<html>
<head>
<meta content="text/html; charset=utf-8" http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
<div class="moz-cite-prefix">Found this during quick googling :
<a class="moz-txt-link-freetext" href="http://stackoverflow.com/questions/9578129/exception-javax-net-ssl-sslpeerunverifiedexception-peer-not-authenticated">http://stackoverflow.com/questions/9578129/exception-javax-net-ssl-sslpeerunverifiedexception-peer-not-authenticated</a>
. So looks like different Java version can be possibly an issue...
Other possibility can be an expired certificate.<br>
<br>
If it's possible for you, I would try to generate new keystore for
auth-server and then export new key again to the adapter
truststore. Also it can help to check if moving both Java 8 will
help.<br>
<br>
Marek<br>
<br>
On 27/09/16 08:30, KASALA Štefan wrote:<br>
</div>
<blockquote cite="mid:0f4b1c9cc1c646f9b0375d6e9f29a65d@posam.sk"
type="cite">
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<meta name="Generator" content="Microsoft Word 15 (filtered
medium)">
<!--[if !mso]><style>v\:* {behavior:url(#default#VML);}
o\:* {behavior:url(#default#VML);}
w\:* {behavior:url(#default#VML);}
.shape {behavior:url(#default#VML);}
</style><![endif]-->
<style><!--
/* Font Definitions */
@font-face
{font-family:Wingdings;
panose-1:5 0 0 0 0 0 0 0 0 0;}
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:Consolas;
panose-1:2 11 6 9 2 2 4 3 2 4;}
@font-face
{font-family:"Times New Roman \,serif";
panose-1:0 0 0 0 0 0 0 0 0 0;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri",sans-serif;
color:black;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:#0563C1;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:#954F72;
text-decoration:underline;}
p
{mso-style-priority:99;
mso-margin-top-alt:auto;
margin-right:0in;
mso-margin-bottom-alt:auto;
margin-left:0in;
font-size:12.0pt;
font-family:"Times New Roman",serif;
color:black;}
pre
{mso-style-priority:99;
mso-style-link:"HTML Preformatted Char";
margin:0in;
margin-bottom:.0001pt;
font-size:10.0pt;
font-family:"Courier New";
color:black;}
p.MsoListParagraph, li.MsoListParagraph, div.MsoListParagraph
{mso-style-priority:34;
margin-top:0in;
margin-right:0in;
margin-bottom:0in;
margin-left:.5in;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri",sans-serif;
color:black;}
span.HTMLPreformattedChar
{mso-style-name:"HTML Preformatted Char";
mso-style-priority:99;
mso-style-link:"HTML Preformatted";
font-family:Consolas;
color:black;}
span.EmailStyle20
{mso-style-type:personal;
font-family:"Calibri",sans-serif;
color:windowtext;}
span.EmailStyle21
{mso-style-type:personal;
font-family:"Calibri",sans-serif;
color:#1F497D;}
span.EmailStyle22
{mso-style-type:personal;
font-family:"Calibri",sans-serif;
color:#1F497D;}
span.EmailStyle23
{mso-style-type:personal-reply;
font-family:"Calibri",sans-serif;
color:#1F497D;}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
{page:WordSection1;}
/* List Definitions */
@list l0
{mso-list-id:538130075;
mso-list-type:hybrid;
mso-list-template-ids:-886256028 103463808 67698691 67698693 67698689 67698691 67698693 67698689 67698691 67698693;}
@list l0:level1
{mso-level-start-at:3;
mso-level-number-format:bullet;
mso-level-text:-;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:"Calibri",sans-serif;
mso-fareast-font-family:Calibri;
mso-bidi-font-family:"Times New Roman";}
@list l0:level2
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:"Courier New";}
@list l0:level3
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:Wingdings;}
@list l0:level4
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:Symbol;}
@list l0:level5
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:"Courier New";}
@list l0:level6
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:Wingdings;}
@list l0:level7
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:Symbol;}
@list l0:level8
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:"Courier New";}
@list l0:level9
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:Wingdings;}
ol
{margin-bottom:0in;}
ul
{margin-bottom:0in;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
<div class="WordSection1">
<p class="MsoNormal"><span style="color:#1F497D">Hello,<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D">One more
information to add:<o:p></o:p></span></p>
<p class="MsoListParagraph"
style="text-indent:-.25in;mso-list:l0 level1 lfo1"><!--[if !supportLists]--><span
style="color:#1F497D"><span style="mso-list:Ignore">-<span
style="font:7.0pt "Times New Roman"">
</span></span></span><!--[endif]--><span
style="color:#1F497D">keycloak-as7-adapter-2.1.0 – is
running on JBoss EAP 6.3.0.GA (AS 7.4.0.Final-redhat-19)
(Java 7)<o:p></o:p></span></p>
<p class="MsoListParagraph"
style="text-indent:-.25in;mso-list:l0 level1 lfo1"><!--[if !supportLists]--><span
style="color:#1F497D"><span style="mso-list:Ignore">-<span
style="font:7.0pt "Times New Roman"">
</span></span></span><!--[endif]--><span
style="color:#1F497D">keycloak-2.1.0.Final (server) – is
running on WildFly Core 2.0.10.Final (Java 8)<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D">Stefan<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"><o:p> </o:p></span></p>
<div>
<div style="border:none;border-top:solid #E1E1E1
1.0pt;padding:3.0pt 0in 0in 0in">
<p class="MsoNormal"><b><span style="color:windowtext">From:</span></b><span
style="color:windowtext"> KASALA Štefan
<br>
<b>Sent:</b> Tuesday, September 27, 2016 8:02 AM<br>
<b>To:</b> 'Marek Posolda' <a class="moz-txt-link-rfc2396E" href="mailto:mposolda@redhat.com"><mposolda@redhat.com></a>;
<a class="moz-txt-link-abbreviated" href="mailto:keycloak-user@lists.jboss.org">keycloak-user@lists.jboss.org</a><br>
<b>Subject:</b> RE: [keycloak-user]
javax.net.ssl.SSLPeerUnverifiedException: peer not
authenticated<o:p></o:p></span></p>
</div>
</div>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal"><span style="color:#1F497D">Hello,<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D">Thanks for tip.
If you check my first email, I already tried this
configuration for adapter<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D">Our keycloak
adapter config:<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D">
<subsystem xmlns="urn:jboss:domain:keycloak:1.1"><o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D">
<realm name="governance"><o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D">
….<o:p></o:p></span></p>
<p class="MsoNormal"><b><span style="color:#1F497D">
<disable-trust-manager>true</disable-trust-manager><o:p></o:p></span></b></p>
<p class="MsoNormal"><span style="color:#1F497D">
…<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D">
</realm><o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D">
<secure-deployment name="overlord-rtgov-ui.war"><o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:.5in"><span
style="color:#1F497D">…<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D">
</secure-deployment><o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:.5in"><span
style="color:#1F497D">…<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D">
</subsystem><o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D">We also tried:<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D">
…<o:p></o:p></span></p>
<p class="MsoNormal"><b><span style="color:#1F497D">
<truststore>/etc/pki/ca-trust/extracted/java/cacerts</truststore><o:p></o:p></span></b></p>
<p class="MsoNormal"><b><span style="color:#1F497D">
<truststore-password>cacerts_password</truststore-password><o:p></o:p></span></b></p>
<p class="MsoNormal"><span style="color:#1F497D">
…<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D">But in all
cases we get the exception -
javax.net.ssl.SSLPeerUnverifiedException: peer not
authenticated<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D">Stefan<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"><o:p> </o:p></span></p>
<div>
<div style="border:none;border-top:solid #E1E1E1
1.0pt;padding:3.0pt 0in 0in 0in">
<p class="MsoNormal"><b><span style="color:windowtext">From:</span></b><span
style="color:windowtext"> Marek Posolda [<a
moz-do-not-send="true"
href="mailto:mposolda@redhat.com">mailto:mposolda@redhat.com</a>]
<br>
<b>Sent:</b> Monday, September 26, 2016 4:46 PM<br>
<b>To:</b> KASALA Štefan <<a moz-do-not-send="true"
href="mailto:Stefan.Kasala@posam.sk">Stefan.Kasala@posam.sk</a>>;
<a moz-do-not-send="true"
href="mailto:keycloak-user@lists.jboss.org">keycloak-user@lists.jboss.org</a><br>
<b>Subject:</b> Re: [keycloak-user]
javax.net.ssl.SSLPeerUnverifiedException: peer not
authenticated<o:p></o:p></span></p>
</div>
</div>
<p class="MsoNormal"><o:p> </o:p></p>
<div>
<p class="MsoNormal">It seems you need to configure truststore
on adapter side, so the adapter (which uses Apache HTTP
Client under the hood) is able to communicate with Keycloak
server and trust it. You can take a look at docs and see the
options related to truststore [1] .<br>
<br>
[1] <a moz-do-not-send="true"
href="https://keycloak.gitbooks.io/securing-client-applications-guide/content/v/2.2/topics/oidc/java/java-adapter-config.html">https://keycloak.gitbooks.io/securing-client-applications-guide/content/v/2.2/topics/oidc/java/java-adapter-config.html</a><br>
<br>
Marek<br>
<br>
On 26/09/16 09:46, KASALA Štefan wrote:<span
style="font-size:12.0pt"><o:p></o:p></span></p>
</div>
<blockquote style="margin-top:5.0pt;margin-bottom:5.0pt">
<p class="MsoNormal"><span style="color:#1F497D">Hello,</span><o:p></o:p></p>
<p class="MsoNormal"><span style="color:#1F497D">Please let me
know, if you need more information to make the problem
better to understand. Thanks a lot.</span><o:p></o:p></p>
<p class="MsoNormal"><span style="color:#1F497D">Stefan</span><o:p></o:p></p>
<p class="MsoNormal"><span style="color:#1F497D"> </span><o:p></o:p></p>
<div>
<div style="border:none;border-top:solid #E1E1E1
1.0pt;padding:3.0pt 0in 0in 0in">
<p class="MsoNormal"><b>From:</b> <a
moz-do-not-send="true"
href="mailto:keycloak-user-bounces@lists.jboss.org">
keycloak-user-bounces@lists.jboss.org</a> [<a
moz-do-not-send="true"
href="mailto:keycloak-user-bounces@lists.jboss.org">mailto:keycloak-user-bounces@lists.jboss.org</a>]
<br>
<b>Sent:</b> Thursday, September 22, 2016 10:55 AM<br>
<b>To:</b> <a moz-do-not-send="true"
href="mailto:keycloak-user@lists.jboss.org">keycloak-user@lists.jboss.org</a><br>
<b>Subject:</b> [keycloak-user]
javax.net.ssl.SSLPeerUnverifiedException: peer not
authenticated<o:p></o:p></p>
</div>
</div>
<p class="MsoNormal"> <o:p></o:p></p>
<p class="MsoNormal">Hello all,<o:p></o:p></p>
<p class="MsoNormal">We have keycloak-2.1.0.Final server and
keycloak-as7-adapter-2.1.0 adapter version installed. We are
trying to configure https proxy / lb for keycloak server. I
am getting the following error from keycloak adapter after
succesfull sign in to keycloak server. Here is the keycloak
adapter log part:<o:p></o:p></p>
<p class="MsoNormal"> <o:p></o:p></p>
<p class="MsoNormal">2016-09-22 10:45:50,643 DEBUG
[org.keycloak.adapters.PreAuthActionsHandler]
(http-/0.0.0.0:8080-1) adminRequest
<a moz-do-not-send="true"
href="https://lbbams.intra.dcom.sk/rtgov-ui/">https://lbbams.intra.dcom.sk/rtgov-ui/</a><o:p></o:p></p>
<p class="MsoNormal">2016-09-22 10:45:50,643 TRACE
[org.keycloak.adapters.RequestAuthenticator]
(http-/0.0.0.0:8080-1) --> authenticate()<o:p></o:p></p>
<p class="MsoNormal">2016-09-22 10:45:50,644 TRACE
[org.keycloak.adapters.RequestAuthenticator]
(http-/0.0.0.0:8080-1) try bearer<o:p></o:p></p>
<p class="MsoNormal">2016-09-22 10:45:50,644 TRACE
[org.keycloak.adapters.RequestAuthenticator]
(http-/0.0.0.0:8080-1) try query paramter auth<o:p></o:p></p>
<p class="MsoNormal">2016-09-22 10:45:50,644 TRACE
[org.keycloak.adapters.RequestAuthenticator]
(http-/0.0.0.0:8080-1) try oauth<o:p></o:p></p>
<p class="MsoNormal">2016-09-22 10:45:50,644 DEBUG
[org.keycloak.adapters.OAuthRequestAuthenticator]
(http-/0.0.0.0:8080-1) there was no code<o:p></o:p></p>
<p class="MsoNormal">2016-09-22 10:45:50,644 DEBUG
[org.keycloak.adapters.OAuthRequestAuthenticator]
(http-/0.0.0.0:8080-1) redirecting to auth server<o:p></o:p></p>
<p class="MsoNormal">2016-09-22 10:45:50,644 DEBUG
[org.keycloak.adapters.OAuthRequestAuthenticator]
(http-/0.0.0.0:8080-1) callback uri:
<a moz-do-not-send="true"
href="https://lbbams.intra.dcom.sk/rtgov-ui/">https://lbbams.intra.dcom.sk/rtgov-ui/</a><o:p></o:p></p>
<p class="MsoNormal">2016-09-22 10:45:50,645 DEBUG
[org.keycloak.adapters.OAuthRequestAuthenticator]
(http-/0.0.0.0:8080-1) Sending redirect to login page:
<a moz-do-not-send="true"
href="https://lbbams.intra.dcom.sk/auth/realms/governance/protocol/openid-connect/auth?response_type=code&cl">https://lbbams.intra.dcom.sk/auth/realms/governance/protocol/openid-connect/auth?response_type=code&cl</a><o:p></o:p></p>
<p class="MsoNormal">ient_id=rtgov-ui&redirect_uri=https%3A%2F%2Flbbams.intra.dcom.sk%2Frtgov-ui%2F&state=2%2F0e9cc85b-42eb-42c5-812b-0e47e9ce8cb5&login=true&scope=openid<o:p></o:p></p>
<p class="MsoNormal">2016-09-22 10:45:50,663 DEBUG
[org.keycloak.adapters.PreAuthActionsHandler]
(http-/0.0.0.0:8080-1) adminRequest
<a moz-do-not-send="true"
href="https://lbbams.intra.dcom.sk/rtgov-ui/?state=2%2F0e9cc85b-42eb-42c5-812b-0e47e9ce8cb5&code=Q_sNdYGZ-St2psIoJwvTZCJTUgrvGwRlYa">https://lbbams.intra.dcom.sk/rtgov-ui/?state=2%2F0e9cc85b-42eb-42c5-812b-0e47e9ce8cb5&code=Q_sNdYGZ-St2psIoJwvTZCJTUgrvGwRlYa</a><o:p></o:p></p>
<p class="MsoNormal">UprOc-2L8.eece03c6-f354-49b6-9742-8a41b40ad19a<o:p></o:p></p>
<p class="MsoNormal">2016-09-22 10:45:50,663 TRACE
[org.keycloak.adapters.RequestAuthenticator]
(http-/0.0.0.0:8080-1) --> authenticate()<o:p></o:p></p>
<p class="MsoNormal">2016-09-22 10:45:50,664 TRACE
[org.keycloak.adapters.RequestAuthenticator]
(http-/0.0.0.0:8080-1) try bearer<o:p></o:p></p>
<p class="MsoNormal">2016-09-22 10:45:50,664 TRACE
[org.keycloak.adapters.RequestAuthenticator]
(http-/0.0.0.0:8080-1) try query paramter auth<o:p></o:p></p>
<p class="MsoNormal">2016-09-22 10:45:50,664 TRACE
[org.keycloak.adapters.RequestAuthenticator]
(http-/0.0.0.0:8080-1) try oauth<o:p></o:p></p>
<p class="MsoNormal">2016-09-22 10:45:50,664 DEBUG
[org.keycloak.adapters.OAuthRequestAuthenticator]
(http-/0.0.0.0:8080-1) there was a code, resolving<o:p></o:p></p>
<p class="MsoNormal">2016-09-22 10:45:50,664 DEBUG
[org.keycloak.adapters.OAuthRequestAuthenticator]
(http-/0.0.0.0:8080-1) checking state cookie for after code<o:p></o:p></p>
<p class="MsoNormal">2016-09-22 10:45:50,664 DEBUG
[org.keycloak.adapters.OAuthRequestAuthenticator]
(http-/0.0.0.0:8080-1) ** reseting application state cookie<o:p></o:p></p>
<p class="MsoNormal">2016-09-22 10:45:50,668 ERROR
[org.keycloak.adapters.OAuthRequestAuthenticator]
(http-/0.0.0.0:8080-1) failed to turn code into token:
javax.net.ssl.SSLPeerUnverifiedException: peer not
authenticated<o:p></o:p></p>
<p class="MsoNormal"> at
sun.security.ssl.SSLSessionImpl.getPeerCertificates(SSLSessionImpl.java:397)
[jsse.jar:1.7.0_67]<o:p></o:p></p>
<p class="MsoNormal"> at
org.apache.http.conn.ssl.AbstractVerifier.verify(AbstractVerifier.java:128)
[httpclient-4.2.1-redhat-1.jar:4.2.1-redhat-1]<o:p></o:p></p>
<p class="MsoNormal"> at
org.apache.http.conn.ssl.SSLSocketFactory.connectSocket(SSLSocketFactory.java:572)
[httpclient-4.2.1-redhat-1.jar:4.2.1-redhat-1]<o:p></o:p></p>
<p class="MsoNormal"> at
org.apache.http.impl.conn.DefaultClientConnectionOperator.openConnection(DefaultClientConnectionOperator.java:180)
[httpclient-4.2.1-redhat-1.jar:4.2.1-redhat-1]<o:p></o:p></p>
<p class="MsoNormal"> at
org.apache.http.impl.conn.AbstractPoolEntry.open(AbstractPoolEntry.java:151)
[httpclient-4.2.1-redhat-1.jar:4.2.1-redhat-1]<o:p></o:p></p>
<p class="MsoNormal"> at
org.apache.http.impl.conn.AbstractPooledConnAdapter.open(AbstractPooledConnAdapter.java:125)
[httpclient-4.2.1-redhat-1.jar:4.2.1-redhat-1]<o:p></o:p></p>
<p class="MsoNormal"> at
org.apache.http.impl.client.DefaultRequestDirector.tryConnect(DefaultRequestDirector.java:640)
[httpclient-4.2.1-redhat-1.jar:4.2.1-redhat-1]<o:p></o:p></p>
<p class="MsoNormal"> at
org.apache.http.impl.client.DefaultRequestDirector.execute(DefaultRequestDirector.java:479)
[httpclient-4.2.1-redhat-1.jar:4.2.1-redhat-1]<o:p></o:p></p>
<p class="MsoNormal"> at
org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:906)
[httpclient-4.2.1-redhat-1.jar:4.2.1-redhat-1]<o:p></o:p></p>
<p class="MsoNormal"> at
org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:805)
[httpclient-4.2.1-redhat-1.jar:4.2.1-redhat-1]<o:p></o:p></p>
<p class="MsoNormal"> at
org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:784)
[httpclient-4.2.1-redhat-1.jar:4.2.1-redhat-1]<o:p></o:p></p>
<p class="MsoNormal"> at
org.keycloak.adapters.ServerRequest.invokeAccessCodeToToken(ServerRequest.java:107)
[keycloak-adapter-core-2.1.0.Final.jar:2.1.0.Final]<o:p></o:p></p>
<p class="MsoNormal"> at
org.keycloak.adapters.OAuthRequestAuthenticator.resolveCode(OAuthRequestAuthenticator.java:327)
[keycloak-adapter-core-2.1.0.Final.jar:2.1.0.Final]<o:p></o:p></p>
<p class="MsoNormal"> at
org.keycloak.adapters.OAuthRequestAuthenticator.authenticate(OAuthRequestAuthenticator.java:273)
[keycloak-adapter-core-2.1.0.Final.jar:2.1.0.Final]<o:p></o:p></p>
<p class="MsoNormal"> at
org.keycloak.adapters.RequestAuthenticator.authenticate(RequestAuthenticator.java:130)
[keycloak-adapter-core-2.1.0.Final.jar:2.1.0.Final]<o:p></o:p></p>
<p class="MsoNormal"> at
org.keycloak.adapters.tomcat.AbstractKeycloakAuthenticatorValve.authenticateInternal(AbstractKeycloakAuthenticatorValve.java:206)
[keycloak-tomcat-core-adapter-2.1.0.Final.jar:2.1.0.Final]<o:p></o:p></p>
<p class="MsoNormal"> at
org.keycloak.adapters.jbossweb.KeycloakAuthenticatorValve.authenticate(KeycloakAuthenticatorValve.java:43)
[keycloak-as7-adapter-2.1.0.Final.jar:2.1.0.Final]<o:p></o:p></p>
<p class="MsoNormal"> at
org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:478)
[jbossweb-7.4.8.Final-redhat-4.jar:7.4.8.Final-redhat-4]<o:p></o:p></p>
<p class="MsoNormal"> at
org.keycloak.adapters.tomcat.AbstractKeycloakAuthenticatorValve.invoke(AbstractKeycloakAuthenticatorValve.java:187)
[keycloak-tomcat-core-adapter-2.1.0.Final.jar:2.1.0.Final]<o:p></o:p></p>
<p class="MsoNormal"> at
org.jboss.as.web.security.SecurityContextAssociationValve.invoke(SecurityContextAssociationValve.java:169)
[jboss-as-web-7.4.0.Final-redhat-19.jar:7.4.0.Final-redhat-19]<o:p></o:p></p>
<p class="MsoNormal"> at
org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:145)
[jbossweb-7.4.8.Final-redhat-4.jar:7.4.8.Final-redhat-4]<o:p></o:p></p>
<p class="MsoNormal"> at
org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:97)
[jbossweb-7.4.8.Final-redhat-4.jar:7.4.8.Final-redhat-4]<o:p></o:p></p>
<p class="MsoNormal"> at
org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:559)
[jbossweb-7.4.8.Final-redhat-4.jar:7.4.8.Final-redhat-4]<o:p></o:p></p>
<p class="MsoNormal"> at
org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:102)
[jbossweb-7.4.8.Final-redhat-4.jar:7.4.8.Final-redhat-4]<o:p></o:p></p>
<p class="MsoNormal"> at
org.apache.catalina.valves.RemoteIpValve.invoke(RemoteIpValve.java:621)
[jbossweb-7.4.8.Final-redhat-4.jar:7.4.8.Final-redhat-4]<o:p></o:p></p>
<p class="MsoNormal"> at
org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:344)
[jbossweb-7.4.8.Final-redhat-4.jar:7.4.8.Final-redhat-4]<o:p></o:p></p>
<p class="MsoNormal"> at
org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:856)
[jbossweb-7.4.8.Final-redhat-4.jar:7.4.8.Final-redhat-4]<o:p></o:p></p>
<p class="MsoNormal"> at
org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:653)
[jbossweb-7.4.8.Final-redhat-4.jar:7.4.8.Final-redhat-4]<o:p></o:p></p>
<p class="MsoNormal"> at
org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:926)
[jbossweb-7.4.8.Final-redhat-4.jar:7.4.8.Final-redhat-4]<o:p></o:p></p>
<p class="MsoNormal"> at
java.lang.Thread.run(Thread.java:745) [rt.jar:1.7.0_67]<o:p></o:p></p>
<p class="MsoNormal"> <o:p></o:p></p>
<p class="MsoNormal"> <o:p></o:p></p>
<p class="MsoNormal"> <o:p></o:p></p>
<p class="MsoNormal">Our keycloak adapter config:<o:p></o:p></p>
<p class="MsoNormal"> <subsystem
xmlns="urn:jboss:domain:keycloak:1.1"><o:p></o:p></p>
<p class="MsoNormal"> <realm
name="governance"><o:p></o:p></p>
<p class="MsoNormal">
<realm-public-key>public key
string…</realm-public-key><o:p></o:p></p>
<p class="MsoNormal">
<auth-server-url>${keycloak.auth.url:/auth}</auth-server-url><o:p></o:p></p>
<p class="MsoNormal">
<principal-attribute>preferred_username</principal-attribute><o:p></o:p></p>
<p class="MsoNormal">
<disable-trust-manager>true</disable-trust-manager><o:p></o:p></p>
<p class="MsoNormal">
<allow-any-hostname>true</allow-any-hostname><o:p></o:p></p>
<p class="MsoNormal"> </realm><o:p></o:p></p>
<p class="MsoNormal"> <secure-deployment
name="overlord-rtgov-ui.war"><o:p></o:p></p>
<p class="MsoNormal">
<realm>governance</realm><o:p></o:p></p>
<p class="MsoNormal">
<resource>rtgov-ui</resource><o:p></o:p></p>
<p class="MsoNormal"> <credential
name="secret">password</credential><o:p></o:p></p>
<p class="MsoNormal"> </secure-deployment><o:p></o:p></p>
<p class="MsoNormal"> <secure-deployment
name="overlord-rtgov.war"><o:p></o:p></p>
<p class="MsoNormal">
<realm>governance</realm><o:p></o:p></p>
<p class="MsoNormal">
<resource>overlord-rtgov</resource><o:p></o:p></p>
<p class="MsoNormal">
<enable-basic-auth>true</enable-basic-auth><o:p></o:p></p>
<p class="MsoNormal"> <credential
name="secret">password</credential><o:p></o:p></p>
<p class="MsoNormal"> </secure-deployment><o:p></o:p></p>
<p class="MsoNormal"> </subsystem><o:p></o:p></p>
<p class="MsoNormal"> <o:p></o:p></p>
<p class="MsoNormal">Could you please help us, how can we fix
this? Thanks a log.<o:p></o:p></p>
<p class="MsoNormal">Stefan Kasala. <o:p></o:p></p>
<p class="MsoNormal"><span
style="font-size:12.0pt;font-family:"Times New Roman
,serif",serif"> </span><o:p></o:p></p>
<div class="MsoNormal" style="text-align:center"
align="center"><span
style="font-size:12.0pt;font-family:"Times New Roman
,serif",serif">
<hr align="center" size="2" width="100%">
</span></div>
<p class="MsoNormal"><span
style="font-size:7.5pt;font-family:"Arial",sans-serif;color:gray"><br>
Táto správa je určená iba pre uvedeného príjemcu a môže
obsahovať dôverné alebo interné informácie. Ak ste ju
omylom obdržali, upovedomte o tom prosím odosielateľa a
vymažte ju. Akýkoľvek iný spôsob použitia tohto e-mailu je
zakázaný.<br>
<br>
This message is for the designated recipient only and may
contain confidential or internal information. If you have
received it in error, please notify the sender immediately
and delete the original. Any other use of the e-mail by
you is prohibited.</span><o:p></o:p></p>
<p class="MsoNormal"><span
style="font-size:12.0pt;font-family:"Times New
Roman",serif"><o:p> </o:p></span></p>
<div class="MsoNormal" style="text-align:center"
align="center"><span
style="font-size:12.0pt;font-family:"Times New
Roman",serif">
<hr align="center" size="2" width="100%">
</span></div>
<p class="MsoNormal" style="margin-bottom:12.0pt"><span
style="font-size:7.5pt;font-family:"Arial",sans-serif;color:gray"><br>
Táto správa je určená iba pre uvedeného príjemcu a môže
obsahovať dôverné alebo interné informácie. Ak ste ju
omylom obdržali, upovedomte o tom prosím odosielateľa a
vymažte ju. Akýkoľvek iný spôsob použitia tohto e-mailu je
zakázaný.<br>
<br>
This message is for the designated recipient only and may
contain confidential or internal information. If you have
received it in error, please notify the sender immediately
and delete the original. Any other use of the e-mail by
you is prohibited.<br>
</span><span style="font-size:12.0pt;font-family:"Times
New Roman",serif"><br>
<br>
<o:p></o:p></span></p>
<pre>_______________________________________________<o:p></o:p></pre>
<pre>keycloak-user mailing list<o:p></o:p></pre>
<pre><a moz-do-not-send="true" href="mailto:keycloak-user@lists.jboss.org">keycloak-user@lists.jboss.org</a><o:p></o:p></pre>
<pre><a moz-do-not-send="true" href="https://lists.jboss.org/mailman/listinfo/keycloak-user">https://lists.jboss.org/mailman/listinfo/keycloak-user</a><o:p></o:p></pre>
</blockquote>
<p><o:p> </o:p></p>
</div>
<br>
<hr>
<font face="Arial" color="Gray" size="1"><br>
Táto správa je určená iba pre uvedeného príjemcu a môže
obsahovať dôverné alebo interné informácie. Ak ste ju omylom
obdržali, upovedomte o tom prosím odosielateľa a vymažte ju.
Akýkoľvek iný spôsob použitia tohto e-mailu je zakázaný.<br>
<br>
This message is for the designated recipient only and may
contain confidential or internal information. If you have
received it in error, please notify the sender immediately and
delete the original. Any other use of the e-mail by you is
prohibited.<br>
</font>
</blockquote>
<p><br>
</p>
</body>
</html>