[aerogear-dev] [UPS] issues with UPS 1.1 on OpenShift (manual deploy)

Sebastien Blanc scm.blanc at gmail.com
Thu Apr 2 09:06:43 EDT 2015 

Thx for the headup !
When did this upgrade happened ?
Shouldn't we have the problem also with UPS 1.0.x series on OpenShift ?

On Thu, Apr 2, 2015 at 2:55 PM, Bruno Oliveira <bruno at abstractj.org> wrote:

> Good morning guys, I'm investigating the problem since yesterday. The
> problem at first glance is related with the upgrade on OpenShift to Java 8.
>
> Java 8 sends TLSv1.2 ClientHello and Java 7 TLSv1 and if the server
> somehow does not support version 1.2, it should be able to negotiate down
> to 1.1 or 1.0.
>
> I'm still investigating the root cause, but the immediate fix is to run KC
> and UPS on JDK 1.7 only. Meanwhile I will be investigating the issue.
>
> On Tue, Mar 31, 2015 at 11:10 AM, Matthias Wessendorf <matzew at apache.org>
> wrote:
>
>> that is on a totally different KC version
>>
>> On Tue, Mar 31, 2015 at 4:03 PM, Sebastien Blanc <scm.blanc at gmail.com>
>> wrote:
>>
>>> Maybe,
>>> But it may also be that  I'm missing something stupid :) and I have to
>>> configure something extra since openshift is https and I always test
>>> locally ... But yeah for 1.0.x I did not have to do anything.
>>>
>>>
>>> On Tue, Mar 31, 2015 at 3:52 PM, Matthias Wessendorf <matzew at apache.org>
>>> wrote:
>>>
>>>> anything wrong w/ the keycloak adapter, or was there a fix for a 1.1.1?
>>>>
>>>> On Tue, Mar 31, 2015 at 3:50 PM, Sebastien Blanc <scm.blanc at gmail.com>
>>>> wrote:
>>>>
>>>>> Hi !
>>>>> I was trying (and so was Lukas) to deploy UPS 1.1 (master branch) to
>>>>> an openshift gear (Wildfly 8.2 cartridge). After tweaking a bit the
>>>>> datasources to get it deployed, when trying to access /ag-push , I'm get an
>>>>> 500 internal server error.
>>>>>
>>>>> The wildfly logs show me the following :
>>>>>
>>>>> 2015-03-31 09:40:47,240 ERROR [io.undertow.request] (default task-8) UT005023: Exception handling request to /ag-push/index.html: java.lang.RuntimeException: Unable to resolve realm public key remotely
>>>>>         at org.keycloak.adapters.AdapterDeploymentContext.resolveRealmKey(AdapterDeploymentContext.java:134) [keycloak-adapter-core-1.1.0.Final.jar:1.1.0.Final]
>>>>>         at org.keycloak.adapters.AdapterDeploymentContext.resolveDeployment(AdapterDeploymentContext.java:83) [keycloak-adapter-core-1.1.0.Final.jar:1.1.0.Final]
>>>>>         at org.keycloak.adapters.PreAuthActionsHandler.preflightCors(PreAuthActionsHandler.java:71) [keycloak-adapter-core-1.1.0.Final.jar:1.1.0.Final]
>>>>>         at org.keycloak.adapters.PreAuthActionsHandler.handleRequest(PreAuthActionsHandler.java:47) [keycloak-adapter-core-1.1.0.Final.jar:1.1.0.Final]
>>>>>         at org.keycloak.adapters.undertow.ServletPreAuthActionsHandler.handleRequest(ServletPreAuthActionsHandler.java:68) [keycloak-undertow-adapter-1.1.0.Final.jar:1.1.0.Final]
>>>>>         at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43) [undertow-core-1.1.0.Final.jar:1.1.0.Final]
>>>>>         at io.undertow.servlet.handlers.ServletInitialHandler.handleFirstRequest(ServletInitialHandler.java:261) [undertow-servlet-1.1.0.Final.jar:1.1.0.Final]
>>>>>         at io.undertow.servlet.handlers.ServletInitialHandler.dispatchRequest(ServletInitialHandler.java:247) [undertow-servlet-1.1.0.Final.jar:1.1.0.Final]
>>>>>         at io.undertow.servlet.handlers.ServletInitialHandler.access$000(ServletInitialHandler.java:76) [undertow-servlet-1.1.0.Final.jar:1.1.0.Final]
>>>>>         at io.undertow.servlet.handlers.ServletInitialHandler$1.handleRequest(ServletInitialHandler.java:166) [undertow-servlet-1.1.0.Final.jar:1.1.0.Final]
>>>>>         at io.undertow.server.Connectors.executeRootHandler(Connectors.java:197) [undertow-core-1.1.0.Final.jar:1.1.0.Final]
>>>>>         at io.undertow.server.HttpServerExchange$1.run(HttpServerExchange.java:759) [undertow-core-1.1.0.Final.jar:1.1.0.Final]
>>>>>         at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142) [rt.jar:1.8.0_31]
>>>>>         at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617) [rt.jar:1.8.0_31]
>>>>>         at java.lang.Thread.run(Thread.java:745) [rt.jar:1.8.0_31]
>>>>> Caused by: javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated
>>>>>         at sun.security.ssl.SSLSessionImpl.getPeerCertificates(SSLSessionImpl.java:431) [jsse.jar:1.8.0_31]
>>>>>         at org.apache.http.conn.ssl.AbstractVerifier.verify(AbstractVerifier.java:128) [httpclient-4.2.1.jar:4.2.1]
>>>>>         at org.apache.http.conn.ssl.SSLSocketFactory.connectSocket(SSLSocketFactory.java:572) [httpclient-4.2.1.jar:4.2.1]
>>>>>         at org.apache.http.impl.conn.DefaultClientConnectionOperator.openConnection(DefaultClientConnectionOperator.java:180) [httpclient-4.2.1.jar:4.2.1]
>>>>>
>>>>>
>>>>> So "peer not authenticated" seems pretty obvious for the reason it fails.
>>>>> The question is what do we need to do for this ? Anyone an idea ?
>>>>>
>>>>> Thx,
>>>>> Sebi
>>>>>
>>>>>
>>>>> _______________________________________________
>>>>> aerogear-dev mailing list
>>>>> aerogear-dev at lists.jboss.org
>>>>> https://lists.jboss.org/mailman/listinfo/aerogear-dev
>>>>>
>>>>
>>>>
>>>>
>>>> --
>>>> Matthias Wessendorf
>>>>
>>>> blog: http://matthiaswessendorf.wordpress.com/
>>>> sessions: http://www.slideshare.net/mwessendorf
>>>> twitter: http://twitter.com/mwessendorf
>>>>
>>>> _______________________________________________
>>>> aerogear-dev mailing list
>>>> aerogear-dev at lists.jboss.org
>>>> https://lists.jboss.org/mailman/listinfo/aerogear-dev
>>>>
>>>
>>>
>>> _______________________________________________
>>> aerogear-dev mailing list
>>> aerogear-dev at lists.jboss.org
>>> https://lists.jboss.org/mailman/listinfo/aerogear-dev
>>>
>>
>>
>>
>> --
>> Matthias Wessendorf
>>
>> blog: http://matthiaswessendorf.wordpress.com/
>> sessions: http://www.slideshare.net/mwessendorf
>> twitter: http://twitter.com/mwessendorf
>>
>> _______________________________________________
>> aerogear-dev mailing list
>> aerogear-dev at lists.jboss.org
>> https://lists.jboss.org/mailman/listinfo/aerogear-dev
>>
>
>
>
> --
>
> --
> "The measure of a man is what he does with power" - Plato
> -
> @abstractj
> -
> Volenti Nihil Difficile
>
> _______________________________________________
> aerogear-dev mailing list
> aerogear-dev at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/aerogear-dev
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/aerogear-dev/attachments/20150402/2bfb0e6c/attachment.html

More information about the aerogear-dev mailing list