[keycloak-user] Two-way SSL via Undertow in keycloak-appliance-dist-all-1.1.0.Final
Stian Thorgersen
stian at redhat.com
Tue Feb 17 07:21:33 EST 2015
You need to configure a truststore for the adapter. See 'truststore' in http://docs.jboss.org/keycloak/docs/1.1.0.Final/userguide/html/ch08.html#adapter-config.
----- Original Message -----
> From: "Sahil Sachdeva" <sahilsachdeva at gmail.com>
> To: "keycloak-user" <keycloak-user at lists.jboss.org>
> Sent: Friday, February 6, 2015 1:22:17 PM
> Subject: [keycloak-user] Two-way SSL via Undertow in keycloak-appliance-dist-all-1.1.0.Final
>
> Hello Everybody,
>
> I am new to keycloak and playing around a little. I have small REST service i
> have deployed in the keycloak server and am trying to secure it. This is how
> far i have gotten:
>
> 1) I got the basic auth running.
> 2 ) I was abel to force SSL all through. Using a truststore in the adapter
> and the necessary settings in standalone.xml
>
> to take a step further i added:
> <authentication>
> <truststore path="server.truststore" relative-to="jboss.server.config.dir"
> keystore-password="mypassword"/>
> </authentication>
>
> to the security-realm which i used in step 2 to enable SSL , added the
> truststore to the required directory. How ever this broke the application
> partly. I can reach the master-realm login and admin console. When i go to
> the URL of the REST service i am redirected to the loginpage of my
> application realm. But after sucessfully logging in, i get a 403 forbidden
> and "SSLPeerUnverifiedException: peer not authenticated" error in the logs.
>
> Does any one have an idea why? The only thing that changed from one way SSL
> to two-way SSL is the undertow configuration, why does it disturb the
> adapter?
>
> Best,
> Sahil
>
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
More information about the keycloak-user
mailing list