<html><head></head><body style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space; color: rgb(0, 0, 0); font-size: 14px; font-family: Calibri, sans-serif;"><div><div style="color: rgb(0, 0, 0); font-family: Calibri, sans-serif; font-size: 14px;">Hi Niels,</div><div style="color: rgb(0, 0, 0); font-family: Calibri, sans-serif; font-size: 14px;"><br></div><div style="color: rgb(0, 0, 0); font-family: Calibri, sans-serif; font-size: 14px;">Thanks for the pointer.&nbsp;</div><div style="color: rgb(0, 0, 0); font-family: Calibri, sans-serif; font-size: 14px;"><br></div><div><font face="Calibri,sans-serif">I was not able to fix it so far (other than adapting the nginx ssl config). I checked the POM of key cloak. Apache Commons&nbsp;which is used now is 4.5, I used&nbsp;</font><font color="#545454" face="Calibri,sans-serif">-Djavax.net.debug=ssl:handshake&nbsp;with&nbsp;key cloak 1.9.1. Will try later this week to see if it still fails.</font></div><div><font color="#545454" face="Calibri,sans-serif"><br></font></div><div><font color="#545454" face="Calibri,sans-serif">Regards, Jazz</font></div><div style="color: rgb(0, 0, 0); font-family: Calibri, sans-serif; font-size: 14px;"><div id="MAC_OUTLOOK_SIGNATURE"></div></div></div><div style="color: rgb(0, 0, 0); font-family: Calibri, sans-serif; font-size: 14px;"><br></div><span id="OLK_SRC_BODY_SECTION" style="color: rgb(0, 0, 0); font-family: Calibri, sans-serif; font-size: 14px;"><div style="font-family:Calibri; font-size:12pt; text-align:left; color:black; BORDER-BOTTOM: medium none; BORDER-LEFT: medium none; PADDING-BOTTOM: 0in; PADDING-LEFT: 0in; PADDING-RIGHT: 0in; BORDER-TOP: #b5c4df 1pt solid; BORDER-RIGHT: medium none; PADDING-TOP: 3pt"><span style="font-weight:bold">From: </span> Niels Bertram &lt;<a href="mailto:nielsbne@gmail.com">nielsbne@gmail.com</a>&gt;<br><span style="font-weight:bold">Date: </span> Tuesday, June 7, 2016 at 11:25<br><span style="font-weight:bold">To: </span> Mogeneti &lt;<a href="mailto:jazz@sqmail.me">jazz@sqmail.me</a>&gt;<br><span style="font-weight:bold">Cc: </span> keycloak-user &lt;<a href="mailto:keycloak-user@lists.jboss.org">keycloak-user@lists.jboss.org</a>&gt;<br><span style="font-weight:bold">Subject: </span> Re: [keycloak-user] keycloak javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure<br></div><div><br></div><span style="mso-bookmark:_MailOriginalBody"><div dir="ltr">Hi Jazz,<div><br></div><div>did you ever got closure on this issue? The reason I asked, I ran into a SNI problem with the keycloak adapter client side a while ago and this was caused by the version of http commons used by keycloak 1.7.0 was dated and did not support SNI. I can see in your logs that the stack trace contains&nbsp;<span style="font-size:12.8px">org.apache.http in the exception path. Also sometimes adding&nbsp;</span><span style="color:rgb(84,84,84);line-height:18.2px">-Djavax.net.debug=all</span><span style="font-size:12.8px">&nbsp;JVM arg gives better information on what actually failed during handshake negotiation.</span></div><div><span style="font-size:12.8px"><br></span></div><div><span style="font-size:12.8px">Cheers,</span></div><div><span style="font-size:12.8px">Niels</span></div></div><div class="gmail_extra"><br><div class="gmail_quote">On Thu, Apr 14, 2016 at 3:19 PM,  <span dir="ltr">&lt;<a href="mailto:jazz@sqmail.me" target="_blank">jazz@sqmail.me</a>&gt;</span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">Hi Marko,<br><br>
Thanks for the feedback. I verified that strong encryption is<br>
available in the JVM:<br><span class=""><br>
2016-04-13 21:41:33,304 INFO&nbsp; [stdout] (ServerService Thread Pool --<br>
83) max allowed keylength = 2147483647<br><br></span>This seems to be the case. Any other ideas?<br><br>
Thanks in advance, Jazz<br><br><br>
Marko Strukelj &#8211; Wed., 13. April 2016 23:15<br><div><div class="h5">&gt; If you are using Oracle JDK you may need to install strong encryption.<br>
&gt;<br>
&gt; <a href="http://www.oracle.com/technetwork/java/javase/downloads/jce8-download-2133166.html" rel="noreferrer" target="_blank">http://www.oracle.com/technetwork/java/javase/downloads/jce8-download-2133166.html</a><br>
&gt;<br>
&gt; On Apr 13, 2016 10:03 PM, "jazz" &lt;<a href="mailto:jazz@sqmail.me">jazz@sqmail.me</a>&gt; wrote:<br>
&gt; Hi,<br>
&gt;<br>
&gt;<br>
&gt; I have wildfly 10 installed using nginx as https proxy server [1,<br>
&gt; standalone-full.xml]. Works great when using weak ciphers in nginx.<br>
&gt; In that case keycloak can connect back to the app after<br>
&gt; authentication (redirect SSL). When using strong ciphers in nginx<br>
&gt; [2] is fails the ssl handshake [4]. JCE seems enabled since the<br>
&gt; deployed app reports&nbsp;2016-04-13 21:41:33,304 INFO&nbsp;&nbsp;[stdout]<br>
&gt; (ServerService Thread Pool -- 83) max allowed keylength = 2147483647<br>
&gt;<br>
&gt;<br>
&gt; My question is: does keycloak use a limited set of ciphers? SNI<br>
&gt; works fine according to the log. I was digging in the code, but<br>
&gt; could not find something obvious [5]<br>
&gt;<br>
&gt;<br>
&gt; Best regards, Jazz<br>
&gt;<br>
&gt;<br>
&gt;<br>
&gt;<br>
&gt;<br>
&gt;<br>
&gt;<br>
&gt;<br>
&gt; [1] wildfly standalone-full.xml<br>
&gt;<br>
&gt;<br>
&gt; &lt;subsystem<br>
&gt; xmlns="urn:jboss:domain:undertow:3.0"&gt;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&lt;buffer-cache<br>
&gt; name="default"/&gt;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&lt;server<br>
&gt; name="default-server"&gt;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&lt;http-listener name="default"<br>
&gt; proxy-address-forwarding="true" socket-binding="http"<br>
&gt; redirect-socket="proxy-https"/&gt;<br>
&gt;&nbsp; &nbsp; &nbsp; &nbsp;[... snip ...]&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&lt;socket-binding-group name="standard-sockets"<br>
&gt; default-interface="public"<br>
&gt; port-offset="${jboss.socket.binding.port-offset:0}"&gt;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&lt;socket-binding<br>
&gt; name="management-http" interface="management"<br>
&gt; port="${jboss.management.http.port:9990}"/&gt;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&lt;socket-binding<br>
&gt; name="management-https" interface="management"<br>
&gt; port="${jboss.management.https.port:9993}"/&gt;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&lt;socket-binding<br>
&gt; name="http" port="${jboss.http.port:8080}"/&gt;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&lt;socket-binding<br>
&gt; name="https"<br>
&gt; port="${jboss.https.port:8444}"/&gt;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&lt;socket-binding<br>
&gt; name="proxy-https" port="443"/&gt;<br>
&gt; [2] nginx ssl.conf<br>
&gt; &nbsp;ssl_protocols&nbsp;&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;TLSv1 TLSv1.1 TLSv1.2;<br>
&gt; &nbsp;ssl_prefer_server_ciphers on;<br>
&gt; &nbsp;&nbsp;&nbsp;&nbsp;ssl_session_timeout 5m;<br>
&gt; &nbsp;&nbsp;&nbsp;&nbsp;ssl_ciphers&nbsp;&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256;<br>
&gt; &nbsp; &nbsp;&nbsp;<br>
&gt;<br>
&gt;<br>
&gt; [3] wildfly ssl debug enabled in /etc/systemd/system/wildfly.service&nbsp;<br>
&gt;<br>
&gt;<br>
&gt; [4]<br>
&gt;<br>
&gt;<br>
&gt; 2016-04-13 21:41:46,495 INFO&nbsp;&nbsp;[stdout] (default task-7) default<br>
&gt; task-7, setSoTimeout(0) called<br>
&gt; 2016-04-13 21:41:46,498 INFO&nbsp;&nbsp;[stdout] (default task-7) Allow unsafe<br>
&gt; renegotiation: false<br>
&gt; 2016-04-13 21:41:46,500 INFO&nbsp;&nbsp;[stdout] (default task-7) Allow legacy<br>
&gt; hello messages: true<br>
&gt; 2016-04-13 21:41:46,502 INFO&nbsp;&nbsp;[stdout] (default task-7) Is initial<br>
&gt; handshake: true<br>
&gt; 2016-04-13 21:41:46,503 INFO&nbsp;&nbsp;[stdout] (default task-7) Is secure<br>
&gt; renegotiation: false<br>
&gt; 2016-04-13 21:41:46,505 INFO&nbsp;&nbsp;[stdout] (default task-7) Ignoring<br>
&gt; unsupported cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA256 for TLSv1<br>
&gt; 2016-04-13 21:41:46,506 INFO&nbsp;&nbsp;[stdout] (default task-7) Ignoring<br>
&gt; unsupported cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 for<br>
&gt; TLSv1<br>
&gt; 2016-04-13 21:41:46,508 INFO&nbsp;&nbsp;[stdout] (default task-7) Ignoring<br>
&gt; unsupported cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA256 for<br>
&gt; TLSv1<br>
&gt; 2016-04-13 21:41:46,509 INFO&nbsp;&nbsp;[stdout] (default task-7) Ignoring<br>
&gt; unsupported cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA256 for TLSv1.1<br>
&gt; 2016-04-13 21:41:46,511 INFO&nbsp;&nbsp;[stdout] (default task-7) Ignoring<br>
&gt; unsupported cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 for<br>
&gt; TLSv1.1<br>
&gt; 2016-04-13 21:41:46,512 INFO&nbsp;&nbsp;[stdout] (default task-7) Ignoring<br>
&gt; unsupported cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA256 for<br>
&gt; TLSv1.1<br>
&gt; 2016-04-13 21:41:46,514 INFO&nbsp;&nbsp;[stdout] (default task-7) %% No cached<br>
&gt; client session<br>
&gt; 2016-04-13 21:41:46,518 INFO&nbsp;&nbsp;[stdout] (default task-7) ***<br>
&gt; ClientHello, TLSv1.2<br>
&gt; 2016-04-13 21:41:46,522 INFO&nbsp;&nbsp;[stdout] (default task-7)<br>
&gt; RandomCookie:&nbsp;&nbsp;GMT: 1460510714 bytes = { 151, 73, 204, 252, 103,<br>
&gt; 130, 99, 194, 229, 121, 137, 218, 8, 134, 230, 194, 64, 147, 182,<br>
&gt; 180, 12, 171, 41, 74, 46, 186, 180, 88 }<br>
&gt; 2016-04-13 21:41:46,523 INFO&nbsp;&nbsp;[stdout] (default task-7) Session ID:&nbsp;&nbsp;{}<br>
&gt; 2016-04-13 21:41:46,525 INFO&nbsp;&nbsp;[stdout] (default task-7) Cipher<br>
&gt; Suites: [TLS_RSA_WITH_AES_256_CBC_SHA256,<br>
&gt; TLS_DHE_RSA_WITH_AES_256_CBC_SHA256,<br>
&gt; TLS_DHE_DSS_WITH_AES_256_CBC_SHA256, TLS_RSA_WITH_AES_256_CBC_SHA,<br>
&gt; TLS_DHE_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_DSS_WITH_AES_256_CBC_SHA,<br>
&gt; TLS_RSA_WITH_AES_128_CBC_SHA256,<br>
&gt; TLS_DHE_RSA_WITH_AES_128_CBC_SHA256,<br>
&gt; TLS_DHE_DSS_WITH_AES_128_CBC_SHA256, TLS_RSA_WITH_AES_128_CBC_SHA,<br>
&gt; TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA,<br>
&gt; TLS_RSA_WITH_AES_256_GCM_SHA384,<br>
&gt; TLS_DHE_RSA_WITH_AES_256_GCM_SHA384,<br>
&gt; TLS_DHE_DSS_WITH_AES_256_GCM_SHA384,<br>
&gt; TLS_RSA_WITH_AES_128_GCM_SHA256,<br>
&gt; TLS_DHE_RSA_WITH_AES_128_GCM_SHA256,<br>
&gt; TLS_DHE_DSS_WITH_AES_128_GCM_SHA256, SSL_RSA_WITH_3DES_EDE_CBC_SHA,<br>
&gt; SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA,<br>
&gt; SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, TLS_EMPTY_RENEGOTIATION_INFO_SCSV]<br>
&gt; 2016-04-13 21:41:46,526 INFO&nbsp;&nbsp;[stdout] (default task-7) Compression<br>
&gt; Methods:&nbsp;&nbsp;{ 0 }<br>
&gt; 2016-04-13 21:41:46,527 INFO&nbsp;&nbsp;[stdout] (default task-7) Extension<br>
&gt; signature_algorithms, signature_algorithms: SHA512withECDSA,<br>
&gt; SHA512withRSA, SHA384withECDSA, SHA384withRSA, SHA256withECDSA,<br>
&gt; SHA256withRSA, SHA224withECDSA, SHA224withRSA, SHA1withECDSA,<br>
&gt; SHA1withRSA, SHA1withDSA<br>
&gt; 2016-04-13 21:41:46,529 INFO&nbsp;&nbsp;[stdout] (default task-7) Extension<br>
&gt; server_name, server_name: [type=host_name (0),<br>
&gt; value=<a href="http://keycloak.example.com" rel="noreferrer" target="_blank">keycloak.example.com</a>]<br>
&gt; 2016-04-13 21:41:46,530 INFO&nbsp;&nbsp;[stdout] (default task-7) ***<br>
&gt; 2016-04-13 21:41:46,531 INFO&nbsp;&nbsp;[stdout] (default task-7) default<br>
&gt; task-7, WRITE: TLSv1.2 Handshake, length = 138<br>
&gt; 2016-04-13 21:41:46,533 INFO&nbsp;&nbsp;[stdout] (default task-7) default<br>
&gt; task-7, READ: TLSv1.2 Alert, length = 2<br>
&gt; 2016-04-13 21:41:46,534 INFO&nbsp;&nbsp;[stdout] (default task-7) default<br>
&gt; task-7, RECV TLSv1.2 ALERT:&nbsp;&nbsp;fatal, handshake_failure<br>
&gt; 2016-04-13 21:41:46,535 INFO&nbsp;&nbsp;[stdout] (default task-7) default<br>
&gt; task-7, called closeSocket()<br>
&gt; 2016-04-13 21:41:46,536 INFO&nbsp;&nbsp;[stdout] (default task-7) default<br>
&gt; task-7, handling exception: javax.net.ssl.SSLHandshakeException:<br>
&gt; Received fatal alert: handshake_failure<br>
&gt; 2016-04-13 21:41:46,537 INFO&nbsp;&nbsp;[stdout] (default task-7) default<br>
&gt; task-7, called close()<br>
&gt; 2016-04-13 21:41:46,538 INFO&nbsp;&nbsp;[stdout] (default task-7) default<br>
&gt; task-7, called closeInternal(true)<br>
&gt; 2016-04-13 21:41:46,539 ERROR<br>
&gt; [org.keycloak.adapters.OAuthRequestAuthenticator] (default task-7)<br>
&gt; failed to turn code into token: javax.net.ssl.SSLHandshakeException:<br>
&gt; Received fatal alert: handshake_failure<br>
&gt;&nbsp; &nbsp; &nbsp; &nbsp;at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)<br>
&gt;&nbsp; &nbsp; &nbsp; &nbsp;at sun.security.ssl.Alerts.getSSLException(Alerts.java:154)<br>
&gt;&nbsp; &nbsp; &nbsp; &nbsp;at sun.security.ssl.SSLSocketImpl.recvAlert(SSLSocketImpl.java:2023)<br>
&gt;&nbsp; &nbsp; &nbsp; &nbsp;at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1125)<br>
&gt;&nbsp; &nbsp; &nbsp; &nbsp;at<br>
&gt; sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1375)<br>
&gt;&nbsp; &nbsp; &nbsp; &nbsp;at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1403)<br>
&gt;&nbsp; &nbsp; &nbsp; &nbsp;at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1387)<br>
&gt;&nbsp; &nbsp; &nbsp; &nbsp;at<br>
&gt; org.apache.http.conn.ssl.SSLSocketFactory.connectSocket(SSLSocketFactory.java:543)<br>
&gt;&nbsp; &nbsp; &nbsp; &nbsp;at<br>
&gt; org.keycloak.adapters.SniSSLSocketFactory.connectSocket(SniSSLSocketFactory.java:109)<br>
&gt;&nbsp; &nbsp; &nbsp; &nbsp;at<br>
&gt; org.apache.http.conn.ssl.SSLSocketFactory.connectSocket(SSLSocketFactory.java:409)<br>
&gt;&nbsp; &nbsp; &nbsp; &nbsp;at<br>
&gt; org.apache.http.impl.conn.DefaultClientConnectionOperator.openConnection(DefaultClientConnectionOperator.java:177)<br>
&gt;&nbsp; &nbsp; &nbsp; &nbsp;at<br>
&gt; org.apache.http.impl.conn.AbstractPoolEntry.open(AbstractPoolEntry.java:144)<br>
&gt;&nbsp; &nbsp; &nbsp; &nbsp;at<br>
&gt; org.apache.http.impl.conn.AbstractPooledConnAdapter.open(AbstractPooledConnAdapter.java:131)<br>
&gt;&nbsp; &nbsp; &nbsp; &nbsp;at<br>
&gt; org.apache.http.impl.client.DefaultRequestDirector.tryConnect(DefaultRequestDirector.java:611)<br>
&gt;&nbsp; &nbsp; &nbsp; &nbsp;at<br>
&gt; org.apache.http.impl.client.DefaultRequestDirector.execute(DefaultRequestDirector.java:446)<br>
&gt;&nbsp; &nbsp; &nbsp; &nbsp;at<br>
&gt; org.apache.http.impl.client.AbstractHttpClient.doExecute(AbstractHttpClient.java:882)<br>
&gt;&nbsp; &nbsp; &nbsp; &nbsp;at<br>
&gt; org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:82)<br>
&gt;&nbsp; &nbsp; &nbsp; &nbsp;at<br>
&gt; org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:107)<br>
&gt;&nbsp; &nbsp; &nbsp; &nbsp;at<br>
&gt; org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:55)<br>
&gt;&nbsp; &nbsp; &nbsp; &nbsp;at<br>
&gt; org.keycloak.adapters.ServerRequest.invokeAccessCodeToToken(ServerRequest.java:107)<br>
&gt;&nbsp; &nbsp; &nbsp; &nbsp;at<br>
&gt; org.keycloak.adapters.OAuthRequestAuthenticator.resolveCode(OAuthRequestAuthenticator.java:314)<br>
&gt;&nbsp; &nbsp; &nbsp; &nbsp;at<br>
&gt; org.keycloak.adapters.OAuthRequestAuthenticator.authenticate(OAuthRequestAuthenticator.java:260)<br>
&gt;&nbsp; &nbsp; &nbsp; &nbsp;at<br>
&gt; org.keycloak.adapters.RequestAuthenticator.authenticate(RequestAuthenticator.java:112)<br>
&gt;&nbsp; &nbsp; &nbsp; &nbsp;at<br>
&gt; org.keycloak.adapters.undertow.AbstractUndertowKeycloakAuthMech.keycloakAuthenticate(AbstractUndertowKeycloakAuthMech.java:110)<br>
&gt;&nbsp; &nbsp; &nbsp; &nbsp;at<br>
&gt; org.keycloak.adapters.undertow.ServletKeycloakAuthMech.authenticate(ServletKeycloakAuthMech.java:92)<br>
&gt;&nbsp; &nbsp; &nbsp; &nbsp;at<br>
&gt; io.undertow.security.impl.SecurityContextImpl$AuthAttempter.transition(SecurityContextImpl.java:233)<br>
&gt;&nbsp; &nbsp; &nbsp; &nbsp;at<br>
&gt; io.undertow.security.impl.SecurityContextImpl$AuthAttempter.transition(SecurityContextImpl.java:250)<br>
&gt;&nbsp; &nbsp; &nbsp; &nbsp;at<br>
&gt; io.undertow.security.impl.SecurityContextImpl$AuthAttempter.access$100(SecurityContextImpl.java:219)<br>
&gt;&nbsp; &nbsp; &nbsp; &nbsp;at<br>
&gt; io.undertow.security.impl.SecurityContextImpl.attemptAuthentication(SecurityContextImpl.java:121)<br>
&gt;&nbsp; &nbsp; &nbsp; &nbsp;at<br>
&gt; io.undertow.security.impl.SecurityContextImpl.authTransition(SecurityContextImpl.java:96)<br>
&gt;&nbsp; &nbsp; &nbsp; &nbsp;at<br>
&gt; io.undertow.security.impl.SecurityContextImpl.authenticate(SecurityContextImpl.java:89)<br>
&gt;&nbsp; &nbsp; &nbsp; &nbsp;at<br>
&gt; io.undertow.servlet.handlers.security.ServletAuthenticationCallHandler.handleRequest(ServletAuthenticationCallHandler.java:55)<br>
&gt;&nbsp; &nbsp; &nbsp; &nbsp;at<br>
&gt; io.undertow.server.handlers.DisableCacheHandler.handleRequest(DisableCacheHandler.java:33)<br>
&gt;&nbsp; &nbsp; &nbsp; &nbsp;at<br>
&gt; io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)<br>
&gt;&nbsp; &nbsp; &nbsp; &nbsp;at<br>
&gt; io.undertow.security.handlers.AuthenticationConstraintHandler.handleRequest(AuthenticationConstraintHandler.java:51)<br>
&gt;&nbsp; &nbsp; &nbsp; &nbsp;at<br>
&gt; io.undertow.security.handlers.AbstractConfidentialityHandler.handleRequest(AbstractConfidentialityHandler.java:46)<br>
&gt;&nbsp; &nbsp; &nbsp; &nbsp;at<br>
&gt; io.undertow.servlet.handlers.security.ServletConfidentialityConstraintHandler.handleRequest(ServletConfidentialityConstraintHandler.java:64)<br>
&gt;&nbsp; &nbsp; &nbsp; &nbsp;at<br>
&gt; io.undertow.servlet.handlers.security.ServletSecurityConstraintHandler.handleRequest(ServletSecurityConstraintHandler.java:56)<br>
&gt;&nbsp; &nbsp; &nbsp; &nbsp;at<br>
&gt; io.undertow.security.handlers.AuthenticationMechanismsHandler.handleRequest(AuthenticationMechanismsHandler.java:60)<br>
&gt;&nbsp; &nbsp; &nbsp; &nbsp;at<br>
&gt; io.undertow.servlet.handlers.security.CachedAuthenticatedSessionHandler.handleRequest(CachedAuthenticatedSessionHandler.java:77)<br>
&gt;&nbsp; &nbsp; &nbsp; &nbsp;at<br>
&gt; io.undertow.security.handlers.NotificationReceiverHandler.handleRequest(NotificationReceiverHandler.java:50)<br>
&gt;&nbsp; &nbsp; &nbsp; &nbsp;at<br>
&gt; io.undertow.security.handlers.AbstractSecurityContextAssociationHandler.handleRequest(AbstractSecurityContextAssociationHandler.java:43)<br>
&gt;&nbsp; &nbsp; &nbsp; &nbsp;at<br>
&gt; io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)<br>
&gt;&nbsp; &nbsp; &nbsp; &nbsp;at<br>
&gt; org.wildfly.extension.undertow.security.jacc.JACCContextIdHandler.handleRequest(JACCContextIdHandler.java:61)<br>
&gt;&nbsp; &nbsp; &nbsp; &nbsp;at<br>
&gt; io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)<br>
&gt;&nbsp; &nbsp; &nbsp; &nbsp;at<br>
&gt; org.keycloak.adapters.undertow.ServletPreAuthActionsHandler.handleRequest(ServletPreAuthActionsHandler.java:69)<br>
&gt;&nbsp; &nbsp; &nbsp; &nbsp;at<br>
&gt; io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)<br>
&gt;&nbsp; &nbsp; &nbsp; &nbsp;at<br>
&gt; io.undertow.servlet.handlers.ServletInitialHandler.handleFirstRequest(ServletInitialHandler.java:284)<br>
&gt;&nbsp; &nbsp; &nbsp; &nbsp;at<br>
&gt; io.undertow.servlet.handlers.ServletInitialHandler.dispatchRequest(ServletInitialHandler.java:263)<br>
&gt;&nbsp; &nbsp; &nbsp; &nbsp;at<br>
&gt; io.undertow.servlet.handlers.ServletInitialHandler.access$000(ServletInitialHandler.java:81)<br>
&gt;&nbsp; &nbsp; &nbsp; &nbsp;at<br>
&gt; io.undertow.servlet.handlers.ServletInitialHandler$1.handleRequest(ServletInitialHandler.java:174)<br>
&gt;&nbsp; &nbsp; &nbsp; &nbsp;at io.undertow.server.Connectors.executeRootHandler(Connectors.java:202)<br>
&gt;&nbsp; &nbsp; &nbsp; &nbsp;at io.undertow.server.HttpServerExchange$1.run(HttpServerExchange.java:793)<br>
&gt;&nbsp; &nbsp; &nbsp; &nbsp;at<br>
&gt; java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)<br>
&gt;&nbsp; &nbsp; &nbsp; &nbsp;at<br>
&gt; java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)<br>
&gt;&nbsp; &nbsp; &nbsp; &nbsp;at java.lang.Thread.run(Thread.java:745)<br>
&gt;<br>
&gt;<br>
&gt; [5]<br>
&gt; <a href="https://github.com/keycloak/keycloak/blob/master/adapters/oidc/adapter-core/src/main/java/org/keycloak/adapters/SniSSLSocketFactory.java" rel="noreferrer" target="_blank">https://github.com/keycloak/keycloak/blob/master/adapters/oidc/adapter-core/src/main/java/org/keycloak/adapters/SniSSLSocketFactory.java</a><br>
&gt;<br>
&gt;<br>
&gt;<br>
&gt;<br>
&gt;<br>
&gt;<br>
&gt;<br><br></div></div>_______________________________________________<br>
keycloak-user mailing list<br><a href="mailto:keycloak-user@lists.jboss.org">keycloak-user@lists.jboss.org</a><br><a href="https://lists.jboss.org/mailman/listinfo/keycloak-user" rel="noreferrer" target="_blank">https://lists.jboss.org/mailman/listinfo/keycloak-user</a></blockquote></div><br></div></span></span></body></html>