/login.
Response is 500 with "Invalid parameter: redirect_uri"
Am I missing something?
I have searched the whole internet an could not find a solution. Hope for help.
"Invalid parameter: redirect_uri"
Suggests that your client is incorrectly configured in Keycloak