<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-2">
<meta name="Generator" content="Microsoft Word 15 (filtered medium)">
<style><!--
/* Font Definitions */
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri",sans-serif;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:#0563C1;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:#954F72;
text-decoration:underline;}
span.EmailStyle17
{mso-style-type:personal-compose;
font-family:"Calibri",sans-serif;
color:windowtext;}
.MsoChpDefault
{mso-style-type:export-only;}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
</head>
<body lang="EN-US" link="#0563C1" vlink="#954F72">
<div class="WordSection1">
<p class="MsoNormal">Hello all,<o:p></o:p></p>
<p class="MsoNormal">We have keycloak-2.1.0.Final server and keycloak-as7-adapter-2.1.0 adapter version installed. We are trying to configure https proxy / lb for keycloak server. I am getting the following error from keycloak adapter after succesfull sign
in to keycloak server. Here is the keycloak adapter log part:<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">2016-09-22 10:45:50,643 DEBUG [org.keycloak.adapters.PreAuthActionsHandler] (http-/0.0.0.0:8080-1) adminRequest https://lbbams.intra.dcom.sk/rtgov-ui/<o:p></o:p></p>
<p class="MsoNormal">2016-09-22 10:45:50,643 TRACE [org.keycloak.adapters.RequestAuthenticator] (http-/0.0.0.0:8080-1) --> authenticate()<o:p></o:p></p>
<p class="MsoNormal">2016-09-22 10:45:50,644 TRACE [org.keycloak.adapters.RequestAuthenticator] (http-/0.0.0.0:8080-1) try bearer<o:p></o:p></p>
<p class="MsoNormal">2016-09-22 10:45:50,644 TRACE [org.keycloak.adapters.RequestAuthenticator] (http-/0.0.0.0:8080-1) try query paramter auth<o:p></o:p></p>
<p class="MsoNormal">2016-09-22 10:45:50,644 TRACE [org.keycloak.adapters.RequestAuthenticator] (http-/0.0.0.0:8080-1) try oauth<o:p></o:p></p>
<p class="MsoNormal">2016-09-22 10:45:50,644 DEBUG [org.keycloak.adapters.OAuthRequestAuthenticator] (http-/0.0.0.0:8080-1) there was no code<o:p></o:p></p>
<p class="MsoNormal">2016-09-22 10:45:50,644 DEBUG [org.keycloak.adapters.OAuthRequestAuthenticator] (http-/0.0.0.0:8080-1) redirecting to auth server<o:p></o:p></p>
<p class="MsoNormal">2016-09-22 10:45:50,644 DEBUG [org.keycloak.adapters.OAuthRequestAuthenticator] (http-/0.0.0.0:8080-1) callback uri: https://lbbams.intra.dcom.sk/rtgov-ui/<o:p></o:p></p>
<p class="MsoNormal">2016-09-22 10:45:50,645 DEBUG [org.keycloak.adapters.OAuthRequestAuthenticator] (http-/0.0.0.0:8080-1) Sending redirect to login page: https://lbbams.intra.dcom.sk/auth/realms/governance/protocol/openid-connect/auth?response_type=code&cl<o:p></o:p></p>
<p class="MsoNormal">ient_id=rtgov-ui&redirect_uri=https%3A%2F%2Flbbams.intra.dcom.sk%2Frtgov-ui%2F&state=2%2F0e9cc85b-42eb-42c5-812b-0e47e9ce8cb5&login=true&scope=openid<o:p></o:p></p>
<p class="MsoNormal">2016-09-22 10:45:50,663 DEBUG [org.keycloak.adapters.PreAuthActionsHandler] (http-/0.0.0.0:8080-1) adminRequest https://lbbams.intra.dcom.sk/rtgov-ui/?state=2%2F0e9cc85b-42eb-42c5-812b-0e47e9ce8cb5&code=Q_sNdYGZ-St2psIoJwvTZCJTUgrvGwRlYa<o:p></o:p></p>
<p class="MsoNormal">UprOc-2L8.eece03c6-f354-49b6-9742-8a41b40ad19a<o:p></o:p></p>
<p class="MsoNormal">2016-09-22 10:45:50,663 TRACE [org.keycloak.adapters.RequestAuthenticator] (http-/0.0.0.0:8080-1) --> authenticate()<o:p></o:p></p>
<p class="MsoNormal">2016-09-22 10:45:50,664 TRACE [org.keycloak.adapters.RequestAuthenticator] (http-/0.0.0.0:8080-1) try bearer<o:p></o:p></p>
<p class="MsoNormal">2016-09-22 10:45:50,664 TRACE [org.keycloak.adapters.RequestAuthenticator] (http-/0.0.0.0:8080-1) try query paramter auth<o:p></o:p></p>
<p class="MsoNormal">2016-09-22 10:45:50,664 TRACE [org.keycloak.adapters.RequestAuthenticator] (http-/0.0.0.0:8080-1) try oauth<o:p></o:p></p>
<p class="MsoNormal">2016-09-22 10:45:50,664 DEBUG [org.keycloak.adapters.OAuthRequestAuthenticator] (http-/0.0.0.0:8080-1) there was a code, resolving<o:p></o:p></p>
<p class="MsoNormal">2016-09-22 10:45:50,664 DEBUG [org.keycloak.adapters.OAuthRequestAuthenticator] (http-/0.0.0.0:8080-1) checking state cookie for after code<o:p></o:p></p>
<p class="MsoNormal">2016-09-22 10:45:50,664 DEBUG [org.keycloak.adapters.OAuthRequestAuthenticator] (http-/0.0.0.0:8080-1) ** reseting application state cookie<o:p></o:p></p>
<p class="MsoNormal">2016-09-22 10:45:50,668 ERROR [org.keycloak.adapters.OAuthRequestAuthenticator] (http-/0.0.0.0:8080-1) failed to turn code into token: javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated<o:p></o:p></p>
<p class="MsoNormal"> at sun.security.ssl.SSLSessionImpl.getPeerCertificates(SSLSessionImpl.java:397) [jsse.jar:1.7.0_67]<o:p></o:p></p>
<p class="MsoNormal"> at org.apache.http.conn.ssl.AbstractVerifier.verify(AbstractVerifier.java:128) [httpclient-4.2.1-redhat-1.jar:4.2.1-redhat-1]<o:p></o:p></p>
<p class="MsoNormal"> at org.apache.http.conn.ssl.SSLSocketFactory.connectSocket(SSLSocketFactory.java:572) [httpclient-4.2.1-redhat-1.jar:4.2.1-redhat-1]<o:p></o:p></p>
<p class="MsoNormal"> at org.apache.http.impl.conn.DefaultClientConnectionOperator.openConnection(DefaultClientConnectionOperator.java:180) [httpclient-4.2.1-redhat-1.jar:4.2.1-redhat-1]<o:p></o:p></p>
<p class="MsoNormal"> at org.apache.http.impl.conn.AbstractPoolEntry.open(AbstractPoolEntry.java:151) [httpclient-4.2.1-redhat-1.jar:4.2.1-redhat-1]<o:p></o:p></p>
<p class="MsoNormal"> at org.apache.http.impl.conn.AbstractPooledConnAdapter.open(AbstractPooledConnAdapter.java:125) [httpclient-4.2.1-redhat-1.jar:4.2.1-redhat-1]<o:p></o:p></p>
<p class="MsoNormal"> at org.apache.http.impl.client.DefaultRequestDirector.tryConnect(DefaultRequestDirector.java:640) [httpclient-4.2.1-redhat-1.jar:4.2.1-redhat-1]<o:p></o:p></p>
<p class="MsoNormal"> at org.apache.http.impl.client.DefaultRequestDirector.execute(DefaultRequestDirector.java:479) [httpclient-4.2.1-redhat-1.jar:4.2.1-redhat-1]<o:p></o:p></p>
<p class="MsoNormal"> at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:906) [httpclient-4.2.1-redhat-1.jar:4.2.1-redhat-1]<o:p></o:p></p>
<p class="MsoNormal"> at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:805) [httpclient-4.2.1-redhat-1.jar:4.2.1-redhat-1]<o:p></o:p></p>
<p class="MsoNormal"> at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:784) [httpclient-4.2.1-redhat-1.jar:4.2.1-redhat-1]<o:p></o:p></p>
<p class="MsoNormal"> at org.keycloak.adapters.ServerRequest.invokeAccessCodeToToken(ServerRequest.java:107) [keycloak-adapter-core-2.1.0.Final.jar:2.1.0.Final]<o:p></o:p></p>
<p class="MsoNormal"> at org.keycloak.adapters.OAuthRequestAuthenticator.resolveCode(OAuthRequestAuthenticator.java:327) [keycloak-adapter-core-2.1.0.Final.jar:2.1.0.Final]<o:p></o:p></p>
<p class="MsoNormal"> at org.keycloak.adapters.OAuthRequestAuthenticator.authenticate(OAuthRequestAuthenticator.java:273) [keycloak-adapter-core-2.1.0.Final.jar:2.1.0.Final]<o:p></o:p></p>
<p class="MsoNormal"> at org.keycloak.adapters.RequestAuthenticator.authenticate(RequestAuthenticator.java:130) [keycloak-adapter-core-2.1.0.Final.jar:2.1.0.Final]<o:p></o:p></p>
<p class="MsoNormal"> at org.keycloak.adapters.tomcat.AbstractKeycloakAuthenticatorValve.authenticateInternal(AbstractKeycloakAuthenticatorValve.java:206) [keycloak-tomcat-core-adapter-2.1.0.Final.jar:2.1.0.Final]<o:p></o:p></p>
<p class="MsoNormal"> at org.keycloak.adapters.jbossweb.KeycloakAuthenticatorValve.authenticate(KeycloakAuthenticatorValve.java:43) [keycloak-as7-adapter-2.1.0.Final.jar:2.1.0.Final]<o:p></o:p></p>
<p class="MsoNormal"> at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:478) [jbossweb-7.4.8.Final-redhat-4.jar:7.4.8.Final-redhat-4]<o:p></o:p></p>
<p class="MsoNormal"> at org.keycloak.adapters.tomcat.AbstractKeycloakAuthenticatorValve.invoke(AbstractKeycloakAuthenticatorValve.java:187) [keycloak-tomcat-core-adapter-2.1.0.Final.jar:2.1.0.Final]<o:p></o:p></p>
<p class="MsoNormal"> at org.jboss.as.web.security.SecurityContextAssociationValve.invoke(SecurityContextAssociationValve.java:169) [jboss-as-web-7.4.0.Final-redhat-19.jar:7.4.0.Final-redhat-19]<o:p></o:p></p>
<p class="MsoNormal"> at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:145) [jbossweb-7.4.8.Final-redhat-4.jar:7.4.8.Final-redhat-4]<o:p></o:p></p>
<p class="MsoNormal"> at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:97) [jbossweb-7.4.8.Final-redhat-4.jar:7.4.8.Final-redhat-4]<o:p></o:p></p>
<p class="MsoNormal"> at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:559) [jbossweb-7.4.8.Final-redhat-4.jar:7.4.8.Final-redhat-4]<o:p></o:p></p>
<p class="MsoNormal"> at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:102) [jbossweb-7.4.8.Final-redhat-4.jar:7.4.8.Final-redhat-4]<o:p></o:p></p>
<p class="MsoNormal"> at org.apache.catalina.valves.RemoteIpValve.invoke(RemoteIpValve.java:621) [jbossweb-7.4.8.Final-redhat-4.jar:7.4.8.Final-redhat-4]<o:p></o:p></p>
<p class="MsoNormal"> at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:344) [jbossweb-7.4.8.Final-redhat-4.jar:7.4.8.Final-redhat-4]<o:p></o:p></p>
<p class="MsoNormal"> at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:856) [jbossweb-7.4.8.Final-redhat-4.jar:7.4.8.Final-redhat-4]<o:p></o:p></p>
<p class="MsoNormal"> at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:653) [jbossweb-7.4.8.Final-redhat-4.jar:7.4.8.Final-redhat-4]<o:p></o:p></p>
<p class="MsoNormal"> at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:926) [jbossweb-7.4.8.Final-redhat-4.jar:7.4.8.Final-redhat-4]<o:p></o:p></p>
<p class="MsoNormal"> at java.lang.Thread.run(Thread.java:745) [rt.jar:1.7.0_67]<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">Our keycloak adapter config:<o:p></o:p></p>
<p class="MsoNormal"> <subsystem xmlns="urn:jboss:domain:keycloak:1.1"><o:p></o:p></p>
<p class="MsoNormal"> <realm name="governance"><o:p></o:p></p>
<p class="MsoNormal"> <realm-public-key>public key string…</realm-public-key><o:p></o:p></p>
<p class="MsoNormal"> <auth-server-url>${keycloak.auth.url:/auth}</auth-server-url><o:p></o:p></p>
<p class="MsoNormal"> <principal-attribute>preferred_username</principal-attribute><o:p></o:p></p>
<p class="MsoNormal"> <disable-trust-manager>true</disable-trust-manager><o:p></o:p></p>
<p class="MsoNormal"> <allow-any-hostname>true</allow-any-hostname><o:p></o:p></p>
<p class="MsoNormal"> </realm><o:p></o:p></p>
<p class="MsoNormal"> <secure-deployment name="overlord-rtgov-ui.war"><o:p></o:p></p>
<p class="MsoNormal"> <realm>governance</realm><o:p></o:p></p>
<p class="MsoNormal"> <resource>rtgov-ui</resource><o:p></o:p></p>
<p class="MsoNormal"> <credential name="secret">password</credential><o:p></o:p></p>
<p class="MsoNormal"> </secure-deployment><o:p></o:p></p>
<p class="MsoNormal"> <secure-deployment name="overlord-rtgov.war"><o:p></o:p></p>
<p class="MsoNormal"> <realm>governance</realm><o:p></o:p></p>
<p class="MsoNormal"> <resource>overlord-rtgov</resource><o:p></o:p></p>
<p class="MsoNormal"> <enable-basic-auth>true</enable-basic-auth><o:p></o:p></p>
<p class="MsoNormal"> <credential name="secret">password</credential><o:p></o:p></p>
<p class="MsoNormal"> </secure-deployment><o:p></o:p></p>
<p class="MsoNormal"> </subsystem><o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">Could you please help us, how can we fix this? Thanks a log.<o:p></o:p></p>
<p class="MsoNormal">Stefan Kasala. <o:p></o:p></p>
</div>
<br>
<hr>
<font face="Arial" color="Gray" size="1"><br>
Táto správa je určená iba pre uvedeného príjemcu a môže obsahovať dôverné alebo interné informácie. Ak ste ju omylom obdržali, upovedomte o tom prosím odosielateľa a vymažte ju. Akýkoľvek iný spôsob použitia tohto e-mailu je zakázaný.<br>
<br>
This message is for the designated recipient only and may contain confidential or internal information. If you have received it in error, please notify the sender immediately and delete the original. Any other use of the e-mail by you is prohibited.<br>
</font>
</body>
</html>