Keyclock Pulsar Connection

[urdogan0000]

Hi everyone,I'm encountering issues with configuring Apache Pulsar to authenticate using Keycloak with OpenID Connect (OIDC).
The Docker container for Pulsar is running well, but I'm facing problems with authentication.
I have set up the following configuration for the Pulsar broker and the Spring Boot application, but I'm running into issues with authentication.Broker Configuration (broker.conf):# Specify the authentication provider
authenticationProviders=org.apache.pulsar.broker.authentication.oidc.AuthenticationProviderOpenID# Enable authentication
authenticationEnabled=true# Disable authorization (if not needed)
authorizationEnabled=false# OpenID Connect configuration
oidc.auth.provider.openid.issuerUrl=http://your-keycloak-server/realms/master
oidc.auth.provider.openid.clientCredentialsFile=file:///path/to/your/client-credentials.json
oidc.auth.provider.openid.audience=account# Allowed token issuers and audiences
openIDAllowedTokenIssuers=http://your-keycloak-server/realms/master
openIDAllowedAudiences=account# Optional settings
openIDRoleClaim=sub
openIDRequireIssuersUseHttps=false# Token validation settings
authenticationRefreshCheckSeconds=120
openIDAcceptedTimeLeewaySeconds=120
openIDKeyIdCacheMissRefreshSeconds=120Spring Boot Application Configuration:URL issuerUrl = new URL("http://your-keycloak-server/realms/master");
URL credentialsUrl = new URL("file:///path/to/your/client-credentials.json");
String audience = "account";System.out.println("PulsarClient initializing...");// Build Pulsar Client with OAuth2 Authentication
return PulsarClient.builder()
.serviceUrl("pulsar://your-pulsar-server:6650")
.authentication(AuthenticationFactoryOAuth2.clientCredentials(issuerUrl, credentialsUrl, audience))
.operationTimeout(30, TimeUnit.SECONDS)
.connectionTimeout(30, TimeUnit.SECONDS)
.build();Credentials JSON File (client-credentials.json):
{
"client_id": "client_id",
"client_secret": "client_secret",
"type": "client_credentials",
"grant_type": "client_credentials",
}Issues Encountered: Authentication Failures:
Errors indicating Failed to authenticate the client and Failed to get partitioned topic metadata. JWT Claims Missing:
Errors about missing nbf (not before) claim in the JWT. Configuration Problems:
Errors such as Required configuration parameter: privateKey and UnsupportedAuthenticationException.Questions: Missing Claims: Why might the JWT tokens issued by Keycloak be missing the nbf claim, and how can this be resolved?
Authentication Failures: What could be causing the Failed to authenticate the client errors, and how can I troubleshoot this?
Private Key Error: How can I resolve the Required configuration parameter: privateKey issue when using AuthenticationProviderOpenID?Any insights or suggestions would be greatly appreciated. Thank you! (edited)