[BUG]: Failed to bootstrap SSO providers: 'jwks_uri' is an invalid keyword argument for SSOProvider #3010
Description
🐞 Bug Summary
Briefly describe the issue or unexpected behavior.
When trying to plug the OIDC with keycloack enable i have an error on the log about the JWKS_URI in my .well-known/openid-configuration which is basically standard :
"issuer": "https://MYKEYCLOAK/realms/exp-realm",
"authorization_endpoint": "https://MYKEYCLOAK/realms/exp-realm/protocol/openid-connect/auth",
"token_endpoint": "https://MYKEYCLOAK/realms/exp-realm/protocol/openid-connect/token",
"introspection_endpoint": "https://MYKEYCLOAK/realms/exp-realm/protocol/openid-connect/token/introspect",
"userinfo_endpoint": "https://MYKEYCLOAK/realms/exp-realm/protocol/openid-connect/userinfo",
"end_session_endpoint": "https://MYKEYCLOAK/realms/exp-realm/protocol/openid-connect/logout",
"frontchannel_logout_session_supported": true,
"frontchannel_logout_supported": true,
"jwks_uri": "https://MYKEYCLOAK/realms/exp-realm/protocol/openid-connect/certs",
❌ Failed to bootstrap SSO providers: 'jwks_uri' is an invalid keyword argument for SSOProvider
I think then the GW can not validate incoming token generated directly on Keycloak
The SSO provider is not created (Call by API GET /auth/sso/admin/providers)
🧩 Affected Component
Select the area of the project impacted:
-
mcpgateway- API -
mcpgateway- UI (admin panel) -
mcpgateway.wrapper- stdio wrapper - Federation or Transports
- CLI, Makefiles, or shell scripts
- Container setup (Docker/Podman/Compose)
- Other (explain below)
🔁 Steps to Reproduce
- ... Configure KEYCLOACK as mentionned in https://ibm.github.io/mcp-context-forge/manage/sso-keycloak-tutorial/
- ... launch the GW
- ... error : ❌ Failed to bootstrap SSO providers: 'jwks_uri' is an invalid keyword argument for SSOProvider
🤔 Expected Behavior
What should have happened instead?
The Provider should be created and no error displayed
📓 Logs / Error Output
Paste any relevant stack traces or logs here.
⚠️ Do not paste secrets, credentials, or tokens.
{"asctime": "2026-02-17T17:29:21", "name": "httpx", "levelname": "INFO", "message": "HTTP Request: GET https://MYKEYCLOAK/realms/mcp-gateway/.well-known/openid-configuration "HTTP/1.1 200 OK"", "@timestamp": "2026-02-17T17:29:21.855396Z", "hostname": "f5ed41fb5cd3", "process_id": 1}
{"asctime": "2026-02-17T17:29:21", "name": "httpcore.http11", "levelname": "DEBUG", "message": "receive_response_body.started request=<Request [b'GET']>", "@timestamp": "2026-02-17T17:29:21.855481Z", "hostname": "f5ed41fb5cd3", "process_id": 1}
{"asctime": "2026-02-17T17:29:21", "name": "httpcore.http11", "levelname": "DEBUG", "message": "receive_response_body.complete", "@timestamp": "2026-02-17T17:29:21.855536Z", "hostname": "f5ed41fb5cd3", "process_id": 1}
{"asctime": "2026-02-17T17:29:21", "name": "httpcore.http11", "levelname": "DEBUG", "message": "response_closed.started", "@timestamp": "2026-02-17T17:29:21.855578Z", "hostname": "f5ed41fb5cd3", "process_id": 1}
{"asctime": "2026-02-17T17:29:21", "name": "httpcore.http11", "levelname": "DEBUG", "message": "response_closed.complete", "@timestamp": "2026-02-17T17:29:21.855604Z", "hostname": "f5ed41fb5cd3", "process_id": 1}
{"asctime": "2026-02-17T17:29:21", "name": "mcpgateway.utils.keycloak_discovery", "levelname": "INFO", "message": "Successfully discovered Keycloak endpoints for realm 'mcp-gateway'", "@timestamp": "2026-02-17T17:29:21.855685Z", "hostname": "f5ed41fb5cd3", "process_id": 1}
{"asctime": "2026-02-17T17:29:21", "name": "httpcore.connection", "levelname": "DEBUG", "message": "close.started", "@timestamp": "2026-02-17T17:29:21.855712Z", "hostname": "f5ed41fb5cd3", "process_id": 1}
{"asctime": "2026-02-17T17:29:21", "name": "httpcore.connection", "levelname": "DEBUG", "message": "close.complete", "@timestamp": "2026-02-17T17:29:21.855773Z", "hostname": "f5ed41fb5cd3", "process_id": 1}
{"asctime": "2026-02-17T17:29:21", "name": "mcpgateway.services.argon2_service", "levelname": "INFO", "message": "Initialized Argon2PasswordService with time_cost=3, memory_cost=65536, parallelism=1", "@timestamp": "2026-02-17T17:29:21.855929Z", "hostname": "f5ed41fb5cd3", "process_id": 1}
{"asctime": "2026-02-17T17:29:21", "name": "mcpgateway.cache.session_registry", "levelname": "INFO", "message": "Starting database cleanup task", "@timestamp": "2026-02-17T17:29:21.858297Z", "hostname": "f5ed41fb5cd3", "process_id": 1}
{"asctime": "2026-02-17T17:29:21", "name": "mcpgateway.services.metrics_buffer_service", "levelname": "INFO", "message": "Metrics flush loop started (interval=60s)", "@timestamp": "2026-02-17T17:29:21.859855Z", "hostname": "f5ed41fb5cd3", "process_id": 1}
{"asctime": "2026-02-17T17:29:21", "name": "mcpgateway.services.metrics_cleanup_service", "levelname": "INFO", "message": "Metrics cleanup loop started (interval=1h)", "@timestamp": "2026-02-17T17:29:21.859928Z", "hostname": "f5ed41fb5cd3", "process_id": 1}
{"asctime": "2026-02-17T17:29:21", "name": "mcpgateway.services.metrics_rollup_service", "levelname": "INFO", "message": "Metrics rollup loop started (interval=1h)", "@timestamp": "2026-02-17T17:29:21.859974Z", "hostname": "f5ed41fb5cd3", "process_id": 1}
{"asctime": "2026-02-17T17:29:21", "name": "mcpgateway.services.metrics_rollup_service", "levelname": "WARNING", "message": "Error detecting backfill hours: can't subtract offset-naive and offset-aware datetimes, using default 24", "@timestamp": "2026-02-17T17:29:21.861604Z", "hostname": "f5ed41fb5cd3", "process_id": 1}
❌ Failed to bootstrap SSO providers: 'jwks_uri' is an invalid keyword argument for SSOProvider
🧠 Environment Info
You can retrieve most of this from the /version endpoint.
python | 3.12.12
version | 1.0.0-RC-1
RUNNING ON DOCKER with latest version but the bug is also available in previous version
🧩 Additional Context (optional)
Add any configuration details, flags, or related issues.