<html>
<head>
<meta content="text/html; charset=windows-1252"
http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
<div class="moz-cite-prefix">It seems that's because Keycloak is not
able to send backchannel request to github due to github
certificate not trusted. <br>
<br>
Are you using custom truststore set with truststore SPI or with
"javax.net.ssl.truststore" system property? I think that by
default github SSL certificate is verified by well-known CA, so it
shouldn't be the issue to connect to that if you use default Java
file with certificates (cacerts). However if you have custom
trustore set, then default java cacerts file is possibly not used,
so well-known certificates like the one from github are not
trusted. We should likely have a solution, which will allow to set
custom truststore in addition to default java cacerts file. But
until we have it, you probably need to manually create truststore
file, where you import both the "well-known" certificates together
with your custom certificates.<br>
<br>
Marek<br>
<br>
On 07/06/16 08:02, LI Ming wrote:<br>
</div>
<blockquote
cite="mid:81FBAB8F05BC6F418853660D9326281E1F14271D@cnshjmbx03"
type="cite">
<meta http-equiv="Content-Type" content="text/html;
charset=windows-1252">
<meta name="Generator" content="Microsoft Word 14 (filtered
medium)">
<style><!--
/* Font Definitions */
@font-face
{font-family:\5B8B\4F53;
panose-1:2 1 6 0 3 1 1 1 1 1;}
@font-face
{font-family:\5B8B\4F53;
panose-1:2 1 6 0 3 1 1 1 1 1;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:"\@\5B8B\4F53";
panose-1:2 1 6 0 3 1 1 1 1 1;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0cm;
margin-bottom:.0001pt;
text-align:justify;
text-justify:inter-ideograph;
font-size:10.5pt;
font-family:"Calibri","sans-serif";}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
span.EmailStyle17
{mso-style-type:personal-compose;
font-family:"Calibri","sans-serif";
color:windowtext;}
.MsoChpDefault
{mso-style-type:export-only;
font-family:"Calibri","sans-serif";}
/* Page Definitions */
@page WordSection1
{size:612.0pt 792.0pt;
margin:72.0pt 90.0pt 72.0pt 90.0pt;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
<div class="WordSection1">
<p class="MsoNormal"><span lang="EN-US">Hi,<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US"><o:p> </o:p></span></p>
<p class="MsoNormal"><span lang="EN-US"> When I setup social
identity provider (GitHub) to authenticate the user, it
always failed with the below error:<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US"><o:p> </o:p></span></p>
<p class="MsoNormal"><span lang="EN-US">2016-06-07 00:49:05,349
ERROR
[org.keycloak.broker.oidc.AbstractOAuth2IdentityProvider]
(default task-9) Failed to make identity provider oauth
callback: java.net.ConnectException: Connection timed out<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US"> at
java.net.PlainSocketImpl.socketConnect(Native Method)<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US"> at
java.net.AbstractPlainSocketImpl.doConnect(AbstractPlainSocketImpl.java:350)<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US"> at
java.net.AbstractPlainSocketImpl.connectToAddress(AbstractPlainSocketImpl.java:206)<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US"> at
java.net.AbstractPlainSocketImpl.connect(AbstractPlainSocketImpl.java:188)<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US"> at
java.net.SocksSocketImpl.connect(SocksSocketImpl.java:392)<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US"> at
java.net.Socket.connect(Socket.java:589)<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US"> at
sun.security.ssl.SSLSocketImpl.connect(SSLSocketImpl.java:668)<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US"> at
sun.security.ssl.BaseSSLSocketImpl.connect(BaseSSLSocketImpl.java:173)<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US"> at
sun.net.NetworkClient.doConnect(NetworkClient.java:180)<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US"> at
sun.net.www.http.HttpClient.openServer(HttpClient.java:432)<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US"> at
sun.net.www.http.HttpClient.openServer(HttpClient.java:527)<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US"> at
sun.net.www.protocol.https.HttpsClient.<init>(HttpsClient.java:264)<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US"> at
sun.net.www.protocol.https.HttpsClient.New(HttpsClient.java:367)<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US"> at
sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.getNewHttpClient(AbstractDelegateHttpsURLConnection.java:191)<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US"> at
sun.net.www.protocol.http.HttpURLConnection.plainConnect0(HttpURLConnection.java:1105)<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US"> at
sun.net.www.protocol.http.HttpURLConnection.plainConnect(HttpURLConnection.java:999)<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US"> at
sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:177)<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US"> at
sun.net.www.protocol.http.HttpURLConnection.getOutputStream0(HttpURLConnection.java:1283)<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US"> at
sun.net.www.protocol.http.HttpURLConnection.getOutputStream(HttpURLConnection.java:1258)<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US"> at
sun.net.www.protocol.https.HttpsURLConnectionImpl.getOutputStream(HttpsURLConnectionImpl.java:250)<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US"> at
org.keycloak.broker.provider.util.SimpleHttp.asString(SimpleHttp.java:141)<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US"> at
org.keycloak.broker.oidc.AbstractOAuth2IdentityProvider$Endpoint.authResponse(AbstractOAuth2IdentityProvider.java:228)<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US"> at
sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US"> …<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US">2016-06-07 00:49:05,355
WARN [org.keycloak.events] (default task-9)
type=LOGIN_ERROR, realmId=demo, clientId=null, userId=null,
ipAddress=135.252.159.35,
error=identity_provider_login_failure<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US"><o:p> </o:p></span></p>
<p class="MsoNormal"><span lang="EN-US"> Can you help to
identity the failure reason?<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US"><o:p> </o:p></span></p>
<p class="MsoNormal"><span lang="EN-US"> Thanks,<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US"><o:p> </o:p></span></p>
<p class="MsoNormal"><span lang="EN-US">Ming Li<o:p></o:p></span></p>
</div>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">_______________________________________________
keycloak-user mailing list
<a class="moz-txt-link-abbreviated" href="mailto:keycloak-user@lists.jboss.org">keycloak-user@lists.jboss.org</a>
<a class="moz-txt-link-freetext" href="https://lists.jboss.org/mailman/listinfo/keycloak-user">https://lists.jboss.org/mailman/listinfo/keycloak-user</a></pre>
</blockquote>
<br>
</body>
</html>