[keycloak-dev] Ignoring self signed cert errors while developing

Aiden Keating akeating at redhat.com
Mon Jan 22 03:38:16 EST 2018


Apologies for not following up on this thread sooner.

After reading up a bit further on the topic I ended up configuring the
trust store.

Thanks,
Aiden

On Mon, Jan 22, 2018 at 8:01 AM, Stian Thorgersen <sthorger at redhat.com>
wrote:

> I don't think Keycloak server supports the 'disable-trust-manager'
> option. Keycloak adapters do, but that doesn't help you with the OpenShift
> IdP.
>
> Here's details on how to configure Keycloak server truststore:
> http://www.keycloak.org/docs/latest/server_installation/
> index.html#outgoing-http-requests
>
> You'd probably need to import your self-signed certificate to make it work.
>
> On 14 January 2018 at 21:59, Aiden Keating <akeating at redhat.com> wrote:
>
>> Hello,
>>
>> I am configuring an OpenShift v3 identity provider on Keycloak using an
>> Ansible playbook. I have created the identity provider successfully.
>>
>> After filling in my OpenShift username and password I see an "Unexpected
>> error when authenticating with identity provider" error from Keycloak.
>> This
>> is due to the self signed certificates of the OpenShift development
>> cluster
>> I am using (using oc cluster up).
>>
>> I am looking for an option to ignore these errors when in a development
>> environment.
>>
>> I have read about the 'disable-trust-manager' option, from what I
>> understand this can be set in development environments to avoid these
>> errors. However, I am not fully clear on how to use it and how to
>> configure
>> it. Can this option be set using the REST API?
>>
>> Any help would be greatly appreciated.
>>
>> Thanks,
>> Aiden Keating
>> _______________________________________________
>> keycloak-dev mailing list
>> keycloak-dev at lists.jboss.org
>> https://lists.jboss.org/mailman/listinfo/keycloak-dev
>>
>
>


More information about the keycloak-dev mailing list