[aerogear-dev] [UPS] issues with UPS 1.1 on OpenShift (manual deploy)
Bruno Oliveira
bruno at abstractj.org
Thu Apr 2 08:55:46 EDT 2015
Good morning guys, I'm investigating the problem since yesterday. The
problem at first glance is related with the upgrade on OpenShift to Java 8.
Java 8 sends TLSv1.2 ClientHello and Java 7 TLSv1 and if the server somehow
does not support version 1.2, it should be able to negotiate down to 1.1 or
1.0.
I'm still investigating the root cause, but the immediate fix is to run KC
and UPS on JDK 1.7 only. Meanwhile I will be investigating the issue.
On Tue, Mar 31, 2015 at 11:10 AM, Matthias Wessendorf <matzew at apache.org>
wrote:
> that is on a totally different KC version
>
> On Tue, Mar 31, 2015 at 4:03 PM, Sebastien Blanc <scm.blanc at gmail.com>
> wrote:
>
>> Maybe,
>> But it may also be that I'm missing something stupid :) and I have to
>> configure something extra since openshift is https and I always test
>> locally ... But yeah for 1.0.x I did not have to do anything.
>>
>>
>> On Tue, Mar 31, 2015 at 3:52 PM, Matthias Wessendorf <matzew at apache.org>
>> wrote:
>>
>>> anything wrong w/ the keycloak adapter, or was there a fix for a 1.1.1?
>>>
>>> On Tue, Mar 31, 2015 at 3:50 PM, Sebastien Blanc <scm.blanc at gmail.com>
>>> wrote:
>>>
>>>> Hi !
>>>> I was trying (and so was Lukas) to deploy UPS 1.1 (master branch) to an
>>>> openshift gear (Wildfly 8.2 cartridge). After tweaking a bit the
>>>> datasources to get it deployed, when trying to access /ag-push , I'm get an
>>>> 500 internal server error.
>>>>
>>>> The wildfly logs show me the following :
>>>>
>>>> 2015-03-31 09:40:47,240 ERROR [io.undertow.request] (default task-8) UT005023: Exception handling request to /ag-push/index.html: java.lang.RuntimeException: Unable to resolve realm public key remotely
>>>> at org.keycloak.adapters.AdapterDeploymentContext.resolveRealmKey(AdapterDeploymentContext.java:134) [keycloak-adapter-core-1.1.0.Final.jar:1.1.0.Final]
>>>> at org.keycloak.adapters.AdapterDeploymentContext.resolveDeployment(AdapterDeploymentContext.java:83) [keycloak-adapter-core-1.1.0.Final.jar:1.1.0.Final]
>>>> at org.keycloak.adapters.PreAuthActionsHandler.preflightCors(PreAuthActionsHandler.java:71) [keycloak-adapter-core-1.1.0.Final.jar:1.1.0.Final]
>>>> at org.keycloak.adapters.PreAuthActionsHandler.handleRequest(PreAuthActionsHandler.java:47) [keycloak-adapter-core-1.1.0.Final.jar:1.1.0.Final]
>>>> at org.keycloak.adapters.undertow.ServletPreAuthActionsHandler.handleRequest(ServletPreAuthActionsHandler.java:68) [keycloak-undertow-adapter-1.1.0.Final.jar:1.1.0.Final]
>>>> at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43) [undertow-core-1.1.0.Final.jar:1.1.0.Final]
>>>> at io.undertow.servlet.handlers.ServletInitialHandler.handleFirstRequest(ServletInitialHandler.java:261) [undertow-servlet-1.1.0.Final.jar:1.1.0.Final]
>>>> at io.undertow.servlet.handlers.ServletInitialHandler.dispatchRequest(ServletInitialHandler.java:247) [undertow-servlet-1.1.0.Final.jar:1.1.0.Final]
>>>> at io.undertow.servlet.handlers.ServletInitialHandler.access$000(ServletInitialHandler.java:76) [undertow-servlet-1.1.0.Final.jar:1.1.0.Final]
>>>> at io.undertow.servlet.handlers.ServletInitialHandler$1.handleRequest(ServletInitialHandler.java:166) [undertow-servlet-1.1.0.Final.jar:1.1.0.Final]
>>>> at io.undertow.server.Connectors.executeRootHandler(Connectors.java:197) [undertow-core-1.1.0.Final.jar:1.1.0.Final]
>>>> at io.undertow.server.HttpServerExchange$1.run(HttpServerExchange.java:759) [undertow-core-1.1.0.Final.jar:1.1.0.Final]
>>>> at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142) [rt.jar:1.8.0_31]
>>>> at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617) [rt.jar:1.8.0_31]
>>>> at java.lang.Thread.run(Thread.java:745) [rt.jar:1.8.0_31]
>>>> Caused by: javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated
>>>> at sun.security.ssl.SSLSessionImpl.getPeerCertificates(SSLSessionImpl.java:431) [jsse.jar:1.8.0_31]
>>>> at org.apache.http.conn.ssl.AbstractVerifier.verify(AbstractVerifier.java:128) [httpclient-4.2.1.jar:4.2.1]
>>>> at org.apache.http.conn.ssl.SSLSocketFactory.connectSocket(SSLSocketFactory.java:572) [httpclient-4.2.1.jar:4.2.1]
>>>> at org.apache.http.impl.conn.DefaultClientConnectionOperator.openConnection(DefaultClientConnectionOperator.java:180) [httpclient-4.2.1.jar:4.2.1]
>>>>
>>>>
>>>> So "peer not authenticated" seems pretty obvious for the reason it fails.
>>>> The question is what do we need to do for this ? Anyone an idea ?
>>>>
>>>> Thx,
>>>> Sebi
>>>>
>>>>
>>>> _______________________________________________
>>>> aerogear-dev mailing list
>>>> aerogear-dev at lists.jboss.org
>>>> https://lists.jboss.org/mailman/listinfo/aerogear-dev
>>>>
>>>
>>>
>>>
>>> --
>>> Matthias Wessendorf
>>>
>>> blog: http://matthiaswessendorf.wordpress.com/
>>> sessions: http://www.slideshare.net/mwessendorf
>>> twitter: http://twitter.com/mwessendorf
>>>
>>> _______________________________________________
>>> aerogear-dev mailing list
>>> aerogear-dev at lists.jboss.org
>>> https://lists.jboss.org/mailman/listinfo/aerogear-dev
>>>
>>
>>
>> _______________________________________________
>> aerogear-dev mailing list
>> aerogear-dev at lists.jboss.org
>> https://lists.jboss.org/mailman/listinfo/aerogear-dev
>>
>
>
>
> --
> Matthias Wessendorf
>
> blog: http://matthiaswessendorf.wordpress.com/
> sessions: http://www.slideshare.net/mwessendorf
> twitter: http://twitter.com/mwessendorf
>
> _______________________________________________
> aerogear-dev mailing list
> aerogear-dev at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/aerogear-dev
>
--
--
"The measure of a man is what he does with power" - Plato
-
@abstractj
-
Volenti Nihil Difficile
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/aerogear-dev/attachments/20150402/67357a67/attachment-0001.html
More information about the aerogear-dev
mailing list