JWT token is rejected by Red Hat SSO server with the exception org.keycloak.exceptions.TokenNotActiveException Token is not active
Issue
JWT tokens are being rejected by a Red Hat SSO server with a client-side exception similar to this:
2018-08-29 14:00:46,588 ERROR [org.keycloak.adapters.BearerTokenRequestAuthenticator] (default task-5) Failed to verify token: org.keycloak.exceptions.TokenNotActiveException: Token is not active
at org.keycloak.TokenVerifier$2.test(TokenVerifier.java:84)
at org.keycloak.TokenVerifier.verify(TokenVerifier.java:370)
at org.keycloak.RSATokenVerifier.verify(RSATokenVerifier.java:89)
at org.keycloak.adapters.rotation.AdapterRSATokenVerifier.verifyToken(AdapterRSATokenVerifier.java:56)
at org.keycloak.adapters.rotation.AdapterRSATokenVerifier.verifyToken(AdapterRSATokenVerifier.java:37)
at org.keycloak.adapters.BearerTokenRequestAuthenticator.authenticateToken(BearerTokenRequestAuthenticator.java:99)
at org.keycloak.adapters.BearerTokenRequestAuthenticator.authenticate(BearerTokenRequestAuthenticator.java:84)
at org.keycloak.adapters.RequestAuthenticator.authenticate(RequestAuthenticator.java:68)
at org.keycloak.adapters.elytron.ElytronRequestAuthenticator.authenticate(ElytronRequestAuthenticator.java:44)
...
Environment
- Red Hat Single Sign-On
- OpenID connect (OIDP) authentication
Subscriber exclusive content
A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.