[keycloak-user] Resteasy client SSLHandshakeException

Rajkiran K rajkiran.k at inteqsolutions.com
Thu Apr 20 01:37:03 EDT 2017 

Thanks you for reply marek.

yes, SSL certificate is signed by well known Certificate Authority. This 
SSLHandshakeException is occuring few times only. Many times this 
exception is not seen, can you guess possible issue here (if 
admin-client is not trusted by Keycloak server, we should get exception 
every time)

Thanks,

Raj Kiran K


On 4/19/2017 9:56 PM, Marek Posolda wrote:
> It seems that your application where admin-client is running, needs to 
> trust the Keycloak server, so it's able to communicate with it through 
> SSL.
>
> One possibility to do it is to ensure that your SSL certificate is 
> signed by some well known Certificate Authority. This is good 
> especially in production environments.
>
> Other possibility is to configure your admin-client to trust the 
> Keycloak server. The easiest is to use property like 
> javax.net.ssl.trustStore system properties (see JVM docs for more 
> details). Another possibility is to use custom RestEasyClient or 
> SSLContext to your admin client, which will "trust" the Keycloak server.
>
> Marek
>
> On 19/04/17 14:33, Rajkiran K wrote:
>> Hi all,
>>
>> We are trying to get all roles data of realm from keycloak. We are
>> getting "SSLHandshakeException", can any one help on this issue
>>
>> *Keycloak version*: 1.9.8 Final
>>
>> *resteasy-client version*: resteasy-client-3.0.14.Final
>>
>> build    19-Apr-2017 02:00:18    2017-04-19 02:00:18 INFO
>> KeycloakRestUserDataLoader:228 - Retrieving Roles from Keycloak
>> error    19-Apr-2017 02:00:19 javax.ws.rs.ProcessingException:
>> java.lang.RuntimeException: javax.net.ssl.SSLHandshakeException: Remote
>> host closed connection during handshake
>> error    19-Apr-2017 02:00:19        at
>> org.jboss.resteasy.client.jaxrs.internal.ClientInvocation.invoke(ClientInvocation.java:430) 
>>
>> error    19-Apr-2017 02:00:19        at
>> org.jboss.resteasy.client.jaxrs.internal.proxy.ClientInvoker.invoke(ClientInvoker.java:102) 
>>
>> error    19-Apr-2017 02:00:19        at
>> org.jboss.resteasy.client.jaxrs.internal.proxy.ClientProxy.invoke(ClientProxy.java:64) 
>>
>> error    19-Apr-2017 02:00:19        at
>> com.sun.proxy.$Proxy27.list(Unknown Source)
>> error    19-Apr-2017 02:00:19        at
>> com.sample.loader.KeycloakRestUserDataLoader.getRealmRoles(KeycloakRestUserDataLoader.java:230) 
>>
>> error    19-Apr-2017 02:00:19        at
>> com.sample.loader.KeycloakRestUserDataLoader.loadUserData(KeycloakRestUserDataLoader.java:199) 
>>
>> error    19-Apr-2017 02:00:19        at
>> com.sample.loader.KeycloakDataManager.main(KeycloakDataManager.java:34)
>> error    19-Apr-2017 02:00:19    Caused by: java.lang.RuntimeException:
>> javax.net.ssl.SSLHandshakeException: Remote host closed connection
>> during handshake
>> error    19-Apr-2017 02:00:19        at
>> org.jboss.resteasy.client.jaxrs.engines.URLConnectionEngine.executeRequest(URLConnectionEngine.java:174) 
>>
>> error    19-Apr-2017 02:00:19        at
>> org.jboss.resteasy.client.jaxrs.engines.URLConnectionEngine.invoke(URLConnectionEngine.java:47) 
>>
>> error    19-Apr-2017 02:00:19        at
>> org.jboss.resteasy.client.jaxrs.internal.ClientInvocation.invoke(ClientInvocation.java:436) 
>>
>> error    19-Apr-2017 02:00:19        at
>> org.jboss.resteasy.client.jaxrs.internal.proxy.ClientInvoker.invoke(ClientInvoker.java:102) 
>>
>> error    19-Apr-2017 02:00:19        at
>> org.jboss.resteasy.client.jaxrs.internal.proxy.ClientProxy.invoke(ClientProxy.java:64) 
>>
>> error    19-Apr-2017 02:00:19        at
>> com.sun.proxy.$Proxy19.grantToken(Unknown Source)
>> error    19-Apr-2017 02:00:19        at
>> org.keycloak.admin.client.token.TokenManager.grantToken(TokenManager.java:85) 
>>
>> error    19-Apr-2017 02:00:19        at
>> org.keycloak.admin.client.token.TokenManager.getAccessToken(TokenManager.java:65) 
>>
>> error    19-Apr-2017 02:00:19        at
>> org.keycloak.admin.client.token.TokenManager.getAccessTokenString(TokenManager.java:60) 
>>
>> error    19-Apr-2017 02:00:19        at
>> org.keycloak.admin.client.resource.BearerAuthFilter.filter(BearerAuthFilter.java:52) 
>>
>> error    19-Apr-2017 02:00:19        at
>> org.jboss.resteasy.client.jaxrs.internal.ClientInvocation.invoke(ClientInvocation.java:413) 
>>
>> error    19-Apr-2017 02:00:19        ... 6 more
>> error    19-Apr-2017 02:00:19    Caused by:
>> javax.net.ssl.SSLHandshakeException: Remote host closed connection
>> during handshake
>> error    19-Apr-2017 02:00:19        at
>> sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:992)
>> error    19-Apr-2017 02:00:19        at
>> sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1375) 
>>
>> error    19-Apr-2017 02:00:19        at
>> sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1403)
>> error    19-Apr-2017 02:00:19        at
>> sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1387)
>> error    19-Apr-2017 02:00:19        at
>> sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:559) 
>>
>> error    19-Apr-2017 02:00:19        at
>> sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:185) 
>>
>> error    19-Apr-2017 02:00:19        at
>> sun.net.www.protocol.http.HttpURLConnection.getOutputStream0(HttpURLConnection.java:1316) 
>>
>> error    19-Apr-2017 02:00:19        at
>> sun.net.www.protocol.http.HttpURLConnection.getOutputStream(HttpURLConnection.java:1291) 
>>
>> error    19-Apr-2017 02:00:19        at
>> sun.net.www.protocol.https.HttpsURLConnectionImpl.getOutputStream(HttpsURLConnectionImpl.java:250) 
>>
>> error    19-Apr-2017 02:00:19        at
>> org.jboss.resteasy.client.jaxrs.engines.URLConnectionEngine.executeRequest(URLConnectionEngine.java:167) 
>>
>> error    19-Apr-2017 02:00:19        ... 16 more
>> error    19-Apr-2017 02:00:19    Caused by: java.io.EOFException: SSL
>> peer shut down incorrectly
>> error    19-Apr-2017 02:00:19        at
>> sun.security.ssl.InputRecord.read(InputRecord.java:505)
>> error    19-Apr-2017 02:00:19        at
>> sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:973)
>> error    19-Apr-2017 02:00:19        ... 25 more
>> build    19-Apr-2017 02:00:19    2017-04-19 02:00:19 ERROR
>> KeycloakDataManager:38 - java.lang.RuntimeException:
>> javax.net.ssl.SSLHandshakeException: Remote host closed connection
>> during handshake
>>
>
>
>
>

-- 
Thanks & Regards,

Rajkiran K


The information transmitted is intended only for the person or entity to which it is addressed and may contain confidential and/or privileged material; unauthorized use of this information is prohibited. If you have received this in error, please contact the sender and delete the material immediately.

More information about the keycloak-user mailing list