8:50 a.m.
Hi !
I was trying (and so was Lukas) to deploy UPS 1.1 (master branch) to an
openshift gear (Wildfly 8.2 cartridge). After tweaking a bit the
datasources to get it deployed, when trying to access /ag-push , I'm get an
500 internal server error.
The wildfly logs show me the following :
2015-03-31 09:40:47,240 ERROR [io.undertow.request] (default task-8)
UT005023: Exception handling request to /ag-push/index.html:
java.lang.RuntimeException: Unable to resolve realm public key
remotely
at
org.keycloak.adapters.AdapterDeploymentContext.resolveRealmKey(AdapterDeploymentContext.java:134)
[keycloak-adapter-core-1.1.0.Final.jar:1.1.0.Final]
at
org.keycloak.adapters.AdapterDeploymentContext.resolveDeployment(AdapterDeploymentContext.java:83)
[keycloak-adapter-core-1.1.0.Final.jar:1.1.0.Final]
at
org.keycloak.adapters.PreAuthActionsHandler.preflightCors(PreAuthActionsHandler.java:71)
[keycloak-adapter-core-1.1.0.Final.jar:1.1.0.Final]
at
org.keycloak.adapters.PreAuthActionsHandler.handleRequest(PreAuthActionsHandler.java:47)
[keycloak-adapter-core-1.1.0.Final.jar:1.1.0.Final]
at
org.keycloak.adapters.undertow.ServletPreAuthActionsHandler.handleRequest(ServletPreAuthActionsHandler.java:68)
[keycloak-undertow-adapter-1.1.0.Final.jar:1.1.0.Final]
at
io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
[undertow-core-1.1.0.Final.jar:1.1.0.Final]
at
io.undertow.servlet.handlers.ServletInitialHandler.handleFirstRequest(ServletInitialHandler.java:261)
[undertow-servlet-1.1.0.Final.jar:1.1.0.Final]
at
io.undertow.servlet.handlers.ServletInitialHandler.dispatchRequest(ServletInitialHandler.java:247)
[undertow-servlet-1.1.0.Final.jar:1.1.0.Final]
at
io.undertow.servlet.handlers.ServletInitialHandler.access$000(ServletInitialHandler.java:76)
[undertow-servlet-1.1.0.Final.jar:1.1.0.Final]
at
io.undertow.servlet.handlers.ServletInitialHandler$1.handleRequest(ServletInitialHandler.java:166)
[undertow-servlet-1.1.0.Final.jar:1.1.0.Final]
at io.undertow.server.Connectors.executeRootHandler(Connectors.java:197)
[undertow-core-1.1.0.Final.jar:1.1.0.Final]
at io.undertow.server.HttpServerExchange$1.run(HttpServerExchange.java:759)
[undertow-core-1.1.0.Final.jar:1.1.0.Final]
at
java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
[rt.jar:1.8.0_31]
at
java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
[rt.jar:1.8.0_31]
at java.lang.Thread.run(Thread.java:745) [rt.jar:1.8.0_31]
Caused by: javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated
at sun.security.ssl.SSLSessionImpl.getPeerCertificates(SSLSessionImpl.java:431)
[jsse.jar:1.8.0_31]
at org.apache.http.conn.ssl.AbstractVerifier.verify(AbstractVerifier.java:128)
[httpclient-4.2.1.jar:4.2.1]
at
org.apache.http.conn.ssl.SSLSocketFactory.connectSocket(SSLSocketFactory.java:572)
[httpclient-4.2.1.jar:4.2.1]
at
org.apache.http.impl.conn.DefaultClientConnectionOperator.openConnection(DefaultClientConnectionOperator.java:180)
[httpclient-4.2.1.jar:4.2.1]
So "peer not authenticated" seems pretty obvious for the reason it fails.
The question is what do we need to do for this ? Anyone an idea ?
Thx,
Sebi
8:52 a.m.
anything wrong w/ the keycloak adapter, or was there a fix for a 1.1.1?
On Tue, Mar 31, 2015 at 3:50 PM, Sebastien Blanc <scm.blanc(a)gmail.com>
wrote:
Hi !
I was trying (and so was Lukas) to deploy UPS 1.1 (master branch) to an
openshift gear (Wildfly 8.2 cartridge). After tweaking a bit the
datasources to get it deployed, when trying to access /ag-push , I'm get an
500 internal server error.
The wildfly logs show me the following :
2015-03-31 09:40:47,240 ERROR [io.undertow.request] (default task-8) UT005023: Exception
handling request to /ag-push/index.html: java.lang.RuntimeException: Unable to resolve
realm public key remotely
at
org.keycloak.adapters.AdapterDeploymentContext.resolveRealmKey(AdapterDeploymentContext.java:134)
[keycloak-adapter-core-1.1.0.Final.jar:1.1.0.Final]
at
org.keycloak.adapters.AdapterDeploymentContext.resolveDeployment(AdapterDeploymentContext.java:83)
[keycloak-adapter-core-1.1.0.Final.jar:1.1.0.Final]
at
org.keycloak.adapters.PreAuthActionsHandler.preflightCors(PreAuthActionsHandler.java:71)
[keycloak-adapter-core-1.1.0.Final.jar:1.1.0.Final]
at
org.keycloak.adapters.PreAuthActionsHandler.handleRequest(PreAuthActionsHandler.java:47)
[keycloak-adapter-core-1.1.0.Final.jar:1.1.0.Final]
at
org.keycloak.adapters.undertow.ServletPreAuthActionsHandler.handleRequest(ServletPreAuthActionsHandler.java:68)
[keycloak-undertow-adapter-1.1.0.Final.jar:1.1.0.Final]
at
io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
[undertow-core-1.1.0.Final.jar:1.1.0.Final]
at
io.undertow.servlet.handlers.ServletInitialHandler.handleFirstRequest(ServletInitialHandler.java:261)
[undertow-servlet-1.1.0.Final.jar:1.1.0.Final]
at
io.undertow.servlet.handlers.ServletInitialHandler.dispatchRequest(ServletInitialHandler.java:247)
[undertow-servlet-1.1.0.Final.jar:1.1.0.Final]
at
io.undertow.servlet.handlers.ServletInitialHandler.access$000(ServletInitialHandler.java:76)
[undertow-servlet-1.1.0.Final.jar:1.1.0.Final]
at
io.undertow.servlet.handlers.ServletInitialHandler$1.handleRequest(ServletInitialHandler.java:166)
[undertow-servlet-1.1.0.Final.jar:1.1.0.Final]
at io.undertow.server.Connectors.executeRootHandler(Connectors.java:197)
[undertow-core-1.1.0.Final.jar:1.1.0.Final]
at io.undertow.server.HttpServerExchange$1.run(HttpServerExchange.java:759)
[undertow-core-1.1.0.Final.jar:1.1.0.Final]
at
java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
[rt.jar:1.8.0_31]
at
java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
[rt.jar:1.8.0_31]
at java.lang.Thread.run(Thread.java:745) [rt.jar:1.8.0_31]
Caused by: javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated
at sun.security.ssl.SSLSessionImpl.getPeerCertificates(SSLSessionImpl.java:431)
[jsse.jar:1.8.0_31]
at org.apache.http.conn.ssl.AbstractVerifier.verify(AbstractVerifier.java:128)
[httpclient-4.2.1.jar:4.2.1]
at
org.apache.http.conn.ssl.SSLSocketFactory.connectSocket(SSLSocketFactory.java:572)
[httpclient-4.2.1.jar:4.2.1]
at
org.apache.http.impl.conn.DefaultClientConnectionOperator.openConnection(DefaultClientConnectionOperator.java:180)
[httpclient-4.2.1.jar:4.2.1]
So "peer not authenticated" seems pretty obvious for the reason it fails.
The question is what do we need to do for this ? Anyone an idea ?
Thx,
Sebi
_______________________________________________
aerogear-dev mailing list
aerogear-dev(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/aerogear-dev
--
Matthias Wessendorf
blog: http://matthiaswessendorf.wordpress.com/
sessions: http://www.slideshare.net/mwessendorf
twitter: http://twitter.com/mwessendorf
9:03 a.m.
Maybe,
But it may also be that I'm missing something stupid :) and I have to
configure something extra since openshift is https and I always test
locally ... But yeah for 1.0.x I did not have to do anything.
On Tue, Mar 31, 2015 at 3:52 PM, Matthias Wessendorf <matzew(a)apache.org>
wrote:
anything wrong w/ the keycloak adapter, or was there a fix for a
1.1.1?
On Tue, Mar 31, 2015 at 3:50 PM, Sebastien Blanc <scm.blanc(a)gmail.com>
wrote:
> Hi !
> I was trying (and so was Lukas) to deploy UPS 1.1 (master branch) to an
> openshift gear (Wildfly 8.2 cartridge). After tweaking a bit the
> datasources to get it deployed, when trying to access /ag-push , I'm get an
> 500 internal server error.
>
> The wildfly logs show me the following :
>
> 2015-03-31 09:40:47,240 ERROR [io.undertow.request] (default task-8) UT005023:
Exception handling request to /ag-push/index.html: java.lang.RuntimeException: Unable to
resolve realm public key remotely
> at
org.keycloak.adapters.AdapterDeploymentContext.resolveRealmKey(AdapterDeploymentContext.java:134)
[keycloak-adapter-core-1.1.0.Final.jar:1.1.0.Final]
> at
org.keycloak.adapters.AdapterDeploymentContext.resolveDeployment(AdapterDeploymentContext.java:83)
[keycloak-adapter-core-1.1.0.Final.jar:1.1.0.Final]
> at
org.keycloak.adapters.PreAuthActionsHandler.preflightCors(PreAuthActionsHandler.java:71)
[keycloak-adapter-core-1.1.0.Final.jar:1.1.0.Final]
> at
org.keycloak.adapters.PreAuthActionsHandler.handleRequest(PreAuthActionsHandler.java:47)
[keycloak-adapter-core-1.1.0.Final.jar:1.1.0.Final]
> at
org.keycloak.adapters.undertow.ServletPreAuthActionsHandler.handleRequest(ServletPreAuthActionsHandler.java:68)
[keycloak-undertow-adapter-1.1.0.Final.jar:1.1.0.Final]
> at
io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
[undertow-core-1.1.0.Final.jar:1.1.0.Final]
> at
io.undertow.servlet.handlers.ServletInitialHandler.handleFirstRequest(ServletInitialHandler.java:261)
[undertow-servlet-1.1.0.Final.jar:1.1.0.Final]
> at
io.undertow.servlet.handlers.ServletInitialHandler.dispatchRequest(ServletInitialHandler.java:247)
[undertow-servlet-1.1.0.Final.jar:1.1.0.Final]
> at
io.undertow.servlet.handlers.ServletInitialHandler.access$000(ServletInitialHandler.java:76)
[undertow-servlet-1.1.0.Final.jar:1.1.0.Final]
> at
io.undertow.servlet.handlers.ServletInitialHandler$1.handleRequest(ServletInitialHandler.java:166)
[undertow-servlet-1.1.0.Final.jar:1.1.0.Final]
> at io.undertow.server.Connectors.executeRootHandler(Connectors.java:197)
[undertow-core-1.1.0.Final.jar:1.1.0.Final]
> at io.undertow.server.HttpServerExchange$1.run(HttpServerExchange.java:759)
[undertow-core-1.1.0.Final.jar:1.1.0.Final]
> at
java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
[rt.jar:1.8.0_31]
> at
java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
[rt.jar:1.8.0_31]
> at java.lang.Thread.run(Thread.java:745) [rt.jar:1.8.0_31]
> Caused by: javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated
> at
sun.security.ssl.SSLSessionImpl.getPeerCertificates(SSLSessionImpl.java:431)
[jsse.jar:1.8.0_31]
> at
org.apache.http.conn.ssl.AbstractVerifier.verify(AbstractVerifier.java:128)
[httpclient-4.2.1.jar:4.2.1]
> at
org.apache.http.conn.ssl.SSLSocketFactory.connectSocket(SSLSocketFactory.java:572)
[httpclient-4.2.1.jar:4.2.1]
> at
org.apache.http.impl.conn.DefaultClientConnectionOperator.openConnection(DefaultClientConnectionOperator.java:180)
[httpclient-4.2.1.jar:4.2.1]
>
>
> So "peer not authenticated" seems pretty obvious for the reason it fails.
> The question is what do we need to do for this ? Anyone an idea ?
>
> Thx,
> Sebi
>
>
> _______________________________________________
> aerogear-dev mailing list
> aerogear-dev(a)lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/aerogear-dev
>
--
Matthias Wessendorf
blog: http://matthiaswessendorf.wordpress.com/
sessions: http://www.slideshare.net/mwessendorf
twitter: http://twitter.com/mwessendorf
_______________________________________________
aerogear-dev mailing list
aerogear-dev(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/aerogear-dev
9:10 a.m.
that is on a totally different KC version
On Tue, Mar 31, 2015 at 4:03 PM, Sebastien Blanc <scm.blanc(a)gmail.com>
wrote:
Maybe,
But it may also be that I'm missing something stupid :) and I have to
configure something extra since openshift is https and I always test
locally ... But yeah for 1.0.x I did not have to do anything.
On Tue, Mar 31, 2015 at 3:52 PM, Matthias Wessendorf <matzew(a)apache.org>
wrote:
> anything wrong w/ the keycloak adapter, or was there a fix for a 1.1.1?
>
> On Tue, Mar 31, 2015 at 3:50 PM, Sebastien Blanc <scm.blanc(a)gmail.com>
> wrote:
>
>> Hi !
>> I was trying (and so was Lukas) to deploy UPS 1.1 (master branch) to an
>> openshift gear (Wildfly 8.2 cartridge). After tweaking a bit the
>> datasources to get it deployed, when trying to access /ag-push , I'm get an
>> 500 internal server error.
>>
>> The wildfly logs show me the following :
>>
>> 2015-03-31 09:40:47,240 ERROR [io.undertow.request] (default task-8) UT005023:
Exception handling request to /ag-push/index.html: java.lang.RuntimeException: Unable to
resolve realm public key remotely
>> at
org.keycloak.adapters.AdapterDeploymentContext.resolveRealmKey(AdapterDeploymentContext.java:134)
[keycloak-adapter-core-1.1.0.Final.jar:1.1.0.Final]
>> at
org.keycloak.adapters.AdapterDeploymentContext.resolveDeployment(AdapterDeploymentContext.java:83)
[keycloak-adapter-core-1.1.0.Final.jar:1.1.0.Final]
>> at
org.keycloak.adapters.PreAuthActionsHandler.preflightCors(PreAuthActionsHandler.java:71)
[keycloak-adapter-core-1.1.0.Final.jar:1.1.0.Final]
>> at
org.keycloak.adapters.PreAuthActionsHandler.handleRequest(PreAuthActionsHandler.java:47)
[keycloak-adapter-core-1.1.0.Final.jar:1.1.0.Final]
>> at
org.keycloak.adapters.undertow.ServletPreAuthActionsHandler.handleRequest(ServletPreAuthActionsHandler.java:68)
[keycloak-undertow-adapter-1.1.0.Final.jar:1.1.0.Final]
>> at
io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
[undertow-core-1.1.0.Final.jar:1.1.0.Final]
>> at
io.undertow.servlet.handlers.ServletInitialHandler.handleFirstRequest(ServletInitialHandler.java:261)
[undertow-servlet-1.1.0.Final.jar:1.1.0.Final]
>> at
io.undertow.servlet.handlers.ServletInitialHandler.dispatchRequest(ServletInitialHandler.java:247)
[undertow-servlet-1.1.0.Final.jar:1.1.0.Final]
>> at
io.undertow.servlet.handlers.ServletInitialHandler.access$000(ServletInitialHandler.java:76)
[undertow-servlet-1.1.0.Final.jar:1.1.0.Final]
>> at
io.undertow.servlet.handlers.ServletInitialHandler$1.handleRequest(ServletInitialHandler.java:166)
[undertow-servlet-1.1.0.Final.jar:1.1.0.Final]
>> at io.undertow.server.Connectors.executeRootHandler(Connectors.java:197)
[undertow-core-1.1.0.Final.jar:1.1.0.Final]
>> at
io.undertow.server.HttpServerExchange$1.run(HttpServerExchange.java:759)
[undertow-core-1.1.0.Final.jar:1.1.0.Final]
>> at
java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
[rt.jar:1.8.0_31]
>> at
java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
[rt.jar:1.8.0_31]
>> at java.lang.Thread.run(Thread.java:745) [rt.jar:1.8.0_31]
>> Caused by: javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated
>> at
sun.security.ssl.SSLSessionImpl.getPeerCertificates(SSLSessionImpl.java:431)
[jsse.jar:1.8.0_31]
>> at
org.apache.http.conn.ssl.AbstractVerifier.verify(AbstractVerifier.java:128)
[httpclient-4.2.1.jar:4.2.1]
>> at
org.apache.http.conn.ssl.SSLSocketFactory.connectSocket(SSLSocketFactory.java:572)
[httpclient-4.2.1.jar:4.2.1]
>> at
org.apache.http.impl.conn.DefaultClientConnectionOperator.openConnection(DefaultClientConnectionOperator.java:180)
[httpclient-4.2.1.jar:4.2.1]
>>
>>
>> So "peer not authenticated" seems pretty obvious for the reason it
fails.
>> The question is what do we need to do for this ? Anyone an idea ?
>>
>> Thx,
>> Sebi
>>
>>
>> _______________________________________________
>> aerogear-dev mailing list
>> aerogear-dev(a)lists.jboss.org
>> https://lists.jboss.org/mailman/listinfo/aerogear-dev
>>
>
>
>
> --
> Matthias Wessendorf
>
> blog: http://matthiaswessendorf.wordpress.com/
> sessions: http://www.slideshare.net/mwessendorf
> twitter: http://twitter.com/mwessendorf
>
> _______________________________________________
> aerogear-dev mailing list
> aerogear-dev(a)lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/aerogear-dev
>
_______________________________________________
aerogear-dev mailing list
aerogear-dev(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/aerogear-dev
--
Matthias Wessendorf
blog: http://matthiaswessendorf.wordpress.com/
sessions: http://www.slideshare.net/mwessendorf
twitter: http://twitter.com/mwessendorf
7:55 a.m.
Good morning guys, I'm investigating the problem since yesterday. The
problem at first glance is related with the upgrade on OpenShift to Java 8.
Java 8 sends TLSv1.2 ClientHello and Java 7 TLSv1 and if the server somehow
does not support version 1.2, it should be able to negotiate down to 1.1 or
1.0.
I'm still investigating the root cause, but the immediate fix is to run KC
and UPS on JDK 1.7 only. Meanwhile I will be investigating the issue.
On Tue, Mar 31, 2015 at 11:10 AM, Matthias Wessendorf <matzew(a)apache.org>
wrote:
that is on a totally different KC version
On Tue, Mar 31, 2015 at 4:03 PM, Sebastien Blanc <scm.blanc(a)gmail.com>
wrote:
> Maybe,
> But it may also be that I'm missing something stupid :) and I have to
> configure something extra since openshift is https and I always test
> locally ... But yeah for 1.0.x I did not have to do anything.
>
>
> On Tue, Mar 31, 2015 at 3:52 PM, Matthias Wessendorf <matzew(a)apache.org>
> wrote:
>
>> anything wrong w/ the keycloak adapter, or was there a fix for a 1.1.1?
>>
>> On Tue, Mar 31, 2015 at 3:50 PM, Sebastien Blanc <scm.blanc(a)gmail.com>
>> wrote:
>>
>>> Hi !
>>> I was trying (and so was Lukas) to deploy UPS 1.1 (master branch) to an
>>> openshift gear (Wildfly 8.2 cartridge). After tweaking a bit the
>>> datasources to get it deployed, when trying to access /ag-push , I'm get
an
>>> 500 internal server error.
>>>
>>> The wildfly logs show me the following :
>>>
>>> 2015-03-31 09:40:47,240 ERROR [io.undertow.request] (default task-8)
UT005023: Exception handling request to /ag-push/index.html: java.lang.RuntimeException:
Unable to resolve realm public key remotely
>>> at
org.keycloak.adapters.AdapterDeploymentContext.resolveRealmKey(AdapterDeploymentContext.java:134)
[keycloak-adapter-core-1.1.0.Final.jar:1.1.0.Final]
>>> at
org.keycloak.adapters.AdapterDeploymentContext.resolveDeployment(AdapterDeploymentContext.java:83)
[keycloak-adapter-core-1.1.0.Final.jar:1.1.0.Final]
>>> at
org.keycloak.adapters.PreAuthActionsHandler.preflightCors(PreAuthActionsHandler.java:71)
[keycloak-adapter-core-1.1.0.Final.jar:1.1.0.Final]
>>> at
org.keycloak.adapters.PreAuthActionsHandler.handleRequest(PreAuthActionsHandler.java:47)
[keycloak-adapter-core-1.1.0.Final.jar:1.1.0.Final]
>>> at
org.keycloak.adapters.undertow.ServletPreAuthActionsHandler.handleRequest(ServletPreAuthActionsHandler.java:68)
[keycloak-undertow-adapter-1.1.0.Final.jar:1.1.0.Final]
>>> at
io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
[undertow-core-1.1.0.Final.jar:1.1.0.Final]
>>> at
io.undertow.servlet.handlers.ServletInitialHandler.handleFirstRequest(ServletInitialHandler.java:261)
[undertow-servlet-1.1.0.Final.jar:1.1.0.Final]
>>> at
io.undertow.servlet.handlers.ServletInitialHandler.dispatchRequest(ServletInitialHandler.java:247)
[undertow-servlet-1.1.0.Final.jar:1.1.0.Final]
>>> at
io.undertow.servlet.handlers.ServletInitialHandler.access$000(ServletInitialHandler.java:76)
[undertow-servlet-1.1.0.Final.jar:1.1.0.Final]
>>> at
io.undertow.servlet.handlers.ServletInitialHandler$1.handleRequest(ServletInitialHandler.java:166)
[undertow-servlet-1.1.0.Final.jar:1.1.0.Final]
>>> at
io.undertow.server.Connectors.executeRootHandler(Connectors.java:197)
[undertow-core-1.1.0.Final.jar:1.1.0.Final]
>>> at
io.undertow.server.HttpServerExchange$1.run(HttpServerExchange.java:759)
[undertow-core-1.1.0.Final.jar:1.1.0.Final]
>>> at
java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
[rt.jar:1.8.0_31]
>>> at
java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
[rt.jar:1.8.0_31]
>>> at java.lang.Thread.run(Thread.java:745) [rt.jar:1.8.0_31]
>>> Caused by: javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated
>>> at
sun.security.ssl.SSLSessionImpl.getPeerCertificates(SSLSessionImpl.java:431)
[jsse.jar:1.8.0_31]
>>> at
org.apache.http.conn.ssl.AbstractVerifier.verify(AbstractVerifier.java:128)
[httpclient-4.2.1.jar:4.2.1]
>>> at
org.apache.http.conn.ssl.SSLSocketFactory.connectSocket(SSLSocketFactory.java:572)
[httpclient-4.2.1.jar:4.2.1]
>>> at
org.apache.http.impl.conn.DefaultClientConnectionOperator.openConnection(DefaultClientConnectionOperator.java:180)
[httpclient-4.2.1.jar:4.2.1]
>>>
>>>
>>> So "peer not authenticated" seems pretty obvious for the reason it
fails.
>>> The question is what do we need to do for this ? Anyone an idea ?
>>>
>>> Thx,
>>> Sebi
>>>
>>>
>>> _______________________________________________
>>> aerogear-dev mailing list
>>> aerogear-dev(a)lists.jboss.org
>>> https://lists.jboss.org/mailman/listinfo/aerogear-dev
>>>
>>
>>
>>
>> --
>> Matthias Wessendorf
>>
>> blog: http://matthiaswessendorf.wordpress.com/
>> sessions: http://www.slideshare.net/mwessendorf
>> twitter: http://twitter.com/mwessendorf
>>
>> _______________________________________________
>> aerogear-dev mailing list
>> aerogear-dev(a)lists.jboss.org
>> https://lists.jboss.org/mailman/listinfo/aerogear-dev
>>
>
>
> _______________________________________________
> aerogear-dev mailing list
> aerogear-dev(a)lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/aerogear-dev
>
--
Matthias Wessendorf
blog: http://matthiaswessendorf.wordpress.com/
sessions: http://www.slideshare.net/mwessendorf
twitter: http://twitter.com/mwessendorf
_______________________________________________
aerogear-dev mailing list
aerogear-dev(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/aerogear-dev
--
--
"The measure of a man is what he does with power" - Plato
-
@abstractj
-
Volenti Nihil Difficile
8:06 a.m.
Thx for the headup !
When did this upgrade happened ?
Shouldn't we have the problem also with UPS 1.0.x series on OpenShift ?
On Thu, Apr 2, 2015 at 2:55 PM, Bruno Oliveira <bruno(a)abstractj.org> wrote:
Good morning guys, I'm investigating the problem since yesterday.
The
problem at first glance is related with the upgrade on OpenShift to Java 8.
Java 8 sends TLSv1.2 ClientHello and Java 7 TLSv1 and if the server
somehow does not support version 1.2, it should be able to negotiate down
to 1.1 or 1.0.
I'm still investigating the root cause, but the immediate fix is to run KC
and UPS on JDK 1.7 only. Meanwhile I will be investigating the issue.
On Tue, Mar 31, 2015 at 11:10 AM, Matthias Wessendorf <matzew(a)apache.org>
wrote:
> that is on a totally different KC version
>
> On Tue, Mar 31, 2015 at 4:03 PM, Sebastien Blanc <scm.blanc(a)gmail.com>
> wrote:
>
>> Maybe,
>> But it may also be that I'm missing something stupid :) and I have to
>> configure something extra since openshift is https and I always test
>> locally ... But yeah for 1.0.x I did not have to do anything.
>>
>>
>> On Tue, Mar 31, 2015 at 3:52 PM, Matthias Wessendorf <matzew(a)apache.org>
>> wrote:
>>
>>> anything wrong w/ the keycloak adapter, or was there a fix for a 1.1.1?
>>>
>>> On Tue, Mar 31, 2015 at 3:50 PM, Sebastien Blanc <scm.blanc(a)gmail.com>
>>> wrote:
>>>
>>>> Hi !
>>>> I was trying (and so was Lukas) to deploy UPS 1.1 (master branch) to
>>>> an openshift gear (Wildfly 8.2 cartridge). After tweaking a bit the
>>>> datasources to get it deployed, when trying to access /ag-push , I'm
get an
>>>> 500 internal server error.
>>>>
>>>> The wildfly logs show me the following :
>>>>
>>>> 2015-03-31 09:40:47,240 ERROR [io.undertow.request] (default task-8)
UT005023: Exception handling request to /ag-push/index.html: java.lang.RuntimeException:
Unable to resolve realm public key remotely
>>>> at
org.keycloak.adapters.AdapterDeploymentContext.resolveRealmKey(AdapterDeploymentContext.java:134)
[keycloak-adapter-core-1.1.0.Final.jar:1.1.0.Final]
>>>> at
org.keycloak.adapters.AdapterDeploymentContext.resolveDeployment(AdapterDeploymentContext.java:83)
[keycloak-adapter-core-1.1.0.Final.jar:1.1.0.Final]
>>>> at
org.keycloak.adapters.PreAuthActionsHandler.preflightCors(PreAuthActionsHandler.java:71)
[keycloak-adapter-core-1.1.0.Final.jar:1.1.0.Final]
>>>> at
org.keycloak.adapters.PreAuthActionsHandler.handleRequest(PreAuthActionsHandler.java:47)
[keycloak-adapter-core-1.1.0.Final.jar:1.1.0.Final]
>>>> at
org.keycloak.adapters.undertow.ServletPreAuthActionsHandler.handleRequest(ServletPreAuthActionsHandler.java:68)
[keycloak-undertow-adapter-1.1.0.Final.jar:1.1.0.Final]
>>>> at
io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
[undertow-core-1.1.0.Final.jar:1.1.0.Final]
>>>> at
io.undertow.servlet.handlers.ServletInitialHandler.handleFirstRequest(ServletInitialHandler.java:261)
[undertow-servlet-1.1.0.Final.jar:1.1.0.Final]
>>>> at
io.undertow.servlet.handlers.ServletInitialHandler.dispatchRequest(ServletInitialHandler.java:247)
[undertow-servlet-1.1.0.Final.jar:1.1.0.Final]
>>>> at
io.undertow.servlet.handlers.ServletInitialHandler.access$000(ServletInitialHandler.java:76)
[undertow-servlet-1.1.0.Final.jar:1.1.0.Final]
>>>> at
io.undertow.servlet.handlers.ServletInitialHandler$1.handleRequest(ServletInitialHandler.java:166)
[undertow-servlet-1.1.0.Final.jar:1.1.0.Final]
>>>> at
io.undertow.server.Connectors.executeRootHandler(Connectors.java:197)
[undertow-core-1.1.0.Final.jar:1.1.0.Final]
>>>> at
io.undertow.server.HttpServerExchange$1.run(HttpServerExchange.java:759)
[undertow-core-1.1.0.Final.jar:1.1.0.Final]
>>>> at
java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
[rt.jar:1.8.0_31]
>>>> at
java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
[rt.jar:1.8.0_31]
>>>> at java.lang.Thread.run(Thread.java:745) [rt.jar:1.8.0_31]
>>>> Caused by: javax.net.ssl.SSLPeerUnverifiedException: peer not
authenticated
>>>> at
sun.security.ssl.SSLSessionImpl.getPeerCertificates(SSLSessionImpl.java:431)
[jsse.jar:1.8.0_31]
>>>> at
org.apache.http.conn.ssl.AbstractVerifier.verify(AbstractVerifier.java:128)
[httpclient-4.2.1.jar:4.2.1]
>>>> at
org.apache.http.conn.ssl.SSLSocketFactory.connectSocket(SSLSocketFactory.java:572)
[httpclient-4.2.1.jar:4.2.1]
>>>> at
org.apache.http.impl.conn.DefaultClientConnectionOperator.openConnection(DefaultClientConnectionOperator.java:180)
[httpclient-4.2.1.jar:4.2.1]
>>>>
>>>>
>>>> So "peer not authenticated" seems pretty obvious for the reason
it fails.
>>>> The question is what do we need to do for this ? Anyone an idea ?
>>>>
>>>> Thx,
>>>> Sebi
>>>>
>>>>
>>>> _______________________________________________
>>>> aerogear-dev mailing list
>>>> aerogear-dev(a)lists.jboss.org
>>>> https://lists.jboss.org/mailman/listinfo/aerogear-dev
>>>>
>>>
>>>
>>>
>>> --
>>> Matthias Wessendorf
>>>
>>> blog: http://matthiaswessendorf.wordpress.com/
>>> sessions: http://www.slideshare.net/mwessendorf
>>> twitter: http://twitter.com/mwessendorf
>>>
>>> _______________________________________________
>>> aerogear-dev mailing list
>>> aerogear-dev(a)lists.jboss.org
>>> https://lists.jboss.org/mailman/listinfo/aerogear-dev
>>>
>>
>>
>> _______________________________________________
>> aerogear-dev mailing list
>> aerogear-dev(a)lists.jboss.org
>> https://lists.jboss.org/mailman/listinfo/aerogear-dev
>>
>
>
>
> --
> Matthias Wessendorf
>
> blog: http://matthiaswessendorf.wordpress.com/
> sessions: http://www.slideshare.net/mwessendorf
> twitter: http://twitter.com/mwessendorf
>
> _______________________________________________
> aerogear-dev mailing list
> aerogear-dev(a)lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/aerogear-dev
>
--
--
"The measure of a man is what he does with power" - Plato
-
@abstractj
-
Volenti Nihil Difficile
_______________________________________________
aerogear-dev mailing list
aerogear-dev(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/aerogear-dev
9:23 a.m.
I would like to do a little fix in my e-mail, to avoid any misunderstanding.
WildFly cartridge targets OpenJDK 1.8, not the whole OpenShift. I realized
my poor explanation, after I got some questions.
Sorry about that.
On Thu, Apr 2, 2015 at 10:06 AM, Sebastien Blanc <scm.blanc(a)gmail.com>
wrote:
Thx for the headup !
When did this upgrade happened ?
Shouldn't we have the problem also with UPS 1.0.x series on OpenShift ?
On Thu, Apr 2, 2015 at 2:55 PM, Bruno Oliveira <bruno(a)abstractj.org>
wrote:
> Good morning guys, I'm investigating the problem since yesterday. The
> problem at first glance is related with the upgrade on OpenShift to Java 8.
>
> Java 8 sends TLSv1.2 ClientHello and Java 7 TLSv1 and if the server
> somehow does not support version 1.2, it should be able to negotiate down
> to 1.1 or 1.0.
>
> I'm still investigating the root cause, but the immediate fix is to run
> KC and UPS on JDK 1.7 only. Meanwhile I will be investigating the issue.
>
> On Tue, Mar 31, 2015 at 11:10 AM, Matthias Wessendorf <matzew(a)apache.org>
> wrote:
>
>> that is on a totally different KC version
>>
>> On Tue, Mar 31, 2015 at 4:03 PM, Sebastien Blanc <scm.blanc(a)gmail.com>
>> wrote:
>>
>>> Maybe,
>>> But it may also be that I'm missing something stupid :) and I have to
>>> configure something extra since openshift is https and I always test
>>> locally ... But yeah for 1.0.x I did not have to do anything.
>>>
>>>
>>> On Tue, Mar 31, 2015 at 3:52 PM, Matthias Wessendorf <matzew(a)apache.org
>>> > wrote:
>>>
>>>> anything wrong w/ the keycloak adapter, or was there a fix for a
>>>> 1.1.1?
>>>>
>>>> On Tue, Mar 31, 2015 at 3:50 PM, Sebastien Blanc
<scm.blanc(a)gmail.com>
>>>> wrote:
>>>>
>>>>> Hi !
>>>>> I was trying (and so was Lukas) to deploy UPS 1.1 (master branch) to
>>>>> an openshift gear (Wildfly 8.2 cartridge). After tweaking a bit the
>>>>> datasources to get it deployed, when trying to access /ag-push ,
I'm get an
>>>>> 500 internal server error.
>>>>>
>>>>> The wildfly logs show me the following :
>>>>>
>>>>> 2015-03-31 09:40:47,240 ERROR [io.undertow.request] (default task-8)
UT005023: Exception handling request to /ag-push/index.html: java.lang.RuntimeException:
Unable to resolve realm public key remotely
>>>>> at
org.keycloak.adapters.AdapterDeploymentContext.resolveRealmKey(AdapterDeploymentContext.java:134)
[keycloak-adapter-core-1.1.0.Final.jar:1.1.0.Final]
>>>>> at
org.keycloak.adapters.AdapterDeploymentContext.resolveDeployment(AdapterDeploymentContext.java:83)
[keycloak-adapter-core-1.1.0.Final.jar:1.1.0.Final]
>>>>> at
org.keycloak.adapters.PreAuthActionsHandler.preflightCors(PreAuthActionsHandler.java:71)
[keycloak-adapter-core-1.1.0.Final.jar:1.1.0.Final]
>>>>> at
org.keycloak.adapters.PreAuthActionsHandler.handleRequest(PreAuthActionsHandler.java:47)
[keycloak-adapter-core-1.1.0.Final.jar:1.1.0.Final]
>>>>> at
org.keycloak.adapters.undertow.ServletPreAuthActionsHandler.handleRequest(ServletPreAuthActionsHandler.java:68)
[keycloak-undertow-adapter-1.1.0.Final.jar:1.1.0.Final]
>>>>> at
io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
[undertow-core-1.1.0.Final.jar:1.1.0.Final]
>>>>> at
io.undertow.servlet.handlers.ServletInitialHandler.handleFirstRequest(ServletInitialHandler.java:261)
[undertow-servlet-1.1.0.Final.jar:1.1.0.Final]
>>>>> at
io.undertow.servlet.handlers.ServletInitialHandler.dispatchRequest(ServletInitialHandler.java:247)
[undertow-servlet-1.1.0.Final.jar:1.1.0.Final]
>>>>> at
io.undertow.servlet.handlers.ServletInitialHandler.access$000(ServletInitialHandler.java:76)
[undertow-servlet-1.1.0.Final.jar:1.1.0.Final]
>>>>> at
io.undertow.servlet.handlers.ServletInitialHandler$1.handleRequest(ServletInitialHandler.java:166)
[undertow-servlet-1.1.0.Final.jar:1.1.0.Final]
>>>>> at
io.undertow.server.Connectors.executeRootHandler(Connectors.java:197)
[undertow-core-1.1.0.Final.jar:1.1.0.Final]
>>>>> at
io.undertow.server.HttpServerExchange$1.run(HttpServerExchange.java:759)
[undertow-core-1.1.0.Final.jar:1.1.0.Final]
>>>>> at
java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
[rt.jar:1.8.0_31]
>>>>> at
java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
[rt.jar:1.8.0_31]
>>>>> at java.lang.Thread.run(Thread.java:745) [rt.jar:1.8.0_31]
>>>>> Caused by: javax.net.ssl.SSLPeerUnverifiedException: peer not
authenticated
>>>>> at
sun.security.ssl.SSLSessionImpl.getPeerCertificates(SSLSessionImpl.java:431)
[jsse.jar:1.8.0_31]
>>>>> at
org.apache.http.conn.ssl.AbstractVerifier.verify(AbstractVerifier.java:128)
[httpclient-4.2.1.jar:4.2.1]
>>>>> at
org.apache.http.conn.ssl.SSLSocketFactory.connectSocket(SSLSocketFactory.java:572)
[httpclient-4.2.1.jar:4.2.1]
>>>>> at
org.apache.http.impl.conn.DefaultClientConnectionOperator.openConnection(DefaultClientConnectionOperator.java:180)
[httpclient-4.2.1.jar:4.2.1]
>>>>>
>>>>>
>>>>> So "peer not authenticated" seems pretty obvious for the
reason it fails.
>>>>> The question is what do we need to do for this ? Anyone an idea ?
>>>>>
>>>>> Thx,
>>>>> Sebi
>>>>>
>>>>>
>>>>> _______________________________________________
>>>>> aerogear-dev mailing list
>>>>> aerogear-dev(a)lists.jboss.org
>>>>> https://lists.jboss.org/mailman/listinfo/aerogear-dev
>>>>>
>>>>
>>>>
>>>>
>>>> --
>>>> Matthias Wessendorf
>>>>
>>>> blog: http://matthiaswessendorf.wordpress.com/
>>>> sessions: http://www.slideshare.net/mwessendorf
>>>> twitter: http://twitter.com/mwessendorf
>>>>
>>>> _______________________________________________
>>>> aerogear-dev mailing list
>>>> aerogear-dev(a)lists.jboss.org
>>>> https://lists.jboss.org/mailman/listinfo/aerogear-dev
>>>>
>>>
>>>
>>> _______________________________________________
>>> aerogear-dev mailing list
>>> aerogear-dev(a)lists.jboss.org
>>> https://lists.jboss.org/mailman/listinfo/aerogear-dev
>>>
>>
>>
>>
>> --
>> Matthias Wessendorf
>>
>> blog: http://matthiaswessendorf.wordpress.com/
>> sessions: http://www.slideshare.net/mwessendorf
>> twitter: http://twitter.com/mwessendorf
>>
>> _______________________________________________
>> aerogear-dev mailing list
>> aerogear-dev(a)lists.jboss.org
>> https://lists.jboss.org/mailman/listinfo/aerogear-dev
>>
>
>
>
> --
>
> --
> "The measure of a man is what he does with power" - Plato
> -
> @abstractj
> -
> Volenti Nihil Difficile
>
> _______________________________________________
> aerogear-dev mailing list
> aerogear-dev(a)lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/aerogear-dev
>
_______________________________________________
aerogear-dev mailing list
aerogear-dev(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/aerogear-dev
--
--
"The measure of a man is what he does with power" - Plato
-
@abstractj
-
Volenti Nihil Difficile
12:13 p.m.
A little update, if you're willing to deploy UPS on Openshift:
https://issues.jboss.org/browse/AGPUSH-1352
On 2015-04-02, Sebastien Blanc wrote:
Thx for the headup !
When did this upgrade happened ?
Shouldn't we have the problem also with UPS 1.0.x series on OpenShift ?
On Thu, Apr 2, 2015 at 2:55 PM, Bruno Oliveira <bruno(a)abstractj.org> wrote:
> Good morning guys, I'm investigating the problem since yesterday. The
> problem at first glance is related with the upgrade on OpenShift to Java 8.
>
> Java 8 sends TLSv1.2 ClientHello and Java 7 TLSv1 and if the server
> somehow does not support version 1.2, it should be able to negotiate down
> to 1.1 or 1.0.
>
> I'm still investigating the root cause, but the immediate fix is to run KC
> and UPS on JDK 1.7 only. Meanwhile I will be investigating the issue.
>
> On Tue, Mar 31, 2015 at 11:10 AM, Matthias Wessendorf <matzew(a)apache.org>
> wrote:
>
>> that is on a totally different KC version
>>
>> On Tue, Mar 31, 2015 at 4:03 PM, Sebastien Blanc <scm.blanc(a)gmail.com>
>> wrote:
>>
>>> Maybe,
>>> But it may also be that I'm missing something stupid :) and I have to
>>> configure something extra since openshift is https and I always test
>>> locally ... But yeah for 1.0.x I did not have to do anything.
>>>
>>>
>>> On Tue, Mar 31, 2015 at 3:52 PM, Matthias Wessendorf
<matzew(a)apache.org>
>>> wrote:
>>>
>>>> anything wrong w/ the keycloak adapter, or was there a fix for a 1.1.1?
>>>>
>>>> On Tue, Mar 31, 2015 at 3:50 PM, Sebastien Blanc
<scm.blanc(a)gmail.com>
>>>> wrote:
>>>>
>>>>> Hi !
>>>>> I was trying (and so was Lukas) to deploy UPS 1.1 (master branch)
to
>>>>> an openshift gear (Wildfly 8.2 cartridge). After tweaking a bit the
>>>>> datasources to get it deployed, when trying to access /ag-push ,
I'm get an
>>>>> 500 internal server error.
>>>>>
>>>>> The wildfly logs show me the following :
>>>>>
>>>>> 2015-03-31 09:40:47,240 ERROR [io.undertow.request] (default task-8)
UT005023: Exception handling request to /ag-push/index.html: java.lang.RuntimeException:
Unable to resolve realm public key remotely
>>>>> at
org.keycloak.adapters.AdapterDeploymentContext.resolveRealmKey(AdapterDeploymentContext.java:134)
[keycloak-adapter-core-1.1.0.Final.jar:1.1.0.Final]
>>>>> at
org.keycloak.adapters.AdapterDeploymentContext.resolveDeployment(AdapterDeploymentContext.java:83)
[keycloak-adapter-core-1.1.0.Final.jar:1.1.0.Final]
>>>>> at
org.keycloak.adapters.PreAuthActionsHandler.preflightCors(PreAuthActionsHandler.java:71)
[keycloak-adapter-core-1.1.0.Final.jar:1.1.0.Final]
>>>>> at
org.keycloak.adapters.PreAuthActionsHandler.handleRequest(PreAuthActionsHandler.java:47)
[keycloak-adapter-core-1.1.0.Final.jar:1.1.0.Final]
>>>>> at
org.keycloak.adapters.undertow.ServletPreAuthActionsHandler.handleRequest(ServletPreAuthActionsHandler.java:68)
[keycloak-undertow-adapter-1.1.0.Final.jar:1.1.0.Final]
>>>>> at
io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
[undertow-core-1.1.0.Final.jar:1.1.0.Final]
>>>>> at
io.undertow.servlet.handlers.ServletInitialHandler.handleFirstRequest(ServletInitialHandler.java:261)
[undertow-servlet-1.1.0.Final.jar:1.1.0.Final]
>>>>> at
io.undertow.servlet.handlers.ServletInitialHandler.dispatchRequest(ServletInitialHandler.java:247)
[undertow-servlet-1.1.0.Final.jar:1.1.0.Final]
>>>>> at
io.undertow.servlet.handlers.ServletInitialHandler.access$000(ServletInitialHandler.java:76)
[undertow-servlet-1.1.0.Final.jar:1.1.0.Final]
>>>>> at
io.undertow.servlet.handlers.ServletInitialHandler$1.handleRequest(ServletInitialHandler.java:166)
[undertow-servlet-1.1.0.Final.jar:1.1.0.Final]
>>>>> at
io.undertow.server.Connectors.executeRootHandler(Connectors.java:197)
[undertow-core-1.1.0.Final.jar:1.1.0.Final]
>>>>> at
io.undertow.server.HttpServerExchange$1.run(HttpServerExchange.java:759)
[undertow-core-1.1.0.Final.jar:1.1.0.Final]
>>>>> at
java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
[rt.jar:1.8.0_31]
>>>>> at
java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
[rt.jar:1.8.0_31]
>>>>> at java.lang.Thread.run(Thread.java:745) [rt.jar:1.8.0_31]
>>>>> Caused by: javax.net.ssl.SSLPeerUnverifiedException: peer not
authenticated
>>>>> at
sun.security.ssl.SSLSessionImpl.getPeerCertificates(SSLSessionImpl.java:431)
[jsse.jar:1.8.0_31]
>>>>> at
org.apache.http.conn.ssl.AbstractVerifier.verify(AbstractVerifier.java:128)
[httpclient-4.2.1.jar:4.2.1]
>>>>> at
org.apache.http.conn.ssl.SSLSocketFactory.connectSocket(SSLSocketFactory.java:572)
[httpclient-4.2.1.jar:4.2.1]
>>>>> at
org.apache.http.impl.conn.DefaultClientConnectionOperator.openConnection(DefaultClientConnectionOperator.java:180)
[httpclient-4.2.1.jar:4.2.1]
>>>>>
>>>>>
>>>>> So "peer not authenticated" seems pretty obvious for the
reason it fails.
>>>>> The question is what do we need to do for this ? Anyone an idea ?
>>>>>
>>>>> Thx,
>>>>> Sebi
>>>>>
>>>>>
>>>>> _______________________________________________
>>>>> aerogear-dev mailing list
>>>>> aerogear-dev(a)lists.jboss.org
>>>>> https://lists.jboss.org/mailman/listinfo/aerogear-dev
>>>>>
>>>>
>>>>
>>>>
>>>> --
>>>> Matthias Wessendorf
>>>>
>>>> blog: http://matthiaswessendorf.wordpress.com/
>>>> sessions: http://www.slideshare.net/mwessendorf
>>>> twitter: http://twitter.com/mwessendorf
>>>>
>>>> _______________________________________________
>>>> aerogear-dev mailing list
>>>> aerogear-dev(a)lists.jboss.org
>>>> https://lists.jboss.org/mailman/listinfo/aerogear-dev
>>>>
>>>
>>>
>>> _______________________________________________
>>> aerogear-dev mailing list
>>> aerogear-dev(a)lists.jboss.org
>>> https://lists.jboss.org/mailman/listinfo/aerogear-dev
>>>
>>
>>
>>
>> --
>> Matthias Wessendorf
>>
>> blog: http://matthiaswessendorf.wordpress.com/
>> sessions: http://www.slideshare.net/mwessendorf
>> twitter: http://twitter.com/mwessendorf
>>
>> _______________________________________________
>> aerogear-dev mailing list
>> aerogear-dev(a)lists.jboss.org
>> https://lists.jboss.org/mailman/listinfo/aerogear-dev
>>
>
>
>
> --
>
> --
> "The measure of a man is what he does with power" - Plato
> -
> @abstractj
> -
> Volenti Nihil Difficile
>
> _______________________________________________
> aerogear-dev mailing list
> aerogear-dev(a)lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/aerogear-dev
>
_______________________________________________
aerogear-dev mailing list
aerogear-dev(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/aerogear-dev
--
abstractj
PGP: 0x84DC9914
2:50 a.m.
Thanks for update, Bruno. I will try it and let you know.
po 6. 4. 2015 v 19:14 odesílatel Bruno Oliveira <bruno(a)abstractj.org>
napsal:
A little update, if you're willing to deploy UPS on Openshift:
https://issues.jboss.org/browse/AGPUSH-1352
On 2015-04-02, Sebastien Blanc wrote:
> Thx for the headup !
> When did this upgrade happened ?
> Shouldn't we have the problem also with UPS 1.0.x series on OpenShift ?
>
> On Thu, Apr 2, 2015 at 2:55 PM, Bruno Oliveira <bruno(a)abstractj.org>
wrote:
>
> > Good morning guys, I'm investigating the problem since yesterday. The
> > problem at first glance is related with the upgrade on OpenShift to
Java 8.
> >
> > Java 8 sends TLSv1.2 ClientHello and Java 7 TLSv1 and if the server
> > somehow does not support version 1.2, it should be able to negotiate
down
> > to 1.1 or 1.0.
> >
> > I'm still investigating the root cause, but the immediate fix is to
run KC
> > and UPS on JDK 1.7 only. Meanwhile I will be investigating the issue.
> >
> > On Tue, Mar 31, 2015 at 11:10 AM, Matthias Wessendorf <
matzew(a)apache.org>
> > wrote:
> >
> >> that is on a totally different KC version
> >>
> >> On Tue, Mar 31, 2015 at 4:03 PM, Sebastien Blanc <scm.blanc(a)gmail.com
>
> >> wrote:
> >>
> >>> Maybe,
> >>> But it may also be that I'm missing something stupid :) and I
have
to
> >>> configure something extra since openshift is https and I always test
> >>> locally ... But yeah for 1.0.x I did not have to do anything.
> >>>
> >>>
> >>> On Tue, Mar 31, 2015 at 3:52 PM, Matthias Wessendorf <
matzew(a)apache.org>
> >>> wrote:
> >>>
> >>>> anything wrong w/ the keycloak adapter, or was there a fix for a
1.1.1?
> >>>>
> >>>> On Tue, Mar 31, 2015 at 3:50 PM, Sebastien Blanc <
scm.blanc(a)gmail.com>
> >>>> wrote:
> >>>>
> >>>>> Hi !
> >>>>> I was trying (and so was Lukas) to deploy UPS 1.1 (master
branch)
to
> >>>>> an openshift gear (Wildfly 8.2 cartridge). After tweaking a bit
the
> >>>>> datasources to get it deployed, when trying to access /ag-push
,
I'm get an
> >>>>> 500 internal server error.
> >>>>>
> >>>>> The wildfly logs show me the following :
> >>>>>
> >>>>> 2015-03-31 09:40:47,240 ERROR [io.undertow.request] (default
task-8) UT005023: Exception handling request to /ag-push/index.html:
java.lang.RuntimeException: Unable to resolve realm public key remotely
> >>>>> at org.keycloak.adapters.AdapterDeploymentContext.
resolveRealmKey(AdapterDeploymentContext.java:134)
[keycloak-adapter-core-1.1.0.Final.jar:1.1.0.Final]
> >>>>> at org.keycloak.adapters.AdapterDeploymentContext.
resolveDeployment(AdapterDeploymentContext.java:83)
[keycloak-adapter-core-1.1.0.Final.jar:1.1.0.Final]
> >>>>> at org.keycloak.adapters.PreAuthActionsHandler.
preflightCors(PreAuthActionsHandler.java:71) [keycloak-adapter-core-1.1.0.
Final.jar:1.1.0.Final]
> >>>>> at org.keycloak.adapters.PreAuthActionsHandler.
handleRequest(PreAuthActionsHandler.java:47) [keycloak-adapter-core-1.1.0.
Final.jar:1.1.0.Final]
> >>>>> at org.keycloak.adapters.undertow.
ServletPreAuthActionsHandler.handleRequest(ServletPreAuthActionsHandler.java:68)
[keycloak-undertow-adapter-1.1.0.Final.jar:1.1.0.Final]
> >>>>> at io.undertow.server.handlers.PredicateHandler.
handleRequest(PredicateHandler.java:43) [undertow-core-1.1.0.Final.
jar:1.1.0.Final]
> >>>>> at io.undertow.servlet.handlers.ServletInitialHandler.
handleFirstRequest(ServletInitialHandler.java:261)
[undertow-servlet-1.1.0.Final.jar:1.1.0.Final]
> >>>>> at io.undertow.servlet.handlers.ServletInitialHandler.
dispatchRequest(ServletInitialHandler.java:247)
[undertow-servlet-1.1.0.Final.jar:1.1.0.Final]
> >>>>> at io.undertow.servlet.handlers.
ServletInitialHandler.access$000(ServletInitialHandler.java:76)
[undertow-servlet-1.1.0.Final.jar:1.1.0.Final]
> >>>>> at
io.undertow.servlet.handlers.ServletInitialHandler$1.
handleRequest(ServletInitialHandler.java:166)
[undertow-servlet-1.1.0.Final.jar:1.1.0.Final]
> >>>>> at io.undertow.server.Connectors.
executeRootHandler(Connectors.java:197) [undertow-core-1.1.0.Final.
jar:1.1.0.Final]
> >>>>> at
io.undertow.server.HttpServerExchange$1.run(HttpServerExchange.java:759)
[undertow-core-1.1.0.Final.jar:1.1.0.Final]
> >>>>> at
java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
[rt.jar:1.8.0_31]
> >>>>> at
java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
[rt.jar:1.8.0_31]
> >>>>> at java.lang.Thread.run(Thread.java:745)
[rt.jar:1.8.0_31]
> >>>>> Caused by: javax.net.ssl.SSLPeerUnverifiedException: peer not
authenticated
> >>>>> at
sun.security.ssl.SSLSessionImpl.getPeerCertificates(SSLSessionImpl.java:431)
[jsse.jar:1.8.0_31]
> >>>>> at
org.apache.http.conn.ssl.AbstractVerifier.verify(AbstractVerifier.java:128)
[httpclient-4.2.1.jar:4.2.1]
> >>>>> at org.apache.http.conn.ssl.SSLSocketFactory.
connectSocket(SSLSocketFactory.java:572) [httpclient-4.2.1.jar:4.2.1]
> >>>>> at org.apache.http.impl.conn.
DefaultClientConnectionOperator.openConnection(
DefaultClientConnectionOperator.java:180) [httpclient-4.2.1.jar:4.2.1]
> >>>>>
> >>>>>
> >>>>> So "peer not authenticated" seems pretty obvious for
the reason it
fails.
> >>>>> The question is what do we need to do for this ? Anyone an idea
?
> >>>>>
> >>>>> Thx,
> >>>>> Sebi
> >>>>>
> >>>>>
> >>>>> _______________________________________________
> >>>>> aerogear-dev mailing list
> >>>>> aerogear-dev(a)lists.jboss.org
> >>>>> https://lists.jboss.org/mailman/listinfo/aerogear-dev
> >>>>>
> >>>>
> >>>>
> >>>>
> >>>> --
> >>>> Matthias Wessendorf
> >>>>
> >>>> blog: http://matthiaswessendorf.wordpress.com/
> >>>> sessions: http://www.slideshare.net/mwessendorf
> >>>> twitter: http://twitter.com/mwessendorf
> >>>>
> >>>> _______________________________________________
> >>>> aerogear-dev mailing list
> >>>> aerogear-dev(a)lists.jboss.org
> >>>> https://lists.jboss.org/mailman/listinfo/aerogear-dev
> >>>>
> >>>
> >>>
> >>> _______________________________________________
> >>> aerogear-dev mailing list
> >>> aerogear-dev(a)lists.jboss.org
> >>> https://lists.jboss.org/mailman/listinfo/aerogear-dev
> >>>
> >>
> >>
> >>
> >> --
> >> Matthias Wessendorf
> >>
> >> blog: http://matthiaswessendorf.wordpress.com/
> >> sessions: http://www.slideshare.net/mwessendorf
> >> twitter: http://twitter.com/mwessendorf
> >>
> >> _______________________________________________
> >> aerogear-dev mailing list
> >> aerogear-dev(a)lists.jboss.org
> >> https://lists.jboss.org/mailman/listinfo/aerogear-dev
> >>
> >
> >
> >
> > --
> >
> > --
> > "The measure of a man is what he does with power" - Plato
> > -
> > @abstractj
> > -
> > Volenti Nihil Difficile
> >
> > _______________________________________________
> > aerogear-dev mailing list
> > aerogear-dev(a)lists.jboss.org
> > https://lists.jboss.org/mailman/listinfo/aerogear-dev
> >
> _______________________________________________
> aerogear-dev mailing list
> aerogear-dev(a)lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/aerogear-dev
--
abstractj
PGP: 0x84DC9914
_______________________________________________
aerogear-dev mailing list
aerogear-dev(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/aerogear-dev
3546
days inactive
3553
days old
8 comments
4 participants
participants (4)
-
Bruno Oliveira -
Lukáš Fryč -
Matthias Wessendorf -
Sebastien Blanc