JWT token is rejected by Red Hat SSO server with the exception org.keycloak.exceptions.TokenNotActiveException Token is not active

Solution Verified - Updated -

Issue

JWT tokens are being rejected by a Red Hat SSO server with a client-side exception similar to this:

2018-08-29 14:00:46,588 ERROR [org.keycloak.adapters.BearerTokenRequestAuthenticator] (default task-5) Failed to verify token: org.keycloak.exceptions.TokenNotActiveException: Token is not active
    at org.keycloak.TokenVerifier$2.test(TokenVerifier.java:84)
    at org.keycloak.TokenVerifier.verify(TokenVerifier.java:370)
    at org.keycloak.RSATokenVerifier.verify(RSATokenVerifier.java:89)
    at org.keycloak.adapters.rotation.AdapterRSATokenVerifier.verifyToken(AdapterRSATokenVerifier.java:56)
    at org.keycloak.adapters.rotation.AdapterRSATokenVerifier.verifyToken(AdapterRSATokenVerifier.java:37)
    at org.keycloak.adapters.BearerTokenRequestAuthenticator.authenticateToken(BearerTokenRequestAuthenticator.java:99)
    at org.keycloak.adapters.BearerTokenRequestAuthenticator.authenticate(BearerTokenRequestAuthenticator.java:84)
    at org.keycloak.adapters.RequestAuthenticator.authenticate(RequestAuthenticator.java:68)
    at org.keycloak.adapters.elytron.ElytronRequestAuthenticator.authenticate(ElytronRequestAuthenticator.java:44)
    ...

Environment

  • Red Hat Single Sign-On
  • OpenID connect (OIDP) authentication

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Using a Red Hat product through a public cloud?

How to access this content