Good morning guys, I'm investigating the problem since yesterday. The
problem at first glance is related with the upgrade on OpenShift to Java 8.
Java 8 sends TLSv1.2 ClientHello and Java 7 TLSv1 and if the server somehow
does not support version 1.2, it should be able to negotiate down to 1.1 or
1.0.
I'm still investigating the root cause, but the immediate fix is to run KC
and UPS on JDK 1.7 only. Meanwhile I will be investigating the issue.
On Tue, Mar 31, 2015 at 11:10 AM, Matthias Wessendorf <matzew(a)apache.org>
wrote:
that is on a totally different KC version
On Tue, Mar 31, 2015 at 4:03 PM, Sebastien Blanc <scm.blanc(a)gmail.com>
wrote:
> Maybe,
> But it may also be that I'm missing something stupid :) and I have to
> configure something extra since openshift is https and I always test
> locally ... But yeah for 1.0.x I did not have to do anything.
>
>
> On Tue, Mar 31, 2015 at 3:52 PM, Matthias Wessendorf <matzew(a)apache.org>
> wrote:
>
>> anything wrong w/ the keycloak adapter, or was there a fix for a 1.1.1?
>>
>> On Tue, Mar 31, 2015 at 3:50 PM, Sebastien Blanc <scm.blanc(a)gmail.com>
>> wrote:
>>
>>> Hi !
>>> I was trying (and so was Lukas) to deploy UPS 1.1 (master branch) to an
>>> openshift gear (Wildfly 8.2 cartridge). After tweaking a bit the
>>> datasources to get it deployed, when trying to access /ag-push , I'm get
an
>>> 500 internal server error.
>>>
>>> The wildfly logs show me the following :
>>>
>>> 2015-03-31 09:40:47,240 ERROR [io.undertow.request] (default task-8)
UT005023: Exception handling request to /ag-push/index.html: java.lang.RuntimeException:
Unable to resolve realm public key remotely
>>> at
org.keycloak.adapters.AdapterDeploymentContext.resolveRealmKey(AdapterDeploymentContext.java:134)
[keycloak-adapter-core-1.1.0.Final.jar:1.1.0.Final]
>>> at
org.keycloak.adapters.AdapterDeploymentContext.resolveDeployment(AdapterDeploymentContext.java:83)
[keycloak-adapter-core-1.1.0.Final.jar:1.1.0.Final]
>>> at
org.keycloak.adapters.PreAuthActionsHandler.preflightCors(PreAuthActionsHandler.java:71)
[keycloak-adapter-core-1.1.0.Final.jar:1.1.0.Final]
>>> at
org.keycloak.adapters.PreAuthActionsHandler.handleRequest(PreAuthActionsHandler.java:47)
[keycloak-adapter-core-1.1.0.Final.jar:1.1.0.Final]
>>> at
org.keycloak.adapters.undertow.ServletPreAuthActionsHandler.handleRequest(ServletPreAuthActionsHandler.java:68)
[keycloak-undertow-adapter-1.1.0.Final.jar:1.1.0.Final]
>>> at
io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
[undertow-core-1.1.0.Final.jar:1.1.0.Final]
>>> at
io.undertow.servlet.handlers.ServletInitialHandler.handleFirstRequest(ServletInitialHandler.java:261)
[undertow-servlet-1.1.0.Final.jar:1.1.0.Final]
>>> at
io.undertow.servlet.handlers.ServletInitialHandler.dispatchRequest(ServletInitialHandler.java:247)
[undertow-servlet-1.1.0.Final.jar:1.1.0.Final]
>>> at
io.undertow.servlet.handlers.ServletInitialHandler.access$000(ServletInitialHandler.java:76)
[undertow-servlet-1.1.0.Final.jar:1.1.0.Final]
>>> at
io.undertow.servlet.handlers.ServletInitialHandler$1.handleRequest(ServletInitialHandler.java:166)
[undertow-servlet-1.1.0.Final.jar:1.1.0.Final]
>>> at
io.undertow.server.Connectors.executeRootHandler(Connectors.java:197)
[undertow-core-1.1.0.Final.jar:1.1.0.Final]
>>> at
io.undertow.server.HttpServerExchange$1.run(HttpServerExchange.java:759)
[undertow-core-1.1.0.Final.jar:1.1.0.Final]
>>> at
java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
[rt.jar:1.8.0_31]
>>> at
java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
[rt.jar:1.8.0_31]
>>> at java.lang.Thread.run(Thread.java:745) [rt.jar:1.8.0_31]
>>> Caused by: javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated
>>> at
sun.security.ssl.SSLSessionImpl.getPeerCertificates(SSLSessionImpl.java:431)
[jsse.jar:1.8.0_31]
>>> at
org.apache.http.conn.ssl.AbstractVerifier.verify(AbstractVerifier.java:128)
[httpclient-4.2.1.jar:4.2.1]
>>> at
org.apache.http.conn.ssl.SSLSocketFactory.connectSocket(SSLSocketFactory.java:572)
[httpclient-4.2.1.jar:4.2.1]
>>> at
org.apache.http.impl.conn.DefaultClientConnectionOperator.openConnection(DefaultClientConnectionOperator.java:180)
[httpclient-4.2.1.jar:4.2.1]
>>>
>>>
>>> So "peer not authenticated" seems pretty obvious for the reason it
fails.
>>> The question is what do we need to do for this ? Anyone an idea ?
>>>
>>> Thx,
>>> Sebi
>>>
>>>
>>> _______________________________________________
>>> aerogear-dev mailing list
>>> aerogear-dev(a)lists.jboss.org
>>>
https://lists.jboss.org/mailman/listinfo/aerogear-dev
>>>
>>
>>
>>
>> --
>> Matthias Wessendorf
>>
>> blog:
http://matthiaswessendorf.wordpress.com/
>> sessions:
http://www.slideshare.net/mwessendorf
>> twitter:
http://twitter.com/mwessendorf
>>
>> _______________________________________________
>> aerogear-dev mailing list
>> aerogear-dev(a)lists.jboss.org
>>
https://lists.jboss.org/mailman/listinfo/aerogear-dev
>>
>
>
> _______________________________________________
> aerogear-dev mailing list
> aerogear-dev(a)lists.jboss.org
>
https://lists.jboss.org/mailman/listinfo/aerogear-dev
>
--
Matthias Wessendorf
blog:
http://matthiaswessendorf.wordpress.com/
sessions:
http://www.slideshare.net/mwessendorf
twitter:
http://twitter.com/mwessendorf
_______________________________________________
aerogear-dev mailing list
aerogear-dev(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/aerogear-dev
--
--
"The measure of a man is what he does with power" - Plato
-
@abstractj
-
Volenti Nihil Difficile