Good morning guys, I'm investigating the problem since yesterday. The problem at first glance is related with the upgrade on OpenShift to Java 8. 

Java 8 sends TLSv1.2 ClientHello and Java 7 TLSv1 and if the server somehow does not support version 1.2, it should be able to negotiate down to 1.1 or 1.0.

I'm still investigating the root cause, but the immediate fix is to run KC and UPS on JDK 1.7 only. Meanwhile I will be investigating the issue.

On Tue, Mar 31, 2015 at 11:10 AM, Matthias Wessendorf <matzew@apache.org> wrote:
that is on a totally different KC version

On Tue, Mar 31, 2015 at 4:03 PM, Sebastien Blanc <scm.blanc@gmail.com> wrote:
Maybe,
But it may also be that  I'm missing something stupid :) and I have to configure something extra since openshift is https and I always test locally ... But yeah for 1.0.x I did not have to do anything. 
 

On Tue, Mar 31, 2015 at 3:52 PM, Matthias Wessendorf <matzew@apache.org> wrote:
anything wrong w/ the keycloak adapter, or was there a fix for a 1.1.1? 

On Tue, Mar 31, 2015 at 3:50 PM, Sebastien Blanc <scm.blanc@gmail.com> wrote:
Hi ! 
I was trying (and so was Lukas) to deploy UPS 1.1 (master branch) to an openshift gear (Wildfly 8.2 cartridge). After tweaking a bit the datasources to get it deployed, when trying to access /ag-push , I'm get an 500 internal server error.

The wildfly logs show me the following : 

2015-03-31 09:40:47,240 ERROR [io.undertow.request] (default task-8) UT005023: Exception handling request to /ag-push/index.html: java.lang.RuntimeException: Unable to resolve realm public key remotely

        at org.keycloak.adapters.AdapterDeploymentContext.resolveRealmKey(AdapterDeploymentContext.java:134) [keycloak-adapter-core-1.1.0.Final.jar:1.1.0.Final]

        at org.keycloak.adapters.AdapterDeploymentContext.resolveDeployment(AdapterDeploymentContext.java:83) [keycloak-adapter-core-1.1.0.Final.jar:1.1.0.Final]

        at org.keycloak.adapters.PreAuthActionsHandler.preflightCors(PreAuthActionsHandler.java:71) [keycloak-adapter-core-1.1.0.Final.jar:1.1.0.Final]

        at org.keycloak.adapters.PreAuthActionsHandler.handleRequest(PreAuthActionsHandler.java:47) [keycloak-adapter-core-1.1.0.Final.jar:1.1.0.Final]

        at org.keycloak.adapters.undertow.ServletPreAuthActionsHandler.handleRequest(ServletPreAuthActionsHandler.java:68) [keycloak-undertow-adapter-1.1.0.Final.jar:1.1.0.Final]

        at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43) [undertow-core-1.1.0.Final.jar:1.1.0.Final]

        at io.undertow.servlet.handlers.ServletInitialHandler.handleFirstRequest(ServletInitialHandler.java:261) [undertow-servlet-1.1.0.Final.jar:1.1.0.Final]

        at io.undertow.servlet.handlers.ServletInitialHandler.dispatchRequest(ServletInitialHandler.java:247) [undertow-servlet-1.1.0.Final.jar:1.1.0.Final]

        at io.undertow.servlet.handlers.ServletInitialHandler.access$000(ServletInitialHandler.java:76) [undertow-servlet-1.1.0.Final.jar:1.1.0.Final]

        at io.undertow.servlet.handlers.ServletInitialHandler$1.handleRequest(ServletInitialHandler.java:166) [undertow-servlet-1.1.0.Final.jar:1.1.0.Final]

        at io.undertow.server.Connectors.executeRootHandler(Connectors.java:197) [undertow-core-1.1.0.Final.jar:1.1.0.Final]

        at io.undertow.server.HttpServerExchange$1.run(HttpServerExchange.java:759) [undertow-core-1.1.0.Final.jar:1.1.0.Final]

        at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142) [rt.jar:1.8.0_31]

        at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617) [rt.jar:1.8.0_31]

        at java.lang.Thread.run(Thread.java:745) [rt.jar:1.8.0_31]

Caused by: javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated

        at sun.security.ssl.SSLSessionImpl.getPeerCertificates(SSLSessionImpl.java:431) [jsse.jar:1.8.0_31]

        at org.apache.http.conn.ssl.AbstractVerifier.verify(AbstractVerifier.java:128) [httpclient-4.2.1.jar:4.2.1]

        at org.apache.http.conn.ssl.SSLSocketFactory.connectSocket(SSLSocketFactory.java:572) [httpclient-4.2.1.jar:4.2.1]

        at org.apache.http.impl.conn.DefaultClientConnectionOperator.openConnection(DefaultClientConnectionOperator.java:180) [httpclient-4.2.1.jar:4.2.1]


So "peer not authenticated" seems pretty obvious for the reason it fails. 
The question is what do we need to do for this ? Anyone an idea ? 

Thx,
Sebi


_______________________________________________
aerogear-dev mailing list
aerogear-dev@lists.jboss.org
https://lists.jboss.org/mailman/listinfo/aerogear-dev



--

_______________________________________________
aerogear-dev mailing list
aerogear-dev@lists.jboss.org
https://lists.jboss.org/mailman/listinfo/aerogear-dev


_______________________________________________
aerogear-dev mailing list
aerogear-dev@lists.jboss.org
https://lists.jboss.org/mailman/listinfo/aerogear-dev



--

_______________________________________________
aerogear-dev mailing list
aerogear-dev@lists.jboss.org
https://lists.jboss.org/mailman/listinfo/aerogear-dev



--

-- 
"The measure of a man is what he does with power" - Plato
-
@abstractj
-
Volenti Nihil Difficile