<div dir="ltr"><br><div class="gmail_extra"><br><div class="gmail_quote">On 12 February 2016 at 08:07, Marek Posolda <span dir="ltr">&lt;<a href="mailto:mposolda@redhat.com" target="_blank">mposolda@redhat.com</a>&gt;</span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
  
    
  
  <div bgcolor="#FFFFFF" text="#000000">
    <div>Facebook certificate should be signed
      by trusted authority, so it works with default JDK truststore. At
      least for me it always works.<br>
      <br>
      Shouldn&#39;t truststore SPI use both provided file + default JDK
      truststore by default? We may have flag to disable default JDK
      truststore, but not sure if it&#39;s ever needed. Also shouldn&#39;t we
      rewrite SimpleHTTP to use Apache HTTP client provided by
      HttpClientProvider SPI?</div></div></blockquote><div><br></div><div>+1 To both</div><div><br></div><div>SimpleHTTP was only introduced when we where talking about having the social providers a generic library, but now they aren&#39;t there&#39;s no point to SimpleHTTP anymore.</div><div> </div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div bgcolor="#FFFFFF" text="#000000"><div><span class="HOEnZb"><font color="#888888"><br>
      <br>
      Marek</font></span><div><div class="h5"><br>
      <br>
      On 11/02/16 15:23, Stian Thorgersen wrote:<br>
    </div></div></div><div><div class="h5">
    <blockquote type="cite">
      <div dir="ltr">Does it work if you don&#39;t specify the truststore?
        That will use the default truststore provided by the JDK.
        <div><br>
        </div>
        <div>Also, does your truststore contain the required CA certs?
          For Facebook to work it&#39;ll have to contain the required CA&#39;s
          for their certs</div>
      </div>
      <div class="gmail_extra"><br>
        <div class="gmail_quote">On 11 February 2016 at 14:09, LEONARDO
          NUNES <span dir="ltr">&lt;<a href="mailto:leo.nunes@gjccorp.com.br" target="_blank">leo.nunes@gjccorp.com.br</a>&gt;</span>
          wrote:<br>
          <blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
            <div style="word-wrap:break-word;color:rgb(0,0,0);font-size:16px;font-family:Calibri,sans-serif">
              <div>Hi, i&#39;m getting the error below when I try to login
                with Facebook.</div>
              <div>I&#39;ve followed the instructions at <a href="http://keycloak.github.io/docs/userguide/keycloak-server/html/server-installation.html#truststore" target="_blank"></a><a href="http://keycloak.github.io/docs/userguide/keycloak-server/html/server-installation.html#truststore" target="_blank">http://keycloak.github.io/docs/userguide/keycloak-server/html/server-installation.html#truststore</a> and <a href="http://keycloak.github.io/docs/userguide/keycloak-server/html/server-installation.html#d4e337" target="_blank"></a><a href="http://keycloak.github.io/docs/userguide/keycloak-server/html/server-installation.html#d4e337" target="_blank">http://keycloak.github.io/docs/userguide/keycloak-server/html/server-installation.html#d4e337</a></div>
              <div><br>
              </div>
              <div>I was able to login with Facebook when trying at
                localhost. But at our development server we are getting
                this error.</div>
              <div><br>
              </div>
              <div>We are using EAP in domain mode.</div>
              <div><br>
              </div>
              <div>The truststore I placed inside of
                keycloak-server.json</div>
              <div>
                <div>&quot;truststore&quot;: {</div>
                <div>        &quot;file&quot;: {</div>
                <div>            &quot;file&quot;:
                  &quot;/home/soa/jboss/ssl/keycloak.jks&quot;,</div>
                <div>            &quot;password&quot;: &quot;keycloak123&quot;,</div>
                <div>            &quot;hostname-verification-policy&quot;: &quot;ANY&quot;,</div>
                <div>            &quot;disabled&quot;: false</div>
                <div>        }</div>
                <div>    }</div>
              </div>
              <div><br>
              </div>
              <div><br>
              </div>
              <div>#######</div>
              <div><br>
              </div>
              <div>ERRO:</div>
              <div><br>
              </div>
              <div><br>
              </div>
              <div>
                <div>2016-02-11 10:44:53,927 ERROR
                  [org.keycloak.broker.oidc.AbstractOAuth2IdentityProvider]
                  (ajp-/192.168.162.73:8008-1) Failed to make identity
                  provider oauth callback:
                  javax.net.ssl.SSLHandshakeException:
                  sun.security.validator.ValidatorException: PKIX path
                  building failed:
                  sun.security.provider.certpath.SunCertPathBuilderException:
                  unable to find valid certification path to requested
                  target</div>
                <div><span style="white-space:pre-wrap"></span>at
                  sun.security.ssl.Alerts.getSSLException(Alerts.java:192)
                  [jsse.jar:1.8.0_45]</div>
                <div><span style="white-space:pre-wrap"></span>at
                  sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1937)
                  [jsse.jar:1.8.0_45]</div>
                <div><span style="white-space:pre-wrap"></span>at
                  sun.security.ssl.Handshaker.fatalSE(Handshaker.java:302)
                  [jsse.jar:1.8.0_45]</div>
                <div><span style="white-space:pre-wrap"></span>at
                  sun.security.ssl.Handshaker.fatalSE(Handshaker.java:296)
                  [jsse.jar:1.8.0_45]</div>
                <div><span style="white-space:pre-wrap"></span>at
                  sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1478)
                  [jsse.jar:1.8.0_45]</div>
                <div><span style="white-space:pre-wrap"></span>at
                  sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:212)
                  [jsse.jar:1.8.0_45]</div>
                <div><span style="white-space:pre-wrap"></span>at
                  sun.security.ssl.Handshaker.processLoop(Handshaker.java:969)
                  [jsse.jar:1.8.0_45]</div>
                <div><span style="white-space:pre-wrap"></span>at
                  sun.security.ssl.Handshaker.process_record(Handshaker.java:904)
                  [jsse.jar:1.8.0_45]</div>
                <div><span style="white-space:pre-wrap"></span>at
                  sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1050)
                  [jsse.jar:1.8.0_45]</div>
                <div><span style="white-space:pre-wrap"></span>at
                  sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1363)
                  [jsse.jar:1.8.0_45]</div>
                <div><span style="white-space:pre-wrap"></span>at
                  sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1391)
                  [jsse.jar:1.8.0_45]</div>
                <div><span style="white-space:pre-wrap"></span>at
                  sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1375)
                  [jsse.jar:1.8.0_45]</div>
                <div><span style="white-space:pre-wrap"></span>at
                  sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:563)
                  [rt.jar:1.8.0_45]</div>
                <div><span style="white-space:pre-wrap"></span>at
                  sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:185)
                  [rt.jar:1.8.0_45]</div>
                <div><span style="white-space:pre-wrap"></span>at
                  sun.net.www.protocol.http.HttpURLConnection.getOutputStream0(HttpURLConnection.java:1282)
                  [rt.jar:1.8.0_45]</div>
                <div><span style="white-space:pre-wrap"></span>at
                  sun.net.www.protocol.http.HttpURLConnection.getOutputStream(HttpURLConnection.java:1257)
                  [rt.jar:1.8.0_45]</div>
                <div><span style="white-space:pre-wrap"></span>at
                  sun.net.www.protocol.https.HttpsURLConnectionImpl.getOutputStream(HttpsURLConnectionImpl.java:250)
                  [rt.jar:1.8.0_45]</div>
                <div><span style="white-space:pre-wrap"></span>at
org.keycloak.broker.provider.util.SimpleHttp.asString(SimpleHttp.java:124)</div>
                <div><span style="white-space:pre-wrap"></span>at
org.keycloak.broker.oidc.AbstractOAuth2IdentityProvider$Endpoint.authResponse(AbstractOAuth2IdentityProvider.java:228)</div>
                <div><span style="white-space:pre-wrap"></span>at
                  sun.reflect.NativeMethodAccessorImpl.invoke0(Native
                  Method) [rt.jar:1.8.0_45]</div>
                <div><span style="white-space:pre-wrap"></span>at
                  sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
                  [rt.jar:1.8.0_45]</div>
                <div><span style="white-space:pre-wrap"></span>at
                  sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
                  [rt.jar:1.8.0_45]</div>
                <div><span style="white-space:pre-wrap"></span>at
                  java.lang.reflect.Method.invoke(Method.java:497)
                  [rt.jar:1.8.0_45]</div>
                <div><span style="white-space:pre-wrap"></span>at
                  org.jboss.resteasy.core.MethodInjectorImpl.invoke(MethodInjectorImpl.java:167)
                  [resteasy-jaxrs-2.3.8.SP4-redhat-2.jar:]</div>
                <div><span style="white-space:pre-wrap"></span>at
                  org.jboss.resteasy.core.ResourceMethod.invokeOnTarget(ResourceMethod.java:269)
                  [resteasy-jaxrs-2.3.8.SP4-redhat-2.jar:]</div>
                <div><span style="white-space:pre-wrap"></span>at
                  org.jboss.resteasy.core.ResourceMethod.invoke(ResourceMethod.java:227)
                  [resteasy-jaxrs-2.3.8.SP4-redhat-2.jar:]</div>
                <div><span style="white-space:pre-wrap"></span>at
                  org.jboss.resteasy.core.ResourceLocator.invokeOnTargetObject(ResourceLocator.java:159)
                  [resteasy-jaxrs-2.3.8.SP4-redhat-2.jar:]</div>
                <div><span style="white-space:pre-wrap"></span>at
                  org.jboss.resteasy.core.ResourceLocator.invoke(ResourceLocator.java:107)
                  [resteasy-jaxrs-2.3.8.SP4-redhat-2.jar:]</div>
                <div><span style="white-space:pre-wrap"></span>at
                  org.jboss.resteasy.core.ResourceLocator.invokeOnTargetObject(ResourceLocator.java:154)
                  [resteasy-jaxrs-2.3.8.SP4-redhat-2.jar:]</div>
                <div><span style="white-space:pre-wrap"></span>at
                  org.jboss.resteasy.core.ResourceLocator.invoke(ResourceLocator.java:92)
                  [resteasy-jaxrs-2.3.8.SP4-redhat-2.jar:]</div>
                <div><span style="white-space:pre-wrap"></span>at
                  org.jboss.resteasy.core.SynchronousDispatcher.getResponse(SynchronousDispatcher.java:542)
                  [resteasy-jaxrs-2.3.8.SP4-redhat-2.jar:]</div>
                <div><span style="white-space:pre-wrap"></span>at
                  org.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:524)
                  [resteasy-jaxrs-2.3.8.SP4-redhat-2.jar:]</div>
                <div><span style="white-space:pre-wrap"></span>at
                  org.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:126)
                  [resteasy-jaxrs-2.3.8.SP4-redhat-2.jar:]</div>
                <div><span style="white-space:pre-wrap"></span>at
                  org.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:208)
                  [resteasy-jaxrs-2.3.8.SP4-redhat-2.jar:]</div>
                <div><span style="white-space:pre-wrap"></span>at
                  org.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:55)
                  [resteasy-jaxrs-2.3.8.SP4-redhat-2.jar:]</div>
                <div><span style="white-space:pre-wrap"></span>at
                  org.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:50)
                  [resteasy-jaxrs-2.3.8.SP4-redhat-2.jar:]</div>
                <div><span style="white-space:pre-wrap"></span>at
                  javax.servlet.http.HttpServlet.service(HttpServlet.java:847)
[jboss-servlet-api_3.0_spec-1.0.2.Final-redhat-1.jar:1.0.2.Final-redhat-1]</div>
                <div><span style="white-space:pre-wrap"></span>at
                  org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:295)
[jbossweb-7.4.10.Final-redhat-1.jar:7.4.10.Final-redhat-1]</div>
                <div><span style="white-space:pre-wrap"></span>at
                  org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:214)
[jbossweb-7.4.10.Final-redhat-1.jar:7.4.10.Final-redhat-1]</div>
                <div><span style="white-space:pre-wrap"></span>at
                  org.keycloak.services.filters.KeycloakSessionServletFilter.doFilter(KeycloakSessionServletFilter.java:61)
                  [keycloak-services-1.8.1.Final.jar:1.8.1.Final]</div>
                <div><span style="white-space:pre-wrap"></span>at
                  org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:246)
[jbossweb-7.4.10.Final-redhat-1.jar:7.4.10.Final-redhat-1]</div>
                <div><span style="white-space:pre-wrap"></span>at
                  org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:214)
[jbossweb-7.4.10.Final-redhat-1.jar:7.4.10.Final-redhat-1]</div>
                <div><span style="white-space:pre-wrap"></span>at
                  org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:231)
[jbossweb-7.4.10.Final-redhat-1.jar:7.4.10.Final-redhat-1]</div>
                <div><span style="white-space:pre-wrap"></span>at
                  org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:149)
[jbossweb-7.4.10.Final-redhat-1.jar:7.4.10.Final-redhat-1]</div>
                <div><span style="white-space:pre-wrap"></span>at
org.jboss.modcluster.container.jbossweb.JBossWebContext$RequestListenerValve.event(JBossWebContext.java:91)</div>
                <div><span style="white-space:pre-wrap"></span>at
org.jboss.modcluster.container.jbossweb.JBossWebContext$RequestListenerValve.invoke(JBossWebContext.java:72)</div>
                <div><span style="white-space:pre-wrap"></span>at
                  org.jboss.as.web.security.SecurityContextAssociationValve.invoke(SecurityContextAssociationValve.java:169)
[jboss-as-web-7.4.3.Final-redhat-2.jar:7.4.3.Final-redhat-2]</div>
                <div><span style="white-space:pre-wrap"></span>at
                  org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:145)
[jbossweb-7.4.10.Final-redhat-1.jar:7.4.10.Final-redhat-1]</div>
                <div><span style="white-space:pre-wrap"></span>at
                  org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:97)
[jbossweb-7.4.10.Final-redhat-1.jar:7.4.10.Final-redhat-1]</div>
                <div><span style="white-space:pre-wrap"></span>at
                  org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:102)
[jbossweb-7.4.10.Final-redhat-1.jar:7.4.10.Final-redhat-1]</div>
                <div><span style="white-space:pre-wrap"></span>at
                  org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:344)
[jbossweb-7.4.10.Final-redhat-1.jar:7.4.10.Final-redhat-1]</div>
                <div><span style="white-space:pre-wrap"></span>at
                  org.apache.coyote.ajp.AjpProcessor.process(AjpProcessor.java:490)
[jbossweb-7.4.10.Final-redhat-1.jar:7.4.10.Final-redhat-1]</div>
                <div><span style="white-space:pre-wrap"></span>at
                  org.apache.coyote.ajp.AjpProtocol$AjpConnectionHandler.process(AjpProtocol.java:420)
[jbossweb-7.4.10.Final-redhat-1.jar:7.4.10.Final-redhat-1]</div>
                <div><span style="white-space:pre-wrap"></span>at
                  org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:926)
[jbossweb-7.4.10.Final-redhat-1.jar:7.4.10.Final-redhat-1]</div>
                <div><span style="white-space:pre-wrap"></span>at
                  java.lang.Thread.run(Thread.java:745)
                  [rt.jar:1.8.0_45]</div>
                <div>Caused by:
                  sun.security.validator.ValidatorException: PKIX path
                  building failed:
                  sun.security.provider.certpath.SunCertPathBuilderException:
                  unable to find valid certification path to requested
                  target</div>
                <div><span style="white-space:pre-wrap"></span>at
                  sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:387)
                  [rt.jar:1.8.0_45]</div>
                <div><span style="white-space:pre-wrap"></span>at
                  sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:292)
                  [rt.jar:1.8.0_45]</div>
                <div><span style="white-space:pre-wrap"></span>at
                  sun.security.validator.Validator.validate(Validator.java:260)
                  [rt.jar:1.8.0_45]</div>
                <div><span style="white-space:pre-wrap"></span>at
                  sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:324)
                  [jsse.jar:1.8.0_45]</div>
                <div><span style="white-space:pre-wrap"></span>at
                  sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:229)
                  [jsse.jar:1.8.0_45]</div>
                <div><span style="white-space:pre-wrap"></span>at
                  sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:124)
                  [jsse.jar:1.8.0_45]</div>
                <div><span style="white-space:pre-wrap"></span>at
                  sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1460)
                  [jsse.jar:1.8.0_45]</div>
                <div><span style="white-space:pre-wrap"></span>... 50
                  more</div>
                <div>Caused by:
                  sun.security.provider.certpath.SunCertPathBuilderException:
                  unable to find valid certification path to requested
                  target</div>
                <div><span style="white-space:pre-wrap"></span>at
                  sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:145)
                  [rt.jar:1.8.0_45]</div>
                <div><span style="white-space:pre-wrap"></span>at
                  sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:131)
                  [rt.jar:1.8.0_45]</div>
                <div><span style="white-space:pre-wrap"></span>at
                  java.security.cert.CertPathBuilder.build(CertPathBuilder.java:280)
                  [rt.jar:1.8.0_45]</div>
                <div><span style="white-space:pre-wrap"></span>at
                  sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:382)
                  [rt.jar:1.8.0_45]</div>
                <div><span style="white-space:pre-wrap"></span>... 56
                  more</div>
                <span><font color="#888888">
                  </font></span></div>
              <span><font color="#888888">
                  <div><br>
                  </div>
                  <div><br>
                  </div>
                  <div><br>
                  </div>
                  <div><br>
                  </div>
                  <div><br>
                  </div>
                  <div>
                    <div>
                      <div>-- </div>
                      <div>Leonardo Nunes</div>
                    </div>
                  </div>
                  <hr style="min-height:1px;color:#c4c4c4">
                  <div style="font-family:Arial;color:#848484;font-size:11px"><i>Esta
                      mensagem pode conter informação confidencial e/ou
                      privilegiada. Se você não for o destinatário ou a
                      pessoa autorizada a receber esta mensagem, não
                      poderá usar, copiar ou divulgar as informações
                      nela contidas ou tomar qualquer ação baseada
                      nessas informações. Se você recebeu esta mensagem
                      por engano, por favor avise imediatamente o
                      remetente, respondendo o e-mail e em seguida
                      apague-o. Agradecemos sua cooperação.
                      <br>
                      <br>
                      This message may contain confidential and/or
                      privileged information. If you are not the
                      addressee or authorized to receive this for the
                      addressee, you must not use, copy, disclose or
                      take any action based on this message or any
                      information herein. If you have received this
                      message in error, please advise the sender
                      immediately by reply e-mail and delete this
                      message. Thank you for your cooperation</i></div>
                </font></span></div>
            <br>
            _______________________________________________<br>
            keycloak-user mailing list<br>
            <a href="mailto:keycloak-user@lists.jboss.org" target="_blank">keycloak-user@lists.jboss.org</a><br>
            <a href="https://lists.jboss.org/mailman/listinfo/keycloak-user" rel="noreferrer" target="_blank">https://lists.jboss.org/mailman/listinfo/keycloak-user</a><br>
          </blockquote>
        </div>
        <br>
      </div>
      <br>
      <fieldset></fieldset>
      <br>
      <pre>_______________________________________________
keycloak-user mailing list
<a href="mailto:keycloak-user@lists.jboss.org" target="_blank">keycloak-user@lists.jboss.org</a>
<a href="https://lists.jboss.org/mailman/listinfo/keycloak-user" target="_blank">https://lists.jboss.org/mailman/listinfo/keycloak-user</a></pre>
    </blockquote>
    <br>
  </div></div></div>

</blockquote></div><br></div></div>