[keycloak-user] TLS configuration issues with 4.5.0

Dmitry Telegin dt at acutus.pro
Sat Nov 10 15:11:14 EST 2018 

Hello Balasz,

Just FYI, Keycloak Docker image uses standalone-ha.xml by default starting from version 4.5.0, so you should use it instead of standalone.xml.

The warning in the log is unrelated, as it is caused by Keycloak runtime trying to discover some optional SSL features found in Java 9 only.

Cheers,
Dmitry Telegin
CTO, Acutus s.r.o.
Keycloak Consulting and Training

Pod lipami street 339/52, 130 00 Prague 3, Czech Republic
+42 (022) 888-30-71
E-mail: info at acutus.pro

On Sat, 2018-11-10 at 17:52 +0100, Balazs Kovacs wrote:
> Hi,
> 
> I run a test instance of keycloak from public docker hub.
> 
> I'm able to set up the server with TLS on default port 8443 up until KC
> 4.3.0 with my own certificates. I did not try with 4.4.0, but 4.5.0 never
> succeeds and ends up with a auto-generated self-signed certificate in any
> case.
> 
> I attached the standalone.xml configuration I use. When I turn on DEBUG log
> level, I get the below suspicious error that I thought is related:
> 
> ESC[0mESC[32m10:07:51,880 DEBUG [org.jboss.as.domain.management] (MSC
> service thread 1-2) Starting 'ApplicationRealm' Security Realm Service
> ESC[0mESC[32m10:07:52,028 DEBUG [org.jboss.modcluster] (MSC service thread
> 1-1) MODCLUSTER000005: Received add context event for
> default-host:/wildfly-services
> ESC[0mESC[32m10:07:52,032 DEBUG [org.jboss.modcluster] (MSC service thread
> 1-1) MODCLUSTER000007: Received start context event for
> default-host:/wildfly-services
> ESC[0mESC[32m10:07:52,124 DEBUG [io.undertow] (MSC service thread 1-1) JDK9
> ALPN not supported: java.lang.NoSuchMethodException:
> javax.net.ssl.SSLParameters.setApplicationProtocols([Ljava.lang.String;)
>         at java.lang.Class.getMethod(Class.java:1786)
>         at
> io.undertow.protocols.alpn.JDK9AlpnProvider$1.run(JDK9AlpnProvider.java:47)
>         at
> io.undertow.protocols.alpn.JDK9AlpnProvider$1.run(JDK9AlpnProvider.java:43)
>         at java.security.AccessController.doPrivileged(Native Method)
>         at
> io.undertow.protocols.alpn.JDK9AlpnProvider.<clinit>(JDK9AlpnProvider.java:43)
>         at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native
> Method)
>         at
> sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:62)
>         at
> sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45)
>         at java.lang.reflect.Constructor.newInstance(Constructor.java:423)
>         at java.lang.Class.newInstance(Class.java:442)
>         at
> java.util.ServiceLoader$LazyIterator.nextService(ServiceLoader.java:380)
>         at java.util.ServiceLoader$LazyIterator.next(ServiceLoader.java:404)
>         at java.util.ServiceLoader$1.next(ServiceLoader.java:480)
>         at
> io.undertow.protocols.alpn.ALPNManager.<init>(ALPNManager.java:40)
>         at
> io.undertow.protocols.alpn.ALPNManager.<clinit>(ALPNManager.java:35)
>         at
> io.undertow.server.protocol.http.AlpnOpenListener.<init>(AlpnOpenListener.java:68)
>         at
> io.undertow.server.protocol.http.AlpnOpenListener.<init>(AlpnOpenListener.java:94)
>         at
> org.wildfly.extension.undertow.HttpsListenerService.createAlpnOpenListener(HttpsListenerService.java:123)
>         at
> org.wildfly.extension.undertow.HttpsListenerService.createOpenListener(HttpsListenerService.java:108)
>         at
> org.wildfly.extension.undertow.ListenerService.start(ListenerService.java:177)
>         at
> org.jboss.msc.service.ServiceControllerImpl$StartTask.startService(ServiceControllerImpl.java:1736)
>         at
> org.jboss.msc.service.ServiceControllerImpl$StartTask.execute(ServiceControllerImpl.java:1698)
>         at
> org.jboss.msc.service.ServiceControllerImpl$ControllerTask.run(ServiceControllerImpl.java:1556)
>         at
> org.jboss.threads.ContextClassLoaderSavingRunnable.run(ContextClassLoaderSavingRunnable.java:35)
>         at
> org.jboss.threads.EnhancedQueueExecutor.safeRun(EnhancedQueueExecutor.java:1985)
>         at
> org.jboss.threads.EnhancedQueueExecutor$ThreadBody.doRunTask(EnhancedQueueExecutor.java:1487)
>         at
> org.jboss.threads.EnhancedQueueExecutor$ThreadBody.run(EnhancedQueueExecutor.java:1364)
>         at java.lang.Thread.run(Thread.java:748)
> 
> Any idea what's going wrong with this version of keycloak docker image and
> TLS setup?
> 
> Thanks,
> Balazs
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user

More information about the keycloak-user mailing list