[aerogear-dev] [UPS] issues with UPS 1.1 on OpenShift (manual deploy)

Bruno Oliveira bruno at abstractj.org
Thu Apr 2 10:23:49 EDT 2015 

I would like to do a little fix in my e-mail, to avoid any misunderstanding.

WildFly cartridge targets OpenJDK 1.8, not the whole OpenShift. I realized
my poor explanation, after I got some questions.

Sorry about that.

On Thu, Apr 2, 2015 at 10:06 AM, Sebastien Blanc <scm.blanc at gmail.com>
wrote:

> Thx for the headup !
> When did this upgrade happened ?
> Shouldn't we have the problem also with UPS 1.0.x series on OpenShift ?
>
> On Thu, Apr 2, 2015 at 2:55 PM, Bruno Oliveira <bruno at abstractj.org>
> wrote:
>
>> Good morning guys, I'm investigating the problem since yesterday. The
>> problem at first glance is related with the upgrade on OpenShift to Java 8.
>>
>> Java 8 sends TLSv1.2 ClientHello and Java 7 TLSv1 and if the server
>> somehow does not support version 1.2, it should be able to negotiate down
>> to 1.1 or 1.0.
>>
>> I'm still investigating the root cause, but the immediate fix is to run
>> KC and UPS on JDK 1.7 only. Meanwhile I will be investigating the issue.
>>
>> On Tue, Mar 31, 2015 at 11:10 AM, Matthias Wessendorf <matzew at apache.org>
>> wrote:
>>
>>> that is on a totally different KC version
>>>
>>> On Tue, Mar 31, 2015 at 4:03 PM, Sebastien Blanc <scm.blanc at gmail.com>
>>> wrote:
>>>
>>>> Maybe,
>>>> But it may also be that  I'm missing something stupid :) and I have to
>>>> configure something extra since openshift is https and I always test
>>>> locally ... But yeah for 1.0.x I did not have to do anything.
>>>>
>>>>
>>>> On Tue, Mar 31, 2015 at 3:52 PM, Matthias Wessendorf <matzew at apache.org
>>>> > wrote:
>>>>
>>>>> anything wrong w/ the keycloak adapter, or was there a fix for a
>>>>> 1.1.1?
>>>>>
>>>>> On Tue, Mar 31, 2015 at 3:50 PM, Sebastien Blanc <scm.blanc at gmail.com>
>>>>> wrote:
>>>>>
>>>>>> Hi !
>>>>>> I was trying (and so was Lukas) to deploy UPS 1.1 (master branch) to
>>>>>> an openshift gear (Wildfly 8.2 cartridge). After tweaking a bit the
>>>>>> datasources to get it deployed, when trying to access /ag-push , I'm get an
>>>>>> 500 internal server error.
>>>>>>
>>>>>> The wildfly logs show me the following :
>>>>>>
>>>>>> 2015-03-31 09:40:47,240 ERROR [io.undertow.request] (default task-8) UT005023: Exception handling request to /ag-push/index.html: java.lang.RuntimeException: Unable to resolve realm public key remotely
>>>>>>         at org.keycloak.adapters.AdapterDeploymentContext.resolveRealmKey(AdapterDeploymentContext.java:134) [keycloak-adapter-core-1.1.0.Final.jar:1.1.0.Final]
>>>>>>         at org.keycloak.adapters.AdapterDeploymentContext.resolveDeployment(AdapterDeploymentContext.java:83) [keycloak-adapter-core-1.1.0.Final.jar:1.1.0.Final]
>>>>>>         at org.keycloak.adapters.PreAuthActionsHandler.preflightCors(PreAuthActionsHandler.java:71) [keycloak-adapter-core-1.1.0.Final.jar:1.1.0.Final]
>>>>>>         at org.keycloak.adapters.PreAuthActionsHandler.handleRequest(PreAuthActionsHandler.java:47) [keycloak-adapter-core-1.1.0.Final.jar:1.1.0.Final]
>>>>>>         at org.keycloak.adapters.undertow.ServletPreAuthActionsHandler.handleRequest(ServletPreAuthActionsHandler.java:68) [keycloak-undertow-adapter-1.1.0.Final.jar:1.1.0.Final]
>>>>>>         at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43) [undertow-core-1.1.0.Final.jar:1.1.0.Final]
>>>>>>         at io.undertow.servlet.handlers.ServletInitialHandler.handleFirstRequest(ServletInitialHandler.java:261) [undertow-servlet-1.1.0.Final.jar:1.1.0.Final]
>>>>>>         at io.undertow.servlet.handlers.ServletInitialHandler.dispatchRequest(ServletInitialHandler.java:247) [undertow-servlet-1.1.0.Final.jar:1.1.0.Final]
>>>>>>         at io.undertow.servlet.handlers.ServletInitialHandler.access$000(ServletInitialHandler.java:76) [undertow-servlet-1.1.0.Final.jar:1.1.0.Final]
>>>>>>         at io.undertow.servlet.handlers.ServletInitialHandler$1.handleRequest(ServletInitialHandler.java:166) [undertow-servlet-1.1.0.Final.jar:1.1.0.Final]
>>>>>>         at io.undertow.server.Connectors.executeRootHandler(Connectors.java:197) [undertow-core-1.1.0.Final.jar:1.1.0.Final]
>>>>>>         at io.undertow.server.HttpServerExchange$1.run(HttpServerExchange.java:759) [undertow-core-1.1.0.Final.jar:1.1.0.Final]
>>>>>>         at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142) [rt.jar:1.8.0_31]
>>>>>>         at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617) [rt.jar:1.8.0_31]
>>>>>>         at java.lang.Thread.run(Thread.java:745) [rt.jar:1.8.0_31]
>>>>>> Caused by: javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated
>>>>>>         at sun.security.ssl.SSLSessionImpl.getPeerCertificates(SSLSessionImpl.java:431) [jsse.jar:1.8.0_31]
>>>>>>         at org.apache.http.conn.ssl.AbstractVerifier.verify(AbstractVerifier.java:128) [httpclient-4.2.1.jar:4.2.1]
>>>>>>         at org.apache.http.conn.ssl.SSLSocketFactory.connectSocket(SSLSocketFactory.java:572) [httpclient-4.2.1.jar:4.2.1]
>>>>>>         at org.apache.http.impl.conn.DefaultClientConnectionOperator.openConnection(DefaultClientConnectionOperator.java:180) [httpclient-4.2.1.jar:4.2.1]
>>>>>>
>>>>>>
>>>>>> So "peer not authenticated" seems pretty obvious for the reason it fails.
>>>>>> The question is what do we need to do for this ? Anyone an idea ?
>>>>>>
>>>>>> Thx,
>>>>>> Sebi
>>>>>>
>>>>>>
>>>>>> _______________________________________________
>>>>>> aerogear-dev mailing list
>>>>>> aerogear-dev at lists.jboss.org
>>>>>> https://lists.jboss.org/mailman/listinfo/aerogear-dev
>>>>>>
>>>>>
>>>>>
>>>>>
>>>>> --
>>>>> Matthias Wessendorf
>>>>>
>>>>> blog: http://matthiaswessendorf.wordpress.com/
>>>>> sessions: http://www.slideshare.net/mwessendorf
>>>>> twitter: http://twitter.com/mwessendorf
>>>>>
>>>>> _______________________________________________
>>>>> aerogear-dev mailing list
>>>>> aerogear-dev at lists.jboss.org
>>>>> https://lists.jboss.org/mailman/listinfo/aerogear-dev
>>>>>
>>>>
>>>>
>>>> _______________________________________________
>>>> aerogear-dev mailing list
>>>> aerogear-dev at lists.jboss.org
>>>> https://lists.jboss.org/mailman/listinfo/aerogear-dev
>>>>
>>>
>>>
>>>
>>> --
>>> Matthias Wessendorf
>>>
>>> blog: http://matthiaswessendorf.wordpress.com/
>>> sessions: http://www.slideshare.net/mwessendorf
>>> twitter: http://twitter.com/mwessendorf
>>>
>>> _______________________________________________
>>> aerogear-dev mailing list
>>> aerogear-dev at lists.jboss.org
>>> https://lists.jboss.org/mailman/listinfo/aerogear-dev
>>>
>>
>>
>>
>> --
>>
>> --
>> "The measure of a man is what he does with power" - Plato
>> -
>> @abstractj
>> -
>> Volenti Nihil Difficile
>>
>> _______________________________________________
>> aerogear-dev mailing list
>> aerogear-dev at lists.jboss.org
>> https://lists.jboss.org/mailman/listinfo/aerogear-dev
>>
>
>
> _______________________________________________
> aerogear-dev mailing list
> aerogear-dev at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/aerogear-dev
>



-- 

-- 
"The measure of a man is what he does with power" - Plato
-
@abstractj
-
Volenti Nihil Difficile
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/aerogear-dev/attachments/20150402/e4561a2b/attachment-0001.html

More information about the aerogear-dev mailing list