You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I use Wordpress in K3S with Keycloak for auth. The openid connect plugin has worked for me before, but I switched to a new Keycloak realm and upgraded Keycloak and now, no matter what I try to get back to the old configuration, I receive "ERROR (invalid-token): Invalid token." from WP when trying to log in. Some observations:
I am almost certain that the openid connect settings on wordpress are OK (just with the new realm of course).
I get redirected to the Keycloak login and authentication seems to work, at least an active session appears in Keycloak.
I see no errors in the Keycloak log.
I have not checked the POST that WP uses to acquire the token (actually, I would not know where to look, it's not in the debug log of openId connect and not in the browser network log, which is probably normal).
I can get a token via Postman and posted it below - maybe there is something wrong with it and I don't see it.
Same behaviour in anonymous browser window.
I suspect something is wrong with my Keycloak TLS configuration. After all that is why I started changing things. I did have to "Disable SSL Verify" in openid connect to make it work in the first place, because there is a self-signed cert in may chain. However, I am back to the old configuration with "Disable SSL Verify" and still get "invalid token". When trying to get SSL enabled, I got a different curl error.
I use Wordpress in K3S with Keycloak for auth. The openid connect plugin has worked for me before, but I switched to a new Keycloak realm and upgraded Keycloak and now, no matter what I try to get back to the old configuration, I receive "ERROR (invalid-token): Invalid token." from WP when trying to log in. Some observations:
{ "alg": "RS256", "typ": "JWT", "kid": "nrk4PPJ3BIJfd3sDgvxbBl_eeFUwzPRLOVYTyEFbliM" }.{ "exp": 1721745035, "iat": 1721744735, "auth_time": 1721744731, "jti": "c7102ae3-6042-452f-8c23-582500807312", "iss": "https://keycloak.upsize.de/realms/K3S", "aud": "account", "sub": "173dbe22-87d6-47a2-a63c-d1b6a2319d9c", "typ": "Bearer", "azp": "upsize", "session_state": "c77c5f9b-f2d1-47c8-a5f3-1fbcd0cafa6a", "acr": "1", "allowed-origins": [ "https://upsize.de", "https://www.upsize.de" ], "realm_access": { "roles": [ "default-roles-k3s", "offline_access", "uma_authorization" ] }, "resource_access": { "account": { "roles": [ "manage-account", "manage-account-links", "view-profile" ] } }, "scope": "openid offline_access email profile", "sid": "c77c5f9b-f2d1-47c8-a5f3-1fbcd0cafa6a", "email_verified": true, "name": "Toni Tester", "preferred_username": "test", "given_name": "Toni", "family_name": "Tester", "email": "test@test.de" }.[Signature]The text was updated successfully, but these errors were encountered: