7:27 a.m.
Dmitry,
I'm using the standalone-ha.xml.
I've checked the truststore configuration. Everything is ok.
Changing the ldap protocole from LDAPS to ldaps make it works. So it could
not be a truststore configuration issue.
Meissa
Le lun. 19 nov. 2018 à 01:18, Dmitry Telegin <dt(a)acutus.pro> a écrit :
Meissa,
This looks like an unconfigured SSL truststore. Could it be that you have
configured it in standalone.xml instead of standalone-ha.xml (which is used
by default in Docker image for Keycloak 4.5.0+)?
Cheers,
Dmitry Telegin
CTO, Acutus s.r.o.
Keycloak Consulting and Training
Pod lipami street 339/52, 130 00 Prague 3, Czech Republic
+42 (022) 888-30-71
E-mail: info(a)acutus.pro
On Thu, 2018-11-15 at 10:12 +0100, Meissa M'baye Sakho wrote:
> Hello everyone,
> I'm facing a very strange behaviour using keycloak 4.5 Final while
> configuring my realm user federation with ldaps.
> When I set the ldap connection URL to ldaps://myldaphost. It works fine.
> When I change it to LDAPS://myldaphost, the test connexion fails with the
> exception below (extract):
>
> *KC-SERVICES0055: Error when connecting to LDAP:
> intra-dev01.bdf-dev01.local:636: javax.naming.CommunicationException:
> intra-dev01.bdf-dev01.local:636 [Root exception is
> javax.net.ssl.SSLHandshakeException:
> sun.security.validator.ValidatorException: PKIX path building failed:
> sun.security.provider.certpath.SunCertPathBuilderException: unable to
find
> valid certification path to requested target]*
> * at com.sun.jndi.ldap.Connection.<init>(Connection.java:238)*
> * at com.sun.jndi.ldap.LdapClient.<init>(LdapClient.java:137)*
> * at
com.sun.jndi.ldap.LdapClient.getInstance(LdapClient.java:1615)*
> * at com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2749)*
> * at com.sun.jndi.ldap.LdapCtx.<init>(LdapCtx.java:319)*
> * at
> com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(LdapCtxFactory.java:192)*
> * at
> com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(LdapCtxFactory.java:210)*
>
> * Caused by: javax.net.ssl.SSLHandshakeException:
> sun.security.validator.ValidatorException: PKIX path building failed:
> sun.security.provider.certpath.SunCertPathBuilderException: unable to
find
> valid certification path to requested target*
> * at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)*
> * at
sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1964)*
>
> With Keycloak 3.4.3Final, I used LDAPS without any problem.
> Any advice?
> Meissa
> _______________________________________________
> keycloak-user mailing list
> keycloak-user(a)lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user