1:23 a.m.
Hello,
Certainly, Keycloak IDP is keycloak-demo-1.9.2.Final.tar.gz and SP is
keycloak-saml-wildfly-adapter-dist-1.9.2.Final.zip. Chromium issue is similar, but
unfortunately this happens also on Firefox (version 45.0.2).
Yours:
Jukka
-----Alkuperäinen viesti-----
Lähettäjä: Bruno Oliveira [mailto:bruno@abstractj.org]
Lähetetty: 19. huhtikuuta 2016 17:08
Vastaanottaja: Jukka Sirviö
Kopio: keycloak-user(a)lists.jboss.org
Aihe: Re: [keycloak-user] silent ssl error in debug level
Could you please provide more information about your environment and which version of KC
are you running? Is this happening with Chrome for example? See:
https://bugs.chromium.org/p/chromium/issues/detail?id=118366
On 2016-04-19, Jukka Sirviö wrote:
Hello,
Anybody have any clue what could be causing this "silent exception" when DEBUG
level logging is used, to SP's log. IOException is written to log all the time. Thus
SAML authentication is working ok / normally. Using SSL (https) public addresses both with
IDP and SP, along with signed & encrypted SAML assertions. Public certificates are
good and ok!
2016-04-19 13:25:26,441 DEBUG [io.undertow.request.io] (default I/O-8) UT005013: An
IOException occurred: java.io.IOException: javax.net.ssl.SSLException: Inbound closed
before receiving peer's close_notify: possible truncation attack?
at
io.undertow.protocols.ssl.SslConduit.notifyReadClosed(SslConduit.java:
577)
at
io.undertow.protocols.ssl.SslConduit.terminateReads(SslConduit.java:17
8)
at
org.xnio.conduits.ConduitStreamSourceChannel.close(ConduitStreamSource
Channel.java:168)
at
org.xnio.IoUtils.safeClose(IoUtils.java:134)
at
org.xnio.conduits.ReadReadyHandler$ChannelListenerHandler.forceTermina
tion(ReadReadyHandler.java:58)
at
io.undertow.protocols.ssl.SslConduit$SslReadReadyHandler.forceTerminat
ion(SslConduit.java:1091)
at
org.xnio.nio.NioSocketConduit.forceTermination(NioSocketConduit.java:1
05)
at
org.xnio.nio.WorkerThread.run(WorkerThread.java:492)
Caused by: javax.net.ssl.SSLException: Inbound closed before receiving peer's
close_notify: possible truncation attack?
at
sun.security.ssl.Alerts.getSSLException(Alerts.java:208)
at
sun.security.ssl.SSLEngineImpl.fatal(SSLEngineImpl.java:1666)
at
sun.security.ssl.SSLEngineImpl.fatal(SSLEngineImpl.java:1634)
at
sun.security.ssl.SSLEngineImpl.closeInbound(SSLEngineImpl.java:1561)
at
io.undertow.protocols.ssl.SslConduit.notifyReadClosed(SslConduit.java:
575)
... 7 more
________________________________
Tämä sähköpostiviesti (liitteineen) saattaa sisältää luottamuksellista
tietoa, joka on tarkoitettu vain vastaanottajalleen. Jos et ole oikea
vastaanottaja, ilmoita viestin lähettäjälle tapahtuneesta virheestä ja
tuhoa viesti välittömästi. Viestin luvaton julkaiseminen, kopioiminen, jakelu tai muu
käyttö tai toimenpiteisiin ryhtyminen sen perusteella on ehdottomasti kielletty.
This message (including any attachments) may contain confidential
information intended for the person or entity to which it is
addressed. If you are not the intended recipient, notify the sender
and delete this message immediately. Notice that disclosing, copying, distributing or any
other use of the message and its information, or taking any action based on it, is
strictly prohibited.
________________________________
_______________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user
--
abstractj
PGP: 0x84DC9914