We Keep Coding

org.keycloak.common.VerificationException: SigAlg was null with SkySpark

I'm trying to set up SAML integration between Skyspark as service provider and keycloak as Identity Provider. I have done below,
Copy Skyspark SAML metadata xml and created a client in keyclaok with the xml file
Get the metdata URL from keycloak and added into the Skyspark SAML SSO
When I access skyspark it redirects to keycloak login page and showing an error Invalid requester. The backend has below errors,
ERROR [org.keycloak.protocol.saml.SamlService] (default task-4) request validation failed: org.keycloak.common.VerificationException: SigAlg was null
I tried with disabling Client Signature Required, It shows me the login page, But after successful authentication skyspark shows up SAML Authentication Failed. I see there is SAML response in the browser network tab.
Is there any signature validation issue at both ends? Should I do any other config apart from above ?

Using kong-jwt2header plugin to get the claims in upstream

I have installed the kong-jwt2header plugin in the Kong with configuration config.token_required=true.
I also have configured the Identity service in kong which is used to generate the JWT token. As we set the config.token_required=true in kong-jwt2header plugin throws an error {"error": "No valid JWT token found"} while requesting a JWT token from the Identity service.
Now I have two options
Set the config.token_required=false Or
Keep the Identity service outside the Kong gateway.
So that JWT token is not required while requesting a token from an identity service.
Which is the best way from the above two? Or are there any better ways we can send the claims upstream?

Keycloak Provider login results in request-compose timeout error

Setup:
We have a HTTPS strapi application and keycloak is configured as an identity provider with the corresponding client id and secret from the keycloak client. Both strapi and keycloak are behind nginx.
We have a keycloak server, where the strapi is added as a client with the necessary redirect URIs configured.
Also, the provider.js and bootstrap.js is setup as suggested in the reference:
Strapi Documentation,
Issue:
Strapi throws an error when trying to access the client:
{"statusCode":400,"error":"Bad Request","message":{"message":"No access_token."},"data":{"message":"No access_token."}}
https://our.website.domain/strapi/auth/keycloak/callback?error=request-compose%3A%20timeout
In the logs, we see that the access token is not received and hence the error is thrown from strapi end. example provider.js line
Verification:
Strapi is able to use other social identity providers like GitHub to authenticate as expected.
We are able to use Postman to get the access token from keycloak by posting to https://our.website.domain/auth/realms/exampleRealmName/protocol/openid-connect/token as suggested in this comment (step1).
We are able to use the access token to get response from Strapi through Postman. https://our.website.domain/connect/IDP-Name/callback as suggested here (step 2)
Any inputs or advise on what could be the issue?
Thank you in advance.

Passing Bearer token from kong to keycloak to be authenticated and then procceds to api call

I have set up keycloak-oidc on kong, and I have a protected API behind kong. I am able to call keycloak through kong because I added a filter /auth/*. Below is my oidc configuration for keycloak.
I configured my REALM and CLIENT_ID on keycloak as follows:
When I call the protected API with Bearer token acquired from keycloak, I am unable to reach the protcted API as Keycloak returns
{ "error": "invalid_request", "error_description": "Missing parameter: username" }
I have turned off the Standard Flow, yet I am unable to get authenticated by keyclaok and be passed on to the protected API.
Please what am I doing wrong?

First of all, I had to upgrade my kong-oidc from kong-oidc 1.0.1 to kong-oidc 1.1.0, then I simply just updated my introspection endpoint in the oidc plugin configuration as shown below, in the images I shared in the question above, the introspection endpoint field was not present and hence could not be set until after the upgrade

How to get rid of this error fetched while authenticating with JWT token at WSO2 IS?

I am trying to enable JWT authentication for my backend java microservice which is deployed locally and all the requests to the microservice is gated through WSO2 apim 2.6 .The JWT token provider is used as WSO2 IS 5.6 .
I have placed all required configurations both at WSO2 IS and WSO2 apim on my machine.Since both are on same machine I have configured an offset of 1 too.
I created a fresh user in apim store and used it to create application and subscribe api for the same user.The Token type configured is JWT .I used Postman as client for fetching the access token and the access token gets fetched as expected.Thereafter when I use the same token to access the required resource through api gateway it gives me back "Unclassified Authentication Failure" with code as "0" and description as "Access failure for API: /notification/1.0, version: 1.0 status: (0) - Unclassified Authentication Failure"
<ams:fault xmlns:ams="http://wso2.org/apimanager/security">
<ams:code>0</ams:code>
<ams:message>Unclassified Authentication Failure</ams:message>
<ams:description>Access failure for API: /notification/1.0, version: 1.0 status: (0) - Unclassified Authentication Failure</ams:description>
</ams:fault>
I am expecting the resource to get created as it is a post request via WSO2 apim to backend service.Please share any available insights on this

The token type JWT can only be used with api manager micro-gateways. You create OAuth application and try using the JWT grant type for it. You can find more information about the JWT grant type in
https://docs.wso2.com/display/AM260/JWT+Grant#JWTGrant-JWTBearerGrant