<div dir="ltr">I am fairly new to this. I am using Wildfly 8.0.0 Final. Where should I set this?</div><div class="gmail_extra"><br><br><div class="gmail_quote">On Fri, May 9, 2014 at 6:13 PM, Bill Burke <span dir="ltr">&lt;<a href="mailto:bburke@redhat.com" target="_blank">bburke@redhat.com</a>&gt;</span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">Your server is secured via SSL?  (https)?  If so,<br>
<br>
In your adapter config set:<br>
<br>
&quot;disable-trust-manager&quot;: true<br>
<br>
or provide a keystore file that holds the public cert of your server:<br>
<br>
&quot;truststore&quot;: &quot;/path&quot;,<br>
&quot;truststore-password&quot;: &quot;password&quot;<br>
<div><div class="h5"><br>
<br>
<br>
<br>
<br>
On 5/9/2014 5:42 PM, Ben wrote:<br>
&gt; I am using Keycloak Beta 1 Snapshot as my SSO but when any user logs in<br>
&gt; it gives a 403 forbidden and the error shown below. Any idea what went<br>
&gt; wrong?<br>
&gt;<br>
&gt;<br>
&gt; ERROR [org.keycloak.adapters.OAuthRequestAuthenticator] (default task-7)<br>
&gt; failed to turn code into token:<br>
&gt; javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated<br>
&gt;<br>
&gt; at<br>
&gt; sun.security.ssl.SSLSessionImpl.getPeerCertificates(SSLSessionImpl.java:397)<br>
&gt; [jsse.jar:1.7.0_45]<br>
&gt;<br>
&gt; at<br>
&gt; org.apache.http.conn.ssl.AbstractVerifier.verify(AbstractVerifier.java:128)<br>
&gt;<br>
&gt; at<br>
&gt; org.apache.http.conn.ssl.SSLSocketFactory.connectSocket(SSLSocketFactory.java:572)<br>
&gt;<br>
&gt; at<br>
&gt; org.apache.http.impl.conn.DefaultClientConnectionOperator.openConnection(DefaultClientConnectionOperator.java:180)<br>
&gt;<br>
&gt; at<br>
&gt; org.apache.http.impl.conn.AbstractPoolEntry.open(AbstractPoolEntry.java:151)<br>
&gt;<br>
&gt; at<br>
&gt; org.apache.http.impl.conn.AbstractPooledConnAdapter.open(AbstractPooledConnAdapter.java:125)<br>
&gt;<br>
&gt; at<br>
&gt; org.apache.http.impl.client.DefaultRequestDirector.tryConnect(DefaultRequestDirector.java:640)<br>
&gt;<br>
&gt; at<br>
&gt; org.apache.http.impl.client.DefaultRequestDirector.execute(DefaultRequestDirector.java:479)<br>
&gt;<br>
&gt; at<br>
&gt; org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:906)<br>
&gt;<br>
&gt; at<br>
&gt; org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:805)<br>
&gt;<br>
&gt; at<br>
&gt; org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:784)<br>
&gt;<br>
&gt; at<br>
&gt; org.keycloak.adapters.ServerRequest.invokeAccessCodeToToken(ServerRequest.java:78)<br>
&gt; [keycloak-adapter-core-1.0-beta-1-SNAPSHOT.jar:]<br>
&gt;<br>
&gt; at<br>
&gt; org.keycloak.adapters.ServerRequest.invokeAccessCodeToToken(ServerRequest.java:55)<br>
&gt; [keycloak-adapter-core-1.0-beta-1-SNAPSHOT.jar:]<br>
&gt;<br>
&gt; at<br>
&gt; org.keycloak.adapters.OAuthRequestAuthenticator.resolveCode(OAuthRequestAuthenticator.java:256)<br>
&gt; [keycloak-adapter-core-1.0-beta-1-SNAPSHOT.jar:]<br>
&gt;<br>
&gt; at<br>
&gt; org.keycloak.adapters.OAuthRequestAuthenticator.authenticate(OAuthRequestAuthenticator.java:205)<br>
&gt; [keycloak-adapter-core-1.0-beta-1-SNAPSHOT.jar:]<br>
&gt;<br>
&gt; at<br>
&gt; org.keycloak.adapters.RequestAuthenticator.authenticate(RequestAuthenticator.java:59)<br>
&gt; [keycloak-adapter-core-1.0-beta-1-SNAPSHOT.jar:]<br>
&gt;<br>
&gt; at<br>
&gt; org.keycloak.adapters.undertow.ServletKeycloakAuthMech.authenticate(ServletKeycloakAuthMech.java:38)<br>
&gt; [keycloak-undertow-adapter-1.0-beta-1-SNAPSHOT.jar:]<br>
&gt;<br>
&gt; at<br>
&gt; io.undertow.security.impl.SecurityContextImpl$AuthAttempter.transition(SecurityContextImpl.java:281)<br>
&gt; [undertow-core-1.0.0.Final.jar:1.0.0.Final]<br>
&gt;<br>
&gt; at<br>
&gt; io.undertow.security.impl.SecurityContextImpl$AuthAttempter.transition(SecurityContextImpl.java:298)<br>
&gt; [undertow-core-1.0.0.Final.jar:1.0.0.Final]<br>
&gt;<br>
&gt; at<br>
&gt; io.undertow.security.impl.SecurityContextImpl$AuthAttempter.access$100(SecurityContextImpl.java:268)<br>
&gt; [undertow-core-1.0.0.Final.jar:1.0.0.Final]<br>
&gt;<br>
&gt; at<br>
&gt; io.undertow.security.impl.SecurityContextImpl.attemptAuthentication(SecurityContextImpl.java:131)<br>
&gt; [undertow-core-1.0.0.Final.jar:1.0.0.Final]<br>
&gt;<br>
&gt; at<br>
&gt; io.undertow.security.impl.SecurityContextImpl.authTransition(SecurityContextImpl.java:106)<br>
&gt; [undertow-core-1.0.0.Final.jar:1.0.0.Final]<br>
&gt;<br>
&gt; at<br>
&gt; io.undertow.security.impl.SecurityContextImpl.authenticate(SecurityContextImpl.java:99)<br>
&gt; [undertow-core-1.0.0.Final.jar:1.0.0.Final]<br>
&gt;<br>
&gt; at<br>
&gt; io.undertow.security.handlers.AuthenticationCallHandler.handleRequest(AuthenticationCallHandler.java:50)<br>
&gt; [undertow-core-1.0.0.Final.jar:1.0.0.Final]<br>
&gt;<br>
&gt; at<br>
&gt; io.undertow.security.handlers.AuthenticationConstraintHandler.handleRequest(AuthenticationConstraintHandler.java:51)<br>
&gt; [undertow-core-1.0.0.Final.jar:1.0.0.Final]<br>
&gt;<br>
&gt; at<br>
&gt; io.undertow.security.handlers.AbstractConfidentialityHandler.handleRequest(AbstractConfidentialityHandler.java:45)<br>
&gt; [undertow-core-1.0.0.Final.jar:1.0.0.Final]<br>
&gt;<br>
&gt; at<br>
&gt; io.undertow.servlet.handlers.security.ServletConfidentialityConstraintHandler.handleRequest(ServletConfidentialityConstraintHandler.java:61)<br>
&gt; [undertow-servlet-1.0.0.Final.jar:1.0.0.Final]<br>
&gt;<br>
&gt; at<br>
&gt; io.undertow.servlet.handlers.security.ServletSecurityConstraintHandler.handleRequest(ServletSecurityConstraintHandler.java:56)<br>
&gt; [undertow-servlet-1.0.0.Final.jar:1.0.0.Final]<br>
&gt;<br>
&gt; at<br>
&gt; io.undertow.security.handlers.AuthenticationMechanismsHandler.handleRequest(AuthenticationMechanismsHandler.java:58)<br>
&gt; [undertow-core-1.0.0.Final.jar:1.0.0.Final]<br>
&gt;<br>
&gt; at<br>
&gt; io.undertow.servlet.handlers.security.CachedAuthenticatedSessionHandler.handleRequest(CachedAuthenticatedSessionHandler.java:70)<br>
&gt; [undertow-servlet-1.0.0.Final.jar:1.0.0.Final]<br>
&gt;<br>
&gt; at<br>
&gt; io.undertow.security.handlers.SecurityInitialHandler.handleRequest(SecurityInitialHandler.java:76)<br>
&gt; [undertow-core-1.0.0.Final.jar:1.0.0.Final]<br>
&gt;<br>
&gt; at<br>
&gt; io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:25)<br>
&gt; [undertow-core-1.0.0.Final.jar:1.0.0.Final]<br>
&gt;<br>
&gt; at<br>
&gt; org.wildfly.extension.undertow.security.jacc.JACCContextIdHandler.handleRequest(JACCContextIdHandler.java:61)<br>
&gt;<br>
&gt; at<br>
&gt; io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:25)<br>
&gt; [undertow-core-1.0.0.Final.jar:1.0.0.Final]<br>
&gt;<br>
&gt; at<br>
&gt; org.keycloak.adapters.undertow.ServletPreAuthActionsHandler.handleRequest(ServletPreAuthActionsHandler.java:54)<br>
&gt; [keycloak-undertow-adapter-1.0-beta-1-SNAPSHOT.jar:]<br>
&gt;<br>
&gt; at<br>
&gt; io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:25)<br>
&gt; [undertow-core-1.0.0.Final.jar:1.0.0.Final]<br>
&gt;<br>
&gt; at<br>
&gt; io.undertow.servlet.handlers.ServletInitialHandler.handleFirstRequest(ServletInitialHandler.java:240)<br>
&gt; [undertow-servlet-1.0.0.Final.jar:1.0.0.Final]<br>
&gt;<br>
&gt; at<br>
&gt; io.undertow.servlet.handlers.ServletInitialHandler.dispatchRequest(ServletInitialHandler.java:227)<br>
&gt; [undertow-servlet-1.0.0.Final.jar:1.0.0.Final]<br>
&gt;<br>
&gt; at<br>
&gt; io.undertow.servlet.handlers.ServletInitialHandler.access$000(ServletInitialHandler.java:73)<br>
&gt; [undertow-servlet-1.0.0.Final.jar:1.0.0.Final]<br>
&gt;<br>
&gt; at<br>
&gt; io.undertow.servlet.handlers.ServletInitialHandler$1.handleRequest(ServletInitialHandler.java:146)<br>
&gt; [undertow-servlet-1.0.0.Final.jar:1.0.0.Final]<br>
&gt;<br>
&gt; at io.undertow.server.Connectors.executeRootHandler(Connectors.java:168)<br>
&gt; [undertow-core-1.0.0.Final.jar:1.0.0.Final]<br>
&gt;<br>
&gt; at<br>
&gt; io.undertow.server.HttpServerExchange$1.run(HttpServerExchange.java:687)<br>
&gt; [undertow-core-1.0.0.Final.jar:1.0.0.Final]<br>
&gt;<br>
&gt; at<br>
&gt; java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)<br>
&gt; [rt.jar:1.7.0_45]<br>
&gt;<br>
&gt; at<br>
&gt; java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)<br>
&gt; [rt.jar:1.7.0_45]<br>
&gt;<br>
&gt; at java.lang.Thread.run(Thread.java:744) [rt.jar:1.7.0_45]<br>
&gt;<br>
&gt;<br>
&gt;<br>
</div></div>&gt; _______________________________________________<br>
&gt; keycloak-user mailing list<br>
&gt; <a href="mailto:keycloak-user@lists.jboss.org">keycloak-user@lists.jboss.org</a><br>
&gt; <a href="https://lists.jboss.org/mailman/listinfo/keycloak-user" target="_blank">https://lists.jboss.org/mailman/listinfo/keycloak-user</a><br>
&gt;<br>
<span class="HOEnZb"><font color="#888888"><br>
--<br>
Bill Burke<br>
JBoss, a division of Red Hat<br>
<a href="http://bill.burkecentral.com" target="_blank">http://bill.burkecentral.com</a><br>
_______________________________________________<br>
keycloak-user mailing list<br>
<a href="mailto:keycloak-user@lists.jboss.org">keycloak-user@lists.jboss.org</a><br>
<a href="https://lists.jboss.org/mailman/listinfo/keycloak-user" target="_blank">https://lists.jboss.org/mailman/listinfo/keycloak-user</a><br>
</font></span></blockquote></div><br></div>