You need to configure a truststore for the adapter. See 'truststore' in
From: "Sahil Sachdeva" <sahilsachdeva(a)gmail.com>
To: "keycloak-user" <keycloak-user(a)lists.jboss.org>
Sent: Friday, February 6, 2015 1:22:17 PM
Subject: [keycloak-user] Two-way SSL via Undertow
in keycloak-appliance-dist-all-1.1.0.Final
Hello Everybody,
I am new to keycloak and playing around a little. I have small REST service i
have deployed in the keycloak server and am trying to secure it. This is how
far i have gotten:
1) I got the basic auth running.
2 ) I was abel to force SSL all through. Using a truststore in the adapter
and the necessary settings in standalone.xml
to take a step further i added:
<authentication>
<truststore path="server.truststore"
relative-to="jboss.server.config.dir"
keystore-password="mypassword"/>
</authentication>
to the security-realm which i used in step 2 to enable SSL , added the
truststore to the required directory. How ever this broke the application
partly. I can reach the master-realm login and admin console. When i go to
the URL of the REST service i am redirected to the loginpage of my
application realm. But after sucessfully logging in, i get a 403 forbidden
and "SSLPeerUnverifiedException: peer not authenticated" error in the logs.
Does any one have an idea why? The only thing that changed from one way SSL
to two-way SSL is the undertow configuration, why does it disturb the
adapter?
Best,
Sahil
_______________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user