<html>
<head>
<meta content="text/html; charset=UTF-8" http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
<div class="moz-cite-prefix">It seems you need to configure
truststore on adapter side, so the adapter (which uses Apache HTTP
Client under the hood) is able to communicate with Keycloak server
and trust it. You can take a look at docs and see the options
related to truststore [1] .<br>
<br>
[1]
<a class="moz-txt-link-freetext" href="https://keycloak.gitbooks.io/securing-client-applications-guide/content/v/2.2/topics/oidc/java/java-adapter-config.html">https://keycloak.gitbooks.io/securing-client-applications-guide/content/v/2.2/topics/oidc/java/java-adapter-config.html</a><br>
<br>
Marek<br>
<br>
On 26/09/16 09:46, KASALA Štefan wrote:<br>
</div>
<blockquote cite="mid:4a9d5d7e814844688de32257d943ff48@posam.sk"
type="cite">
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<meta name="Generator" content="Microsoft Word 15 (filtered
medium)">
<!--[if !mso]><style>v\:* {behavior:url(#default#VML);}
o\:* {behavior:url(#default#VML);}
w\:* {behavior:url(#default#VML);}
.shape {behavior:url(#default#VML);}
</style><![endif]-->
<style><!--
/* Font Definitions */
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri",sans-serif;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:#0563C1;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:#954F72;
text-decoration:underline;}
span.EmailStyle17
{mso-style-type:personal;
font-family:"Calibri",sans-serif;
color:windowtext;}
span.EmailStyle18
{mso-style-type:personal-reply;
font-family:"Calibri",sans-serif;
color:#1F497D;}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
<div class="WordSection1">
<p class="MsoNormal"><span style="color:#1F497D">Hello,<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D">Please let me
know, if you need more information to make the problem
better to understand. Thanks a lot.<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D">Stefan<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"><o:p> </o:p></span></p>
<div>
<div style="border:none;border-top:solid #E1E1E1
1.0pt;padding:3.0pt 0in 0in 0in">
<p class="MsoNormal"><b>From:</b>
<a class="moz-txt-link-abbreviated" href="mailto:keycloak-user-bounces@lists.jboss.org">keycloak-user-bounces@lists.jboss.org</a>
[<a class="moz-txt-link-freetext" href="mailto:keycloak-user-bounces@lists.jboss.org">mailto:keycloak-user-bounces@lists.jboss.org</a>]
<br>
<b>Sent:</b> Thursday, September 22, 2016 10:55 AM<br>
<b>To:</b> <a class="moz-txt-link-abbreviated" href="mailto:keycloak-user@lists.jboss.org">keycloak-user@lists.jboss.org</a><br>
<b>Subject:</b> [keycloak-user]
javax.net.ssl.SSLPeerUnverifiedException: peer not
authenticated<o:p></o:p></p>
</div>
</div>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">Hello all,<o:p></o:p></p>
<p class="MsoNormal">We have keycloak-2.1.0.Final server and
keycloak-as7-adapter-2.1.0 adapter version installed. We are
trying to configure https proxy / lb for keycloak server. I
am getting the following error from keycloak adapter after
succesfull sign in to keycloak server. Here is the keycloak
adapter log part:<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">2016-09-22 10:45:50,643 DEBUG
[org.keycloak.adapters.PreAuthActionsHandler]
(http-/0.0.0.0:8080-1) adminRequest
<a moz-do-not-send="true"
href="https://lbbams.intra.dcom.sk/rtgov-ui/">https://lbbams.intra.dcom.sk/rtgov-ui/</a><o:p></o:p></p>
<p class="MsoNormal">2016-09-22 10:45:50,643 TRACE
[org.keycloak.adapters.RequestAuthenticator]
(http-/0.0.0.0:8080-1) --> authenticate()<o:p></o:p></p>
<p class="MsoNormal">2016-09-22 10:45:50,644 TRACE
[org.keycloak.adapters.RequestAuthenticator]
(http-/0.0.0.0:8080-1) try bearer<o:p></o:p></p>
<p class="MsoNormal">2016-09-22 10:45:50,644 TRACE
[org.keycloak.adapters.RequestAuthenticator]
(http-/0.0.0.0:8080-1) try query paramter auth<o:p></o:p></p>
<p class="MsoNormal">2016-09-22 10:45:50,644 TRACE
[org.keycloak.adapters.RequestAuthenticator]
(http-/0.0.0.0:8080-1) try oauth<o:p></o:p></p>
<p class="MsoNormal">2016-09-22 10:45:50,644 DEBUG
[org.keycloak.adapters.OAuthRequestAuthenticator]
(http-/0.0.0.0:8080-1) there was no code<o:p></o:p></p>
<p class="MsoNormal">2016-09-22 10:45:50,644 DEBUG
[org.keycloak.adapters.OAuthRequestAuthenticator]
(http-/0.0.0.0:8080-1) redirecting to auth server<o:p></o:p></p>
<p class="MsoNormal">2016-09-22 10:45:50,644 DEBUG
[org.keycloak.adapters.OAuthRequestAuthenticator]
(http-/0.0.0.0:8080-1) callback uri:
<a moz-do-not-send="true"
href="https://lbbams.intra.dcom.sk/rtgov-ui/">https://lbbams.intra.dcom.sk/rtgov-ui/</a><o:p></o:p></p>
<p class="MsoNormal">2016-09-22 10:45:50,645 DEBUG
[org.keycloak.adapters.OAuthRequestAuthenticator]
(http-/0.0.0.0:8080-1) Sending redirect to login page:
<a moz-do-not-send="true"
href="https://lbbams.intra.dcom.sk/auth/realms/governance/protocol/openid-connect/auth?response_type=code&cl">https://lbbams.intra.dcom.sk/auth/realms/governance/protocol/openid-connect/auth?response_type=code&cl</a><o:p></o:p></p>
<p class="MsoNormal">ient_id=rtgov-ui&redirect_uri=https%3A%2F%2Flbbams.intra.dcom.sk%2Frtgov-ui%2F&state=2%2F0e9cc85b-42eb-42c5-812b-0e47e9ce8cb5&login=true&scope=openid<o:p></o:p></p>
<p class="MsoNormal">2016-09-22 10:45:50,663 DEBUG
[org.keycloak.adapters.PreAuthActionsHandler]
(http-/0.0.0.0:8080-1) adminRequest
<a moz-do-not-send="true"
href="https://lbbams.intra.dcom.sk/rtgov-ui/?state=2%2F0e9cc85b-42eb-42c5-812b-0e47e9ce8cb5&code=Q_sNdYGZ-St2psIoJwvTZCJTUgrvGwRlYa">https://lbbams.intra.dcom.sk/rtgov-ui/?state=2%2F0e9cc85b-42eb-42c5-812b-0e47e9ce8cb5&code=Q_sNdYGZ-St2psIoJwvTZCJTUgrvGwRlYa</a><o:p></o:p></p>
<p class="MsoNormal">UprOc-2L8.eece03c6-f354-49b6-9742-8a41b40ad19a<o:p></o:p></p>
<p class="MsoNormal">2016-09-22 10:45:50,663 TRACE
[org.keycloak.adapters.RequestAuthenticator]
(http-/0.0.0.0:8080-1) --> authenticate()<o:p></o:p></p>
<p class="MsoNormal">2016-09-22 10:45:50,664 TRACE
[org.keycloak.adapters.RequestAuthenticator]
(http-/0.0.0.0:8080-1) try bearer<o:p></o:p></p>
<p class="MsoNormal">2016-09-22 10:45:50,664 TRACE
[org.keycloak.adapters.RequestAuthenticator]
(http-/0.0.0.0:8080-1) try query paramter auth<o:p></o:p></p>
<p class="MsoNormal">2016-09-22 10:45:50,664 TRACE
[org.keycloak.adapters.RequestAuthenticator]
(http-/0.0.0.0:8080-1) try oauth<o:p></o:p></p>
<p class="MsoNormal">2016-09-22 10:45:50,664 DEBUG
[org.keycloak.adapters.OAuthRequestAuthenticator]
(http-/0.0.0.0:8080-1) there was a code, resolving<o:p></o:p></p>
<p class="MsoNormal">2016-09-22 10:45:50,664 DEBUG
[org.keycloak.adapters.OAuthRequestAuthenticator]
(http-/0.0.0.0:8080-1) checking state cookie for after code<o:p></o:p></p>
<p class="MsoNormal">2016-09-22 10:45:50,664 DEBUG
[org.keycloak.adapters.OAuthRequestAuthenticator]
(http-/0.0.0.0:8080-1) ** reseting application state cookie<o:p></o:p></p>
<p class="MsoNormal">2016-09-22 10:45:50,668 ERROR
[org.keycloak.adapters.OAuthRequestAuthenticator]
(http-/0.0.0.0:8080-1) failed to turn code into token:
javax.net.ssl.SSLPeerUnverifiedException: peer not
authenticated<o:p></o:p></p>
<p class="MsoNormal"> at
sun.security.ssl.SSLSessionImpl.getPeerCertificates(SSLSessionImpl.java:397)
[jsse.jar:1.7.0_67]<o:p></o:p></p>
<p class="MsoNormal"> at
org.apache.http.conn.ssl.AbstractVerifier.verify(AbstractVerifier.java:128)
[httpclient-4.2.1-redhat-1.jar:4.2.1-redhat-1]<o:p></o:p></p>
<p class="MsoNormal"> at
org.apache.http.conn.ssl.SSLSocketFactory.connectSocket(SSLSocketFactory.java:572)
[httpclient-4.2.1-redhat-1.jar:4.2.1-redhat-1]<o:p></o:p></p>
<p class="MsoNormal"> at
org.apache.http.impl.conn.DefaultClientConnectionOperator.openConnection(DefaultClientConnectionOperator.java:180)
[httpclient-4.2.1-redhat-1.jar:4.2.1-redhat-1]<o:p></o:p></p>
<p class="MsoNormal"> at
org.apache.http.impl.conn.AbstractPoolEntry.open(AbstractPoolEntry.java:151)
[httpclient-4.2.1-redhat-1.jar:4.2.1-redhat-1]<o:p></o:p></p>
<p class="MsoNormal"> at
org.apache.http.impl.conn.AbstractPooledConnAdapter.open(AbstractPooledConnAdapter.java:125)
[httpclient-4.2.1-redhat-1.jar:4.2.1-redhat-1]<o:p></o:p></p>
<p class="MsoNormal"> at
org.apache.http.impl.client.DefaultRequestDirector.tryConnect(DefaultRequestDirector.java:640)
[httpclient-4.2.1-redhat-1.jar:4.2.1-redhat-1]<o:p></o:p></p>
<p class="MsoNormal"> at
org.apache.http.impl.client.DefaultRequestDirector.execute(DefaultRequestDirector.java:479)
[httpclient-4.2.1-redhat-1.jar:4.2.1-redhat-1]<o:p></o:p></p>
<p class="MsoNormal"> at
org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:906)
[httpclient-4.2.1-redhat-1.jar:4.2.1-redhat-1]<o:p></o:p></p>
<p class="MsoNormal"> at
org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:805)
[httpclient-4.2.1-redhat-1.jar:4.2.1-redhat-1]<o:p></o:p></p>
<p class="MsoNormal"> at
org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:784)
[httpclient-4.2.1-redhat-1.jar:4.2.1-redhat-1]<o:p></o:p></p>
<p class="MsoNormal"> at
org.keycloak.adapters.ServerRequest.invokeAccessCodeToToken(ServerRequest.java:107)
[keycloak-adapter-core-2.1.0.Final.jar:2.1.0.Final]<o:p></o:p></p>
<p class="MsoNormal"> at
org.keycloak.adapters.OAuthRequestAuthenticator.resolveCode(OAuthRequestAuthenticator.java:327)
[keycloak-adapter-core-2.1.0.Final.jar:2.1.0.Final]<o:p></o:p></p>
<p class="MsoNormal"> at
org.keycloak.adapters.OAuthRequestAuthenticator.authenticate(OAuthRequestAuthenticator.java:273)
[keycloak-adapter-core-2.1.0.Final.jar:2.1.0.Final]<o:p></o:p></p>
<p class="MsoNormal"> at
org.keycloak.adapters.RequestAuthenticator.authenticate(RequestAuthenticator.java:130)
[keycloak-adapter-core-2.1.0.Final.jar:2.1.0.Final]<o:p></o:p></p>
<p class="MsoNormal"> at
org.keycloak.adapters.tomcat.AbstractKeycloakAuthenticatorValve.authenticateInternal(AbstractKeycloakAuthenticatorValve.java:206)
[keycloak-tomcat-core-adapter-2.1.0.Final.jar:2.1.0.Final]<o:p></o:p></p>
<p class="MsoNormal"> at
org.keycloak.adapters.jbossweb.KeycloakAuthenticatorValve.authenticate(KeycloakAuthenticatorValve.java:43)
[keycloak-as7-adapter-2.1.0.Final.jar:2.1.0.Final]<o:p></o:p></p>
<p class="MsoNormal"> at
org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:478)
[jbossweb-7.4.8.Final-redhat-4.jar:7.4.8.Final-redhat-4]<o:p></o:p></p>
<p class="MsoNormal"> at
org.keycloak.adapters.tomcat.AbstractKeycloakAuthenticatorValve.invoke(AbstractKeycloakAuthenticatorValve.java:187)
[keycloak-tomcat-core-adapter-2.1.0.Final.jar:2.1.0.Final]<o:p></o:p></p>
<p class="MsoNormal"> at
org.jboss.as.web.security.SecurityContextAssociationValve.invoke(SecurityContextAssociationValve.java:169)
[jboss-as-web-7.4.0.Final-redhat-19.jar:7.4.0.Final-redhat-19]<o:p></o:p></p>
<p class="MsoNormal"> at
org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:145)
[jbossweb-7.4.8.Final-redhat-4.jar:7.4.8.Final-redhat-4]<o:p></o:p></p>
<p class="MsoNormal"> at
org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:97)
[jbossweb-7.4.8.Final-redhat-4.jar:7.4.8.Final-redhat-4]<o:p></o:p></p>
<p class="MsoNormal"> at
org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:559)
[jbossweb-7.4.8.Final-redhat-4.jar:7.4.8.Final-redhat-4]<o:p></o:p></p>
<p class="MsoNormal"> at
org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:102)
[jbossweb-7.4.8.Final-redhat-4.jar:7.4.8.Final-redhat-4]<o:p></o:p></p>
<p class="MsoNormal"> at
org.apache.catalina.valves.RemoteIpValve.invoke(RemoteIpValve.java:621)
[jbossweb-7.4.8.Final-redhat-4.jar:7.4.8.Final-redhat-4]<o:p></o:p></p>
<p class="MsoNormal"> at
org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:344)
[jbossweb-7.4.8.Final-redhat-4.jar:7.4.8.Final-redhat-4]<o:p></o:p></p>
<p class="MsoNormal"> at
org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:856)
[jbossweb-7.4.8.Final-redhat-4.jar:7.4.8.Final-redhat-4]<o:p></o:p></p>
<p class="MsoNormal"> at
org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:653)
[jbossweb-7.4.8.Final-redhat-4.jar:7.4.8.Final-redhat-4]<o:p></o:p></p>
<p class="MsoNormal"> at
org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:926)
[jbossweb-7.4.8.Final-redhat-4.jar:7.4.8.Final-redhat-4]<o:p></o:p></p>
<p class="MsoNormal"> at
java.lang.Thread.run(Thread.java:745) [rt.jar:1.7.0_67]<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">Our keycloak adapter config:<o:p></o:p></p>
<p class="MsoNormal"> <subsystem
xmlns="urn:jboss:domain:keycloak:1.1"><o:p></o:p></p>
<p class="MsoNormal"> <realm name="governance"><o:p></o:p></p>
<p class="MsoNormal">
<realm-public-key>public key
string…</realm-public-key><o:p></o:p></p>
<p class="MsoNormal">
<auth-server-url>${keycloak.auth.url:/auth}</auth-server-url><o:p></o:p></p>
<p class="MsoNormal">
<principal-attribute>preferred_username</principal-attribute><o:p></o:p></p>
<p class="MsoNormal">
<disable-trust-manager>true</disable-trust-manager><o:p></o:p></p>
<p class="MsoNormal">
<allow-any-hostname>true</allow-any-hostname><o:p></o:p></p>
<p class="MsoNormal"> </realm><o:p></o:p></p>
<p class="MsoNormal"> <secure-deployment
name="overlord-rtgov-ui.war"><o:p></o:p></p>
<p class="MsoNormal">
<realm>governance</realm><o:p></o:p></p>
<p class="MsoNormal">
<resource>rtgov-ui</resource><o:p></o:p></p>
<p class="MsoNormal"> <credential
name="secret">password</credential><o:p></o:p></p>
<p class="MsoNormal"> </secure-deployment><o:p></o:p></p>
<p class="MsoNormal"> <secure-deployment
name="overlord-rtgov.war"><o:p></o:p></p>
<p class="MsoNormal">
<realm>governance</realm><o:p></o:p></p>
<p class="MsoNormal">
<resource>overlord-rtgov</resource><o:p></o:p></p>
<p class="MsoNormal">
<enable-basic-auth>true</enable-basic-auth><o:p></o:p></p>
<p class="MsoNormal"> <credential
name="secret">password</credential><o:p></o:p></p>
<p class="MsoNormal"> </secure-deployment><o:p></o:p></p>
<p class="MsoNormal"> </subsystem><o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">Could you please help us, how can we fix
this? Thanks a log.<o:p></o:p></p>
<p class="MsoNormal">Stefan Kasala. <o:p></o:p></p>
<p class="MsoNormal"><span
style="font-size:12.0pt;font-family:"Times New
Roman",serif"><o:p> </o:p></span></p>
<div class="MsoNormal" style="text-align:center" align="center"><span
style="font-size:12.0pt;font-family:"Times New
Roman",serif">
<hr align="center" size="2" width="100%">
</span></div>
<p class="MsoNormal"><span
style="font-size:7.5pt;font-family:"Arial",sans-serif;color:gray"><br>
Táto správa je určená iba pre uvedeného príjemcu a môže
obsahovať dôverné alebo interné informácie. Ak ste ju omylom
obdržali, upovedomte o tom prosím odosielateľa a vymažte ju.
Akýkoľvek iný spôsob použitia tohto e-mailu je zakázaný.<br>
<br>
This message is for the designated recipient only and may
contain confidential or internal information. If you have
received it in error, please notify the sender immediately
and delete the original. Any other use of the e-mail by you
is prohibited.</span><span
style="font-size:12.0pt;font-family:"Times New
Roman",serif"><o:p></o:p></span></p>
</div>
<br>
<hr>
<font face="Arial" color="Gray" size="1"><br>
Táto správa je určená iba pre uvedeného príjemcu a môže
obsahovať dôverné alebo interné informácie. Ak ste ju omylom
obdržali, upovedomte o tom prosím odosielateľa a vymažte ju.
Akýkoľvek iný spôsob použitia tohto e-mailu je zakázaný.<br>
<br>
This message is for the designated recipient only and may
contain confidential or internal information. If you have
received it in error, please notify the sender immediately and
delete the original. Any other use of the e-mail by you is
prohibited.<br>
</font>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">_______________________________________________
keycloak-user mailing list
<a class="moz-txt-link-abbreviated" href="mailto:keycloak-user@lists.jboss.org">keycloak-user@lists.jboss.org</a>
<a class="moz-txt-link-freetext" href="https://lists.jboss.org/mailman/listinfo/keycloak-user">https://lists.jboss.org/mailman/listinfo/keycloak-user</a></pre>
</blockquote>
<p><br>
</p>
</body>
</html>