[keycloak-user] Keycloak Express middleware VS self signed cert

[Ali Ok]

Hi Wei,

Got it, thanks.

On Thu, Apr 12, 2018 at 6:07 PM, Wei Li <weil at redhat.com> wrote:

> Hi Ali,
>
> I think by default the http module in nodejs doesn't support self-signed
> certificates. Can you try add this in the nodejs code:
>
> process.env.NODE_TLS_REJECT_UNAUTHORIZED = "0";
>
> Thanks.
>
> On Thu, Apr 12, 2018 at 3:51 PM, Ali Ok <aliok at redhat.com> wrote:
>
>> Resending, after subscribing to Keycloak user list
>>
>> ----------------------------------
>>
>> (also adding Keycloak ML)
>>
>> Hi,
>> I am trying to integrate a Node application with a Keycloak instance
>> running on my local OpenShift cluster.
>>
>> Node app uses the Keycloak client in this Gist: [1]
>> Here is the keycloak.json file used in Node app: [2]
>>
>>
>> When I pass a valid token to the Node app, Keycloak middleware on the
>> Node app side is trying to get the public key from Keycloak, I see there is
>> "self signed certificate in certificate chain" error when Keycloak lib
>> tries to do this:
>> "
>>
>> // retrieve public KEY and use it to validate token
>> this.rotation.getJWK(token.header.kid).then(key => {
>>
>> "
>> here: https://github.com/keycloak/keycloak-nodejs-connect/
>> blob/master/middleware/auth-utils/grant-manager.js#L359
>>
>> 2 questions:
>> - How can I configure client and the Node app to have the public key
>> already, so that it doesn't go and fetch the public key?
>> - If question above doesn't make sense (I can be considered a beginner in
>> this area), how can I make middleware to work with a self signed cert
>> Keycloak instance?
>>
>> I prefer the first approach.
>>
>> Thanks,
>> Ali
>>
>> [1]: https://gist.github.com/aliok/8ae2c9d240d09367b59e491677400a96
>> [2]: https://gist.github.com/aliok/23e93794847ef3493893627ca68e9650
>>
>>
>
>
> --
>
> WEI LI
>
> Principal SOFTWARE ENGINEER
>
> Red Hat Mobile <https://www.redhat.com/>
>
> weil at redhat.com    M: +353862393272
> <https://red.ht/sig>
>