Skip to content

OID4VCI setup does not work for keycloak-26.3.4 nor nightly #144

New issue
New issue
Open
Open
OID4VCI setup does not work for keycloak-26.3.4 nor nightly#144
@tdiesler

Description

@tdiesler
tdiesler
opened on Sep 15, 2025

How to reproduce

KC_VERSION="26.3.4"

./0.start-kc-oid4vci.sh
./1.oid4vci_test_deployment.sh

Creating OID4VCI credential client scopes...
Created new client-scope with id '2a9cb702-eff4-416d-937f-6a51a44e2997'
Created new client-scope with id '593c8f0e-7b71-44b4-831d-8cef42f4ca99'
Configuring OPENID4VCI-REST-API client...
Creating OPENID4VC-REST-API client...
{
  "id" : "8f136d3b-75f4-4b60-8405-84c6189f01e2",
  "clientId" : "openid4vc-rest-api",
  "name" : "",
  "description" : "",
  "rootUrl" : "",
  "adminUrl" : "",
  "baseUrl" : "",
  "surrogateAuthRequired" : false,
  "enabled" : true,
  "alwaysDisplayInConsole" : false,
  "clientAuthenticatorType" : "client-secret",
  "secret" : "uArydomqOymeF0tBrtipkPYujNNUuDlt",
  "redirectUris" : [ "https://localhost:8443/callback", "https://issuer.eudi-adorsys.com/services/*", "http://back.localhost.com/*" ],
  "webOrigins" : [ "https://issuer.eudi-adorsys.com/services", "https://localhost:8443" ],
  "notBefore" : 0,
  "bearerOnly" : false,
  "consentRequired" : false,
  "standardFlowEnabled" : true,
  "implicitFlowEnabled" : false,
  "directAccessGrantsEnabled" : true,
  "serviceAccountsEnabled" : false,
  "publicClient" : false,
  "frontchannelLogout" : false,
  "protocol" : "openid-connect",
  "attributes" : {
    "oid4vci.enabled" : "true",
    "client.secret.creation.time" : "1719785014",
    "client.introspection.response.allow.jwt.claim.enabled" : "false",
    "login_theme" : "keycloak",
    "post.logout.redirect.uris" : "http://front.localhost.com##https://issuer.eudi-adorsys.com/*##https://issuer.eudi-adorsys.com",
    "oauth2.device.authorization.grant.enabled" : "false",
    "use.jwks.url" : "false",
    "backchannel.logout.revoke.offline.tokens" : "false",
    "use.refresh.tokens" : "true",
    "realm_client" : "false",
    "oidc.ciba.grant.enabled" : "false",
    "client.use.lightweight.access.token.enabled" : "false",
    "backchannel.logout.session.required" : "true",
    "client_credentials.use_refresh_token" : "false",
    "acr.loa.map" : "{}",
    "require.pushed.authorization.requests" : "false",
    "tls.client.certificate.bound.access.tokens" : "false",
    "display.on.consent.screen" : "false",
    "token.response.type.bearer.lower-case" : "false"
  },
  "authenticationFlowBindingOverrides" : { },
  "fullScopeAllowed" : true,
  "nodeReRegistrationTimeout" : -1,
  "defaultClientScopes" : [ "web-origins", "acr", "roles", "profile", "basic", "email" ],
  "optionalClientScopes" : [ "address", "phone", "offline_access", "microprofile-jwt" ],
  "access" : {
    "view" : true,
    "configure" : true,
    "manage" : true
  }
}
Updating realm attributes for preAuthorizedCodeLifespanS...
Server started but error occurred. 'SteuerberaterCredential' not found in OID4VCI configuration.

Indeed, there are now credential configurations available

https://localhost:8443/realms/oid4vc-vci/.well-known/openid-credential-issuer

{
  "credential_issuer": "https://localhost:8443/realms/oid4vc-vci",
  "credential_endpoint": "https://localhost:8443/realms/oid4vc-vci/protocol/oid4vc/credential",
  "nonce_endpoint": "https://localhost:8443/realms/oid4vc-vci/protocol/oid4vc/nonce",
  "authorization_servers": [
    "https://localhost:8443/realms/oid4vc-vci"
  ],
  "credential_configurations_supported": {

  }
}

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions