Hello,
Maybe not yet Jira, I would first like to know if this same issue is happening on anybody
else, or am I just doing something silly here? JDK versions in use, are as follow:
-=-=-=-=-=-=-=-=-=-=-=-=
keycloak-saml-wildfly-adapter-dist-1.9.2.Final.zip --> java version
"1.8.0_73" Java(TM) SE Runtime Environment (build 1.8.0_73-b02) Java HotSpot(TM)
64-Bit Server VM (build 25.73-b02, mixed mode)
-=-=-=-=-=-=-=-=-=-=-=-=
keycloak-demo-1.9.2.Final.tar.gz --> java version "1.8.0_77" Java(TM) SE
Runtime Environment (build 1.8.0_77-b03) Java HotSpot(TM) 64-Bit Server VM (build
25.77-b03, mixed mode)
-=-=-=-=-=-=-=-=-=-=-=-=
-Jukka
-----Alkuperäinen viesti-----
Lähettäjä: Bruno Oliveira [mailto:bruno@abstractj.org]
Lähetetty: 20. huhtikuuta 2016 15:39
Vastaanottaja: Jukka Sirviö
Kopio: keycloak-user(a)lists.jboss.org
Aihe: Re: VS: [keycloak-user] silent ssl error in debug level
Could you please file a Jira with all the details including the JDK version?
On 2016-04-20, Jukka Sirviö wrote:
Hello,
Certainly, Keycloak IDP is keycloak-demo-1.9.2.Final.tar.gz and SP is
keycloak-saml-wildfly-adapter-dist-1.9.2.Final.zip. Chromium issue is similar, but
unfortunately this happens also on Firefox (version 45.0.2).
Yours:
Jukka
-----Alkuperäinen viesti-----
Lähettäjä: Bruno Oliveira [mailto:bruno@abstractj.org]
Lähetetty: 19. huhtikuuta 2016 17:08
Vastaanottaja: Jukka Sirviö
Kopio: keycloak-user(a)lists.jboss.org
Aihe: Re: [keycloak-user] silent ssl error in debug level
Could you please provide more information about your environment and which version of KC
are you running? Is this happening with Chrome for example? See:
https://bugs.chromium.org/p/chromium/issues/detail?id=118366
On 2016-04-19, Jukka Sirviö wrote:
> Hello,
>
> Anybody have any clue what could be causing this "silent exception" when
DEBUG level logging is used, to SP's log. IOException is written to log all the time.
Thus SAML authentication is working ok / normally. Using SSL (https) public addresses both
with IDP and SP, along with signed & encrypted SAML assertions. Public certificates
are good and ok!
>
>
>
> 2016-04-19 13:25:26,441 DEBUG [io.undertow.request.io] (default I/O-8) UT005013: An
IOException occurred: java.io.IOException: javax.net.ssl.SSLException: Inbound closed
before receiving peer's close_notify: possible truncation attack?
>
> at
> io.undertow.protocols.ssl.SslConduit.notifyReadClosed(SslConduit.java:
> 577)
>
> at
> io.undertow.protocols.ssl.SslConduit.terminateReads(SslConduit.java:
> 17
> 8)
>
> at
> org.xnio.conduits.ConduitStreamSourceChannel.close(ConduitStreamSour
> ce
> Channel.java:168)
>
> at
> org.xnio.IoUtils.safeClose(IoUtils.java:134)
>
> at
> org.xnio.conduits.ReadReadyHandler$ChannelListenerHandler.forceTermi
> na
> tion(ReadReadyHandler.java:58)
>
> at
> io.undertow.protocols.ssl.SslConduit$SslReadReadyHandler.forceTermin
> at
> ion(SslConduit.java:1091)
>
> at
> org.xnio.nio.NioSocketConduit.forceTermination(NioSocketConduit.java
> :1
> 05)
>
> at
> org.xnio.nio.WorkerThread.run(WorkerThread.java:492)
>
> Caused by: javax.net.ssl.SSLException: Inbound closed before receiving peer's
close_notify: possible truncation attack?
>
> at
> sun.security.ssl.Alerts.getSSLException(Alerts.java:208)
>
> at
> sun.security.ssl.SSLEngineImpl.fatal(SSLEngineImpl.java:1666)
>
> at
> sun.security.ssl.SSLEngineImpl.fatal(SSLEngineImpl.java:1634)
>
> at
> sun.security.ssl.SSLEngineImpl.closeInbound(SSLEngineImpl.java:1561)
>
> at
> io.undertow.protocols.ssl.SslConduit.notifyReadClosed(SslConduit.java:
> 575)
>
> ... 7 more
>
>
>
>
> ________________________________
>
> Tämä sähköpostiviesti (liitteineen) saattaa sisältää
> luottamuksellista tietoa, joka on tarkoitettu vain
> vastaanottajalleen. Jos et ole oikea vastaanottaja, ilmoita viestin
> lähettäjälle tapahtuneesta virheestä ja tuhoa viesti välittömästi. Viestin luvaton
julkaiseminen, kopioiminen, jakelu tai muu käyttö tai toimenpiteisiin ryhtyminen sen
perusteella on ehdottomasti kielletty.
>
> This message (including any attachments) may contain confidential
> information intended for the person or entity to which it is
> addressed. If you are not the intended recipient, notify the sender
> and delete this message immediately. Notice that disclosing, copying, distributing
or any other use of the message and its information, or taking any action based on it, is
strictly prohibited.
>
> ________________________________
> _______________________________________________
> keycloak-user mailing list
> keycloak-user(a)lists.jboss.org
>
https://lists.jboss.org/mailman/listinfo/keycloak-user
--
abstractj
PGP: 0x84DC9914
--
abstractj
PGP: 0x84DC9914
________________________________
Tämä sähköpostiviesti (liitteineen) saattaa sisältää luottamuksellista tietoa, joka on
tarkoitettu
vain vastaanottajalleen. Jos et ole oikea vastaanottaja, ilmoita viestin lähettäjälle
tapahtuneesta
virheestä ja tuhoa viesti välittömästi. Viestin luvaton julkaiseminen, kopioiminen, jakelu
tai muu
käyttö tai toimenpiteisiin ryhtyminen sen perusteella on ehdottomasti kielletty.
This message (including any attachments) may contain confidential information intended
for
the person or entity to which it is addressed. If you are not the intended recipient,
notify the
sender and delete this message immediately. Notice that disclosing, copying, distributing
or any
other use of the message and its information, or taking any action based on it, is
strictly prohibited.
________________________________