<html>
<head>
<meta content="text/html; charset=utf-8" http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
Hi Marko,<br>
<br>
I use Keycloak 1.4.0.Final but it's the same with the latest one.<br>
<br>
Here is the error that I get from the "KeycloakInstalled" adaptor
but it's the same for at least the Jetty9.2 one:<br>
<br>
<tt>//---------------------------------------------------------------------</tt><tt><br>
</tt><tt>Open the following URL in a browser. After login copy/paste
the code back and press <enter></tt><tt><br>
</tt><tt><a class="moz-txt-link-freetext" href="https://sso.gnubila.fr/auth/realms/Tests/protocol/openid-connect/auth?response_type=code&client_id=pandora-web-service-client&redirect_uri=urn%3Aietf%3Awg%3Aoauth%3A2.0%3Aoob">https://sso.gnubila.fr/auth/realms/Tests/protocol/openid-connect/auth?response_type=code&client_id=pandora-web-service-client&redirect_uri=urn%3Aietf%3Awg%3Aoauth%3A2.0%3Aoob</a></tt><tt><br>
</tt><tt><br>
</tt><tt>Code:
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX</tt><tt><br>
</tt><tt>Exception in thread "main"
javax.net.ssl.SSLHandshakeException:
sun.security.validator.ValidatorException: PKIX path building
failed:
sun.security.provider.certpath.SunCertPathBuilderException: unable
to find valid certification path to requested target</tt><tt><br>
</tt><tt> at
sun.security.ssl.Alerts.getSSLException(Alerts.java:192)</tt><tt><br>
</tt><tt> at
sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1949)</tt><tt><br>
</tt><tt> at
sun.security.ssl.Handshaker.fatalSE(Handshaker.java:302)</tt><tt><br>
</tt><tt> at
sun.security.ssl.Handshaker.fatalSE(Handshaker.java:296)</tt><tt><br>
</tt><tt> at
sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1509)</tt><tt><br>
</tt><tt> at
sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:216)</tt><tt><br>
</tt><tt> at
sun.security.ssl.Handshaker.processLoop(Handshaker.java:979)</tt><tt><br>
</tt><tt> at
sun.security.ssl.Handshaker.process_record(Handshaker.java:914)</tt><tt><br>
</tt><tt> at
sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1062)</tt><tt><br>
</tt><tt> at
sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1375)</tt><tt><br>
</tt><tt> at
sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1403)</tt><tt><br>
</tt><tt> at
sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1387)</tt><tt><br>
</tt><tt> at
org.apache.http.conn.ssl.SSLSocketFactory.connectSocket(SSLSocketFactory.java:535)</tt><tt><br>
</tt><tt> at
org.apache.http.conn.ssl.SSLSocketFactory.connectSocket(SSLSocketFactory.java:403)</tt><tt><br>
</tt><tt> at
org.apache.http.impl.conn.DefaultClientConnectionOperator.openConnection(DefaultClientConnectionOperator.java:177)</tt><tt><br>
</tt><tt> at
org.apache.http.impl.conn.AbstractPoolEntry.open(AbstractPoolEntry.java:144)</tt><tt><br>
</tt><tt> at
org.apache.http.impl.conn.AbstractPooledConnAdapter.open(AbstractPooledConnAdapter.java:131)</tt><tt><br>
</tt><tt> at
org.apache.http.impl.client.DefaultRequestDirector.tryConnect(DefaultRequestDirector.java:611)</tt><tt><br>
</tt><tt> at
org.apache.http.impl.client.DefaultRequestDirector.execute(DefaultRequestDirector.java:446)</tt><tt><br>
</tt><tt> at
org.apache.http.impl.client.AbstractHttpClient.doExecute(AbstractHttpClient.java:863)</tt><tt><br>
</tt><tt> at
org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:82)</tt><tt><br>
</tt><tt> at
org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:106)</tt><tt><br>
</tt><tt> at
org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:57)</tt><tt><br>
</tt><tt> at
org.keycloak.adapters.ServerRequest.invokeAccessCodeToToken(ServerRequest.java:122)</tt><tt><br>
</tt><tt> at
org.keycloak.adapters.ServerRequest.invokeAccessCodeToToken(ServerRequest.java:95)</tt><tt><br>
</tt><tt> at
org.keycloak.adapters.installed.KeycloakInstalled.processCode(KeycloakInstalled.java:232)</tt><tt><br>
</tt><tt> at
org.keycloak.adapters.installed.KeycloakInstalled.loginManual(KeycloakInstalled.java:168)</tt><tt><br>
</tt><tt> at
org.keycloak.adapters.installed.KeycloakInstalled.loginManual(KeycloakInstalled.java:147)</tt><tt><br>
</tt><tt> at cmd_client.main(cmd_client.java:64)</tt><tt><br>
</tt><tt>Caused by: sun.security.validator.ValidatorException: PKIX
path building failed:
sun.security.provider.certpath.SunCertPathBuilderException: unable
to find valid certification path to requested target</tt><tt><br>
</tt><tt> at
sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:387)</tt><tt><br>
</tt><tt> at
sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:292)</tt><tt><br>
</tt><tt> at
sun.security.validator.Validator.validate(Validator.java:260)</tt><tt><br>
</tt><tt> at
sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:324)</tt><tt><br>
</tt><tt> at
sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:229)</tt><tt><br>
</tt><tt> at
sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:124)</tt><tt><br>
</tt><tt> at
sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1491)</tt><tt><br>
</tt><tt> ... 24 more</tt><tt><br>
</tt><tt>Caused by:
sun.security.provider.certpath.SunCertPathBuilderException: unable
to find valid certification path to requested target</tt><tt><br>
</tt><tt> at
sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141)</tt><tt><br>
</tt><tt> at
sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126)</tt><tt><br>
</tt><tt> at
java.security.cert.CertPathBuilder.build(CertPathBuilder.java:280)</tt><tt><br>
</tt><tt> at
sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:382)</tt><tt><br>
</tt><tt> ... 30 more</tt><tt><br>
</tt><tt>//---------------------------------------------------------------------</tt><tt><br>
</tt><br>
Best,<br>
Jerome<br>
<br>
<div class="moz-cite-prefix">Le 19/02/2016 15:12, Marko Strukelj a
écrit :<br>
</div>
<blockquote
cite="mid:CA+1OW+h+YXozUCZN1+hUkZAL=2+e6c8L63FgVwMWrBGrsnY5sw@mail.gmail.com"
type="cite">
<div dir="ltr">What version of Keycloak are you using, and what
have you tried so far?
<div><br>
<div>It sounds like you've tried to not set "truststore", and
it didn't work. What's the exception you get?</div>
<div><br>
</div>
</div>
</div>
<div class="gmail_extra"><br>
<div class="gmail_quote">On Fri, Feb 19, 2016 at 2:41 PM, Jérôme
Revillard <span dir="ltr"><<a moz-do-not-send="true"
href="mailto:jrevillard@gnubila.fr" target="_blank">jrevillard@gnubila.fr</a>></span>
wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0
.8ex;border-left:1px #ccc solid;padding-left:1ex">
<div bgcolor="#FFFFFF" text="#000000"> Any advise for this
please ?<br>
<br>
Best,<br>
Jerome
<div>
<div class="h5"><br>
<br>
<div>Le 17/02/2016 11:19, Jérôme Revillard a écrit :<br>
</div>
<blockquote type="cite"> Yes, it seems to be the case
for the server, but not for the clients. See the
trustore config description here: <a
moz-do-not-send="true"
href="https://keycloak.github.io/docs/userguide/keycloak-server/html/ch08.html#adapter-config"
target="_blank"><a class="moz-txt-link-freetext" href="https://keycloak.github.io/docs/userguide/keycloak-server/html/ch08.html#adapter-config">https://keycloak.github.io/docs/userguide/keycloak-server/html/ch08.html#adapter-config</a></a><br>
<br>
Best,<br>
Jerome<br>
<br>
<div>Le 17/02/2016 11:09, Bruno Oliveira a écrit :<br>
</div>
<blockquote type="cite">
<div dir="ltr">I'm not sure if I got your question
in the right way. But from my understanding Java
truststore is the standard fall back.
<div><br>
</div>
<div>See item 3.2.5 <a moz-do-not-send="true"
href="https://keycloak.github.io/docs/userguide/keycloak-server/html/server-installation.html"
target="_blank">https://keycloak.github.io/docs/userguide/keycloak-server/html/server-installation.html</a></div>
</div>
<br>
<div class="gmail_quote">
<div dir="ltr">On Wed, Feb 17, 2016 at 6:07 AM
Jérôme Revillard <<a moz-do-not-send="true"
href="mailto:jrevillard@gnubila.fr"
target="_blank">jrevillard@gnubila.fr</a>>
wrote:<br>
</div>
<blockquote class="gmail_quote" style="margin:0
0 0 .8ex;border-left:1px #ccc
solid;padding-left:1ex">Dear all,<br>
<br>
I'm testing now a Keycloak server properly
configured with https<br>
configuration.<br>
The server certificate is one which is already
known by the default java<br>
trustore.<br>
Would it be possible to setup the
keycloak.json adapter config to use<br>
this default java trustore ?<br>
<br>
Best,<br>
Jerome<br>
<br>
_______________________________________________<br>
keycloak-user mailing list<br>
<a moz-do-not-send="true"
href="mailto:keycloak-user@lists.jboss.org"
target="_blank">keycloak-user@lists.jboss.org</a><br>
<a moz-do-not-send="true"
href="https://lists.jboss.org/mailman/listinfo/keycloak-user"
rel="noreferrer" target="_blank">https://lists.jboss.org/mailman/listinfo/keycloak-user</a></blockquote>
</div>
</blockquote>
<br>
<fieldset></fieldset>
<br>
<pre>_______________________________________________
keycloak-user mailing list
<a moz-do-not-send="true" href="mailto:keycloak-user@lists.jboss.org" target="_blank">keycloak-user@lists.jboss.org</a>
<a moz-do-not-send="true" href="https://lists.jboss.org/mailman/listinfo/keycloak-user" target="_blank">https://lists.jboss.org/mailman/listinfo/keycloak-user</a></pre>
</blockquote>
</div>
</div>
</div>
<br>
_______________________________________________<br>
keycloak-user mailing list<br>
<a moz-do-not-send="true"
href="mailto:keycloak-user@lists.jboss.org">keycloak-user@lists.jboss.org</a><br>
<a moz-do-not-send="true"
href="https://lists.jboss.org/mailman/listinfo/keycloak-user"
rel="noreferrer" target="_blank">https://lists.jboss.org/mailman/listinfo/keycloak-user</a><br>
</blockquote>
</div>
<br>
</div>
</blockquote>
</body>
</html>