[aerogear-dev] [UPS] issues with UPS 1.1 on OpenShift (manual deploy)

Bruno Oliveira bruno at abstractj.org
Mon Apr 6 13:13:49 EDT 2015 

A little update, if you're willing to deploy UPS on Openshift:
https://issues.jboss.org/browse/AGPUSH-1352

On 2015-04-02, Sebastien Blanc wrote:
> Thx for the headup !
> When did this upgrade happened ?
> Shouldn't we have the problem also with UPS 1.0.x series on OpenShift ?
>
> On Thu, Apr 2, 2015 at 2:55 PM, Bruno Oliveira <bruno at abstractj.org> wrote:
>
> > Good morning guys, I'm investigating the problem since yesterday. The
> > problem at first glance is related with the upgrade on OpenShift to Java 8.
> >
> > Java 8 sends TLSv1.2 ClientHello and Java 7 TLSv1 and if the server
> > somehow does not support version 1.2, it should be able to negotiate down
> > to 1.1 or 1.0.
> >
> > I'm still investigating the root cause, but the immediate fix is to run KC
> > and UPS on JDK 1.7 only. Meanwhile I will be investigating the issue.
> >
> > On Tue, Mar 31, 2015 at 11:10 AM, Matthias Wessendorf <matzew at apache.org>
> > wrote:
> >
> >> that is on a totally different KC version
> >>
> >> On Tue, Mar 31, 2015 at 4:03 PM, Sebastien Blanc <scm.blanc at gmail.com>
> >> wrote:
> >>
> >>> Maybe,
> >>> But it may also be that  I'm missing something stupid :) and I have to
> >>> configure something extra since openshift is https and I always test
> >>> locally ... But yeah for 1.0.x I did not have to do anything.
> >>>
> >>>
> >>> On Tue, Mar 31, 2015 at 3:52 PM, Matthias Wessendorf <matzew at apache.org>
> >>> wrote:
> >>>
> >>>> anything wrong w/ the keycloak adapter, or was there a fix for a 1.1.1?
> >>>>
> >>>> On Tue, Mar 31, 2015 at 3:50 PM, Sebastien Blanc <scm.blanc at gmail.com>
> >>>> wrote:
> >>>>
> >>>>> Hi !
> >>>>> I was trying (and so was Lukas) to deploy UPS 1.1 (master branch) to
> >>>>> an openshift gear (Wildfly 8.2 cartridge). After tweaking a bit the
> >>>>> datasources to get it deployed, when trying to access /ag-push , I'm get an
> >>>>> 500 internal server error.
> >>>>>
> >>>>> The wildfly logs show me the following :
> >>>>>
> >>>>> 2015-03-31 09:40:47,240 ERROR [io.undertow.request] (default task-8) UT005023: Exception handling request to /ag-push/index.html: java.lang.RuntimeException: Unable to resolve realm public key remotely
> >>>>>         at org.keycloak.adapters.AdapterDeploymentContext.resolveRealmKey(AdapterDeploymentContext.java:134) [keycloak-adapter-core-1.1.0.Final.jar:1.1.0.Final]
> >>>>>         at org.keycloak.adapters.AdapterDeploymentContext.resolveDeployment(AdapterDeploymentContext.java:83) [keycloak-adapter-core-1.1.0.Final.jar:1.1.0.Final]
> >>>>>         at org.keycloak.adapters.PreAuthActionsHandler.preflightCors(PreAuthActionsHandler.java:71) [keycloak-adapter-core-1.1.0.Final.jar:1.1.0.Final]
> >>>>>         at org.keycloak.adapters.PreAuthActionsHandler.handleRequest(PreAuthActionsHandler.java:47) [keycloak-adapter-core-1.1.0.Final.jar:1.1.0.Final]
> >>>>>         at org.keycloak.adapters.undertow.ServletPreAuthActionsHandler.handleRequest(ServletPreAuthActionsHandler.java:68) [keycloak-undertow-adapter-1.1.0.Final.jar:1.1.0.Final]
> >>>>>         at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43) [undertow-core-1.1.0.Final.jar:1.1.0.Final]
> >>>>>         at io.undertow.servlet.handlers.ServletInitialHandler.handleFirstRequest(ServletInitialHandler.java:261) [undertow-servlet-1.1.0.Final.jar:1.1.0.Final]
> >>>>>         at io.undertow.servlet.handlers.ServletInitialHandler.dispatchRequest(ServletInitialHandler.java:247) [undertow-servlet-1.1.0.Final.jar:1.1.0.Final]
> >>>>>         at io.undertow.servlet.handlers.ServletInitialHandler.access$000(ServletInitialHandler.java:76) [undertow-servlet-1.1.0.Final.jar:1.1.0.Final]
> >>>>>         at io.undertow.servlet.handlers.ServletInitialHandler$1.handleRequest(ServletInitialHandler.java:166) [undertow-servlet-1.1.0.Final.jar:1.1.0.Final]
> >>>>>         at io.undertow.server.Connectors.executeRootHandler(Connectors.java:197) [undertow-core-1.1.0.Final.jar:1.1.0.Final]
> >>>>>         at io.undertow.server.HttpServerExchange$1.run(HttpServerExchange.java:759) [undertow-core-1.1.0.Final.jar:1.1.0.Final]
> >>>>>         at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142) [rt.jar:1.8.0_31]
> >>>>>         at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617) [rt.jar:1.8.0_31]
> >>>>>         at java.lang.Thread.run(Thread.java:745) [rt.jar:1.8.0_31]
> >>>>> Caused by: javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated
> >>>>>         at sun.security.ssl.SSLSessionImpl.getPeerCertificates(SSLSessionImpl.java:431) [jsse.jar:1.8.0_31]
> >>>>>         at org.apache.http.conn.ssl.AbstractVerifier.verify(AbstractVerifier.java:128) [httpclient-4.2.1.jar:4.2.1]
> >>>>>         at org.apache.http.conn.ssl.SSLSocketFactory.connectSocket(SSLSocketFactory.java:572) [httpclient-4.2.1.jar:4.2.1]
> >>>>>         at org.apache.http.impl.conn.DefaultClientConnectionOperator.openConnection(DefaultClientConnectionOperator.java:180) [httpclient-4.2.1.jar:4.2.1]
> >>>>>
> >>>>>
> >>>>> So "peer not authenticated" seems pretty obvious for the reason it fails.
> >>>>> The question is what do we need to do for this ? Anyone an idea ?
> >>>>>
> >>>>> Thx,
> >>>>> Sebi
> >>>>>
> >>>>>
> >>>>> _______________________________________________
> >>>>> aerogear-dev mailing list
> >>>>> aerogear-dev at lists.jboss.org
> >>>>> https://lists.jboss.org/mailman/listinfo/aerogear-dev
> >>>>>
> >>>>
> >>>>
> >>>>
> >>>> --
> >>>> Matthias Wessendorf
> >>>>
> >>>> blog: http://matthiaswessendorf.wordpress.com/
> >>>> sessions: http://www.slideshare.net/mwessendorf
> >>>> twitter: http://twitter.com/mwessendorf
> >>>>
> >>>> _______________________________________________
> >>>> aerogear-dev mailing list
> >>>> aerogear-dev at lists.jboss.org
> >>>> https://lists.jboss.org/mailman/listinfo/aerogear-dev
> >>>>
> >>>
> >>>
> >>> _______________________________________________
> >>> aerogear-dev mailing list
> >>> aerogear-dev at lists.jboss.org
> >>> https://lists.jboss.org/mailman/listinfo/aerogear-dev
> >>>
> >>
> >>
> >>
> >> --
> >> Matthias Wessendorf
> >>
> >> blog: http://matthiaswessendorf.wordpress.com/
> >> sessions: http://www.slideshare.net/mwessendorf
> >> twitter: http://twitter.com/mwessendorf
> >>
> >> _______________________________________________
> >> aerogear-dev mailing list
> >> aerogear-dev at lists.jboss.org
> >> https://lists.jboss.org/mailman/listinfo/aerogear-dev
> >>
> >
> >
> >
> > --
> >
> > --
> > "The measure of a man is what he does with power" - Plato
> > -
> > @abstractj
> > -
> > Volenti Nihil Difficile
> >
> > _______________________________________________
> > aerogear-dev mailing list
> > aerogear-dev at lists.jboss.org
> > https://lists.jboss.org/mailman/listinfo/aerogear-dev
> >

> _______________________________________________
> aerogear-dev mailing list
> aerogear-dev at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/aerogear-dev


--

abstractj
PGP: 0x84DC9914

More information about the aerogear-dev mailing list