[keycloak-user] Keycloak Adapter Error

Bill Burke bburke at redhat.com
Mon May 12 10:36:38 EDT 2014


This would be set in the keycloak.json file for your application.  The 
adapter config.

On 5/9/2014 9:43 PM, Ben wrote:
> I am fairly new to this. I am using Wildfly 8.0.0 Final. Where should I
> set this?
>
>
> On Fri, May 9, 2014 at 6:13 PM, Bill Burke <bburke at redhat.com
> <mailto:bburke at redhat.com>> wrote:
>
>     Your server is secured via SSL?  (https)?  If so,
>
>     In your adapter config set:
>
>     "disable-trust-manager": true
>
>     or provide a keystore file that holds the public cert of your server:
>
>     "truststore": "/path",
>     "truststore-password": "password"
>
>
>
>
>
>     On 5/9/2014 5:42 PM, Ben wrote:
>      > I am using Keycloak Beta 1 Snapshot as my SSO but when any user
>     logs in
>      > it gives a 403 forbidden and the error shown below. Any idea what
>     went
>      > wrong?
>      >
>      >
>      > ERROR [org.keycloak.adapters.OAuthRequestAuthenticator] (default
>     task-7)
>      > failed to turn code into token:
>      > javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated
>      >
>      > at
>      >
>     sun.security.ssl.SSLSessionImpl.getPeerCertificates(SSLSessionImpl.java:397)
>      > [jsse.jar:1.7.0_45]
>      >
>      > at
>      >
>     org.apache.http.conn.ssl.AbstractVerifier.verify(AbstractVerifier.java:128)
>      >
>      > at
>      >
>     org.apache.http.conn.ssl.SSLSocketFactory.connectSocket(SSLSocketFactory.java:572)
>      >
>      > at
>      >
>     org.apache.http.impl.conn.DefaultClientConnectionOperator.openConnection(DefaultClientConnectionOperator.java:180)
>      >
>      > at
>      >
>     org.apache.http.impl.conn.AbstractPoolEntry.open(AbstractPoolEntry.java:151)
>      >
>      > at
>      >
>     org.apache.http.impl.conn.AbstractPooledConnAdapter.open(AbstractPooledConnAdapter.java:125)
>      >
>      > at
>      >
>     org.apache.http.impl.client.DefaultRequestDirector.tryConnect(DefaultRequestDirector.java:640)
>      >
>      > at
>      >
>     org.apache.http.impl.client.DefaultRequestDirector.execute(DefaultRequestDirector.java:479)
>      >
>      > at
>      >
>     org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:906)
>      >
>      > at
>      >
>     org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:805)
>      >
>      > at
>      >
>     org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:784)
>      >
>      > at
>      >
>     org.keycloak.adapters.ServerRequest.invokeAccessCodeToToken(ServerRequest.java:78)
>      > [keycloak-adapter-core-1.0-beta-1-SNAPSHOT.jar:]
>      >
>      > at
>      >
>     org.keycloak.adapters.ServerRequest.invokeAccessCodeToToken(ServerRequest.java:55)
>      > [keycloak-adapter-core-1.0-beta-1-SNAPSHOT.jar:]
>      >
>      > at
>      >
>     org.keycloak.adapters.OAuthRequestAuthenticator.resolveCode(OAuthRequestAuthenticator.java:256)
>      > [keycloak-adapter-core-1.0-beta-1-SNAPSHOT.jar:]
>      >
>      > at
>      >
>     org.keycloak.adapters.OAuthRequestAuthenticator.authenticate(OAuthRequestAuthenticator.java:205)
>      > [keycloak-adapter-core-1.0-beta-1-SNAPSHOT.jar:]
>      >
>      > at
>      >
>     org.keycloak.adapters.RequestAuthenticator.authenticate(RequestAuthenticator.java:59)
>      > [keycloak-adapter-core-1.0-beta-1-SNAPSHOT.jar:]
>      >
>      > at
>      >
>     org.keycloak.adapters.undertow.ServletKeycloakAuthMech.authenticate(ServletKeycloakAuthMech.java:38)
>      > [keycloak-undertow-adapter-1.0-beta-1-SNAPSHOT.jar:]
>      >
>      > at
>      >
>     io.undertow.security.impl.SecurityContextImpl$AuthAttempter.transition(SecurityContextImpl.java:281)
>      > [undertow-core-1.0.0.Final.jar:1.0.0.Final]
>      >
>      > at
>      >
>     io.undertow.security.impl.SecurityContextImpl$AuthAttempter.transition(SecurityContextImpl.java:298)
>      > [undertow-core-1.0.0.Final.jar:1.0.0.Final]
>      >
>      > at
>      >
>     io.undertow.security.impl.SecurityContextImpl$AuthAttempter.access$100(SecurityContextImpl.java:268)
>      > [undertow-core-1.0.0.Final.jar:1.0.0.Final]
>      >
>      > at
>      >
>     io.undertow.security.impl.SecurityContextImpl.attemptAuthentication(SecurityContextImpl.java:131)
>      > [undertow-core-1.0.0.Final.jar:1.0.0.Final]
>      >
>      > at
>      >
>     io.undertow.security.impl.SecurityContextImpl.authTransition(SecurityContextImpl.java:106)
>      > [undertow-core-1.0.0.Final.jar:1.0.0.Final]
>      >
>      > at
>      >
>     io.undertow.security.impl.SecurityContextImpl.authenticate(SecurityContextImpl.java:99)
>      > [undertow-core-1.0.0.Final.jar:1.0.0.Final]
>      >
>      > at
>      >
>     io.undertow.security.handlers.AuthenticationCallHandler.handleRequest(AuthenticationCallHandler.java:50)
>      > [undertow-core-1.0.0.Final.jar:1.0.0.Final]
>      >
>      > at
>      >
>     io.undertow.security.handlers.AuthenticationConstraintHandler.handleRequest(AuthenticationConstraintHandler.java:51)
>      > [undertow-core-1.0.0.Final.jar:1.0.0.Final]
>      >
>      > at
>      >
>     io.undertow.security.handlers.AbstractConfidentialityHandler.handleRequest(AbstractConfidentialityHandler.java:45)
>      > [undertow-core-1.0.0.Final.jar:1.0.0.Final]
>      >
>      > at
>      >
>     io.undertow.servlet.handlers.security.ServletConfidentialityConstraintHandler.handleRequest(ServletConfidentialityConstraintHandler.java:61)
>      > [undertow-servlet-1.0.0.Final.jar:1.0.0.Final]
>      >
>      > at
>      >
>     io.undertow.servlet.handlers.security.ServletSecurityConstraintHandler.handleRequest(ServletSecurityConstraintHandler.java:56)
>      > [undertow-servlet-1.0.0.Final.jar:1.0.0.Final]
>      >
>      > at
>      >
>     io.undertow.security.handlers.AuthenticationMechanismsHandler.handleRequest(AuthenticationMechanismsHandler.java:58)
>      > [undertow-core-1.0.0.Final.jar:1.0.0.Final]
>      >
>      > at
>      >
>     io.undertow.servlet.handlers.security.CachedAuthenticatedSessionHandler.handleRequest(CachedAuthenticatedSessionHandler.java:70)
>      > [undertow-servlet-1.0.0.Final.jar:1.0.0.Final]
>      >
>      > at
>      >
>     io.undertow.security.handlers.SecurityInitialHandler.handleRequest(SecurityInitialHandler.java:76)
>      > [undertow-core-1.0.0.Final.jar:1.0.0.Final]
>      >
>      > at
>      >
>     io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:25)
>      > [undertow-core-1.0.0.Final.jar:1.0.0.Final]
>      >
>      > at
>      >
>     org.wildfly.extension.undertow.security.jacc.JACCContextIdHandler.handleRequest(JACCContextIdHandler.java:61)
>      >
>      > at
>      >
>     io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:25)
>      > [undertow-core-1.0.0.Final.jar:1.0.0.Final]
>      >
>      > at
>      >
>     org.keycloak.adapters.undertow.ServletPreAuthActionsHandler.handleRequest(ServletPreAuthActionsHandler.java:54)
>      > [keycloak-undertow-adapter-1.0-beta-1-SNAPSHOT.jar:]
>      >
>      > at
>      >
>     io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:25)
>      > [undertow-core-1.0.0.Final.jar:1.0.0.Final]
>      >
>      > at
>      >
>     io.undertow.servlet.handlers.ServletInitialHandler.handleFirstRequest(ServletInitialHandler.java:240)
>      > [undertow-servlet-1.0.0.Final.jar:1.0.0.Final]
>      >
>      > at
>      >
>     io.undertow.servlet.handlers.ServletInitialHandler.dispatchRequest(ServletInitialHandler.java:227)
>      > [undertow-servlet-1.0.0.Final.jar:1.0.0.Final]
>      >
>      > at
>      >
>     io.undertow.servlet.handlers.ServletInitialHandler.access$000(ServletInitialHandler.java:73)
>      > [undertow-servlet-1.0.0.Final.jar:1.0.0.Final]
>      >
>      > at
>      >
>     io.undertow.servlet.handlers.ServletInitialHandler$1.handleRequest(ServletInitialHandler.java:146)
>      > [undertow-servlet-1.0.0.Final.jar:1.0.0.Final]
>      >
>      > at
>     io.undertow.server.Connectors.executeRootHandler(Connectors.java:168)
>      > [undertow-core-1.0.0.Final.jar:1.0.0.Final]
>      >
>      > at
>      >
>     io.undertow.server.HttpServerExchange$1.run(HttpServerExchange.java:687)
>      > [undertow-core-1.0.0.Final.jar:1.0.0.Final]
>      >
>      > at
>      >
>     java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
>      > [rt.jar:1.7.0_45]
>      >
>      > at
>      >
>     java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
>      > [rt.jar:1.7.0_45]
>      >
>      > at java.lang.Thread.run(Thread.java:744) [rt.jar:1.7.0_45]
>      >
>      >
>      >
>      > _______________________________________________
>      > keycloak-user mailing list
>      > keycloak-user at lists.jboss.org <mailto:keycloak-user at lists.jboss.org>
>      > https://lists.jboss.org/mailman/listinfo/keycloak-user
>      >
>
>     --
>     Bill Burke
>     JBoss, a division of Red Hat
>     http://bill.burkecentral.com
>     _______________________________________________
>     keycloak-user mailing list
>     keycloak-user at lists.jboss.org <mailto:keycloak-user at lists.jboss.org>
>     https://lists.jboss.org/mailman/listinfo/keycloak-user
>
>

-- 
Bill Burke
JBoss, a division of Red Hat
http://bill.burkecentral.com


More information about the keycloak-user mailing list