JWT token is rejected by Red Hat SSO server with the exception org.keycloak.exceptions.TokenNotActiveException Token is not active

Solution Verified - Updated -

Issue

JWT tokens are being rejected by a Red Hat SSO server with a client-side exception similar to this:

2018-08-29 14:00:46,588 ERROR [org.keycloak.adapters.BearerTokenRequestAuthenticator] (default task-5) Failed to verify token: org.keycloak.exceptions.TokenNotActiveException: Token is not active
    at org.keycloak.TokenVerifier$2.test(TokenVerifier.java:84)
    at org.keycloak.TokenVerifier.verify(TokenVerifier.java:370)
    at org.keycloak.RSATokenVerifier.verify(RSATokenVerifier.java:89)
    at org.keycloak.adapters.rotation.AdapterRSATokenVerifier.verifyToken(AdapterRSATokenVerifier.java:56)
    at org.keycloak.adapters.rotation.AdapterRSATokenVerifier.verifyToken(AdapterRSATokenVerifier.java:37)
    at org.keycloak.adapters.BearerTokenRequestAuthenticator.authenticateToken(BearerTokenRequestAuthenticator.java:99)
    at org.keycloak.adapters.BearerTokenRequestAuthenticator.authenticate(BearerTokenRequestAuthenticator.java:84)
    at org.keycloak.adapters.RequestAuthenticator.authenticate(RequestAuthenticator.java:68)
    at org.keycloak.adapters.elytron.ElytronRequestAuthenticator.authenticate(ElytronRequestAuthenticator.java:44)
    ...

Environment

  • Red Hat Single Sign-On
  • OpenID connect (OIDP) authentication

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase of over 48,000 articles and solutions.

Current Customers and Partners

Log in for full access

Log In