<div dir="ltr">Hi Juan, if we are talking about Comodo, instead of Komodo (because I never heard about it to be honest). Have you added the certificate[1]?<div><br></div><div>In some situations[2] is not mandatory, but it pretty much depends on your environment.<br><div><br></div><div>[1] - <a href="https://support.comodo.com/index.php?/Default/Knowledgebase/Article/View/638/37/certificate-installation-java-based-web-servers-tomcat-using-keytool">https://support.comodo.com/index.php?/Default/Knowledgebase/Article/View/638/37/certificate-installation-java-based-web-servers-tomcat-using-keytool</a></div><div>[2] - <a href="https://support.comodo.com/index.php?/Default/Knowledgebase/Article/View/296/17/are-your-roots-included-in-any-java-release">https://support.comodo.com/index.php?/Default/Knowledgebase/Article/View/296/17/are-your-roots-included-in-any-java-release</a></div><div><br><br><div class="gmail_quote"><div dir="ltr">On Thu, Apr 7, 2016 at 8:25 PM Juan Diego <<a href="mailto:juandiego83@gmail.com">juandiego83@gmail.com</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr"><div><div>I installed a keycloak server on amazon and bought a cert from Komodo. And I was testing my app from my localhost, so my webapp in jsf is supposed to log against that server and it seems to work. I modified my web.xml so the loign-config uses keycloak.<br><br></div>I thought my localserver ssl was the problem but I disabled <transport-guarantee>CONFIDENTIAL</transport-guarantee><br><br></div>But I got the same error.<br><div><br>17:49:20,443 ERROR [org.keycloak.adapters.OAuthRequestAuthenticator] (default task-49) failed to turn code into token: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target<br> at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)<br> at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1949)<br> at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:302)<br> at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:296)<br> at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1509)<br> at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:216)<br> at sun.security.ssl.Handshaker.processLoop(Handshaker.java:979)<br> at sun.security.ssl.Handshaker.process_record(Handshaker.java:914)<br> at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1062)<br> at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1375)<br> at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1403)<br> at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1387)<br> at org.apache.http.conn.ssl.SSLSocketFactory.connectSocket(SSLSocketFactory.java:543)<br> at org.keycloak.adapters.SniSSLSocketFactory.connectSocket(SniSSLSocketFactory.java:109)<br> at org.apache.http.conn.ssl.SSLSocketFactory.connectSocket(SSLSocketFactory.java:409)<br> at org.apache.http.impl.conn.DefaultClientConnectionOperator.openConnection(DefaultClientConnectionOperator.java:177)<br> at org.apache.http.impl.conn.AbstractPoolEntry.open(AbstractPoolEntry.java:144)<br> at org.apache.http.impl.conn.AbstractPooledConnAdapter.open(AbstractPooledConnAdapter.java:131)<br> at org.apache.http.impl.client.DefaultRequestDirector.tryConnect(DefaultRequestDirector.java:611)<br> at org.apache.http.impl.client.DefaultRequestDirector.execute(DefaultRequestDirector.java:446)<br> at org.apache.http.impl.client.AbstractHttpClient.doExecute(AbstractHttpClient.java:882)<br> at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:82)<br> at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:107)<br> at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:55)<br> at org.keycloak.adapters.ServerRequest.invokeAccessCodeToToken(ServerRequest.java:107)<br> at org.keycloak.adapters.OAuthRequestAuthenticator.resolveCode(OAuthRequestAuthenticator.java:314)<br> at org.keycloak.adapters.OAuthRequestAuthenticator.authenticate(OAuthRequestAuthenticator.java:260)<br> at org.keycloak.adapters.RequestAuthenticator.authenticate(RequestAuthenticator.java:112)<br> at org.keycloak.adapters.undertow.AbstractUndertowKeycloakAuthMech.keycloakAuthenticate(AbstractUndertowKeycloakAuthMech.java:110)<br> at org.keycloak.adapters.undertow.ServletKeycloakAuthMech.authenticate(ServletKeycloakAuthMech.java:92)<br> at io.undertow.security.impl.SecurityContextImpl$AuthAttempter.transition(SecurityContextImpl.java:233)<br> at io.undertow.security.impl.SecurityContextImpl$AuthAttempter.transition(SecurityContextImpl.java:250)<br> at io.undertow.security.impl.SecurityContextImpl$AuthAttempter.access$100(SecurityContextImpl.java:219)<br> at io.undertow.security.impl.SecurityContextImpl.attemptAuthentication(SecurityContextImpl.java:121)<br> at io.undertow.security.impl.SecurityContextImpl.authTransition(SecurityContextImpl.java:96)<br> at io.undertow.security.impl.SecurityContextImpl.authenticate(SecurityContextImpl.java:89)<br> at io.undertow.servlet.handlers.security.ServletAuthenticationCallHandler.handleRequest(ServletAuthenticationCallHandler.java:55)<br> at io.undertow.server.handlers.DisableCacheHandler.handleRequest(DisableCacheHandler.java:33)<br> at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)<br> at io.undertow.security.handlers.AuthenticationConstraintHandler.handleRequest(AuthenticationConstraintHandler.java:51)<br> at io.undertow.security.handlers.AbstractConfidentialityHandler.handleRequest(AbstractConfidentialityHandler.java:46)<br> at io.undertow.servlet.handlers.security.ServletConfidentialityConstraintHandler.handleRequest(ServletConfidentialityConstraintHandler.java:64)<br> at io.undertow.servlet.handlers.security.ServletSecurityConstraintHandler.handleRequest(ServletSecurityConstraintHandler.java:56)<br> at io.undertow.security.handlers.AuthenticationMechanismsHandler.handleRequest(AuthenticationMechanismsHandler.java:60)<br> at io.undertow.servlet.handlers.security.CachedAuthenticatedSessionHandler.handleRequest(CachedAuthenticatedSessionHandler.java:77)<br> at io.undertow.security.handlers.NotificationReceiverHandler.handleRequest(NotificationReceiverHandler.java:50)<br> at io.undertow.security.handlers.AbstractSecurityContextAssociationHandler.handleRequest(AbstractSecurityContextAssociationHandler.java:43)<br> at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)<br> at org.wildfly.extension.undertow.security.jacc.JACCContextIdHandler.handleRequest(JACCContextIdHandler.java:61)<br> at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)<br> at org.keycloak.adapters.undertow.ServletPreAuthActionsHandler.handleRequest(ServletPreAuthActionsHandler.java:69)<br> at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)<br> at io.undertow.servlet.handlers.ServletInitialHandler.handleFirstRequest(ServletInitialHandler.java:284)<br> at io.undertow.servlet.handlers.ServletInitialHandler.dispatchRequest(ServletInitialHandler.java:263)<br> at io.undertow.servlet.handlers.ServletInitialHandler.access$000(ServletInitialHandler.java:81)<br> at io.undertow.servlet.handlers.ServletInitialHandler$1.handleRequest(ServletInitialHandler.java:174)<br> at io.undertow.server.Connectors.executeRootHandler(Connectors.java:202)<br> at io.undertow.server.HttpServerExchange$1.run(HttpServerExchange.java:793)<br> at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)<br> at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)<br> at java.lang.Thread.run(Thread.java:745)<br>Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target<br> at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:387)<br> at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:292)<br> at sun.security.validator.Validator.validate(Validator.java:260)<br> at sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:324)<br> at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:229)<br> at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:124)<br> at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1491)<br> ... 56 more<br>Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target<br> at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141)<br> at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126)<br> at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:280)<br> at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:382)<br> ... 62 more<br><br><br></div><div>For what I understand it is because my java doesnt perceives my Cert as a proper CA signed cert. <br><br></div><div>Thanks,<br><br></div><div>Juan diego<br></div><div><br></div></div>
_______________________________________________<br>
keycloak-user mailing list<br>
<a href="mailto:keycloak-user@lists.jboss.org" target="_blank">keycloak-user@lists.jboss.org</a><br>
<a href="https://lists.jboss.org/mailman/listinfo/keycloak-user" rel="noreferrer" target="_blank">https://lists.jboss.org/mailman/listinfo/keycloak-user</a></blockquote></div></div></div></div>