[keycloak-user] Resteasy client SSLHandshakeException

Marek Posolda mposolda at redhat.com
Fri Apr 21 03:45:41 EDT 2017 

Forgot to add list yesterday:

Ah ok. Then the problem is possibly in connection pooling. Maybe it 
helps if you increase connection pool of Apache HTTP Client on 
admin-client side or maximum number of IO threads and/or Worker threads 
in the undertow subsystem on the Keycloak server side. Exception states 
"Remote host closed the connection", which indicates that issue is 
rather on server side, but I am not 100% sure.

Marek

On 20/04/17 07:37, Rajkiran K wrote:
> Thanks you for reply marek.
>
> yes, SSL certificate is signed by well known Certificate Authority. This
> SSLHandshakeException is occuring few times only. Many times this
> exception is not seen, can you guess possible issue here (if
> admin-client is not trusted by Keycloak server, we should get exception
> every time)
>
> Thanks,
>
> Raj Kiran K
>
>
> On 4/19/2017 9:56 PM, Marek Posolda wrote:
>> It seems that your application where admin-client is running, needs to
>> trust the Keycloak server, so it's able to communicate with it through
>> SSL.
>>
>> One possibility to do it is to ensure that your SSL certificate is
>> signed by some well known Certificate Authority. This is good
>> especially in production environments.
>>
>> Other possibility is to configure your admin-client to trust the
>> Keycloak server. The easiest is to use property like
>> javax.net.ssl.trustStore system properties (see JVM docs for more
>> details). Another possibility is to use custom RestEasyClient or
>> SSLContext to your admin client, which will "trust" the Keycloak server.
>>
>> Marek
>>
>> On 19/04/17 14:33, Rajkiran K wrote:
>>> Hi all,
>>>
>>> We are trying to get all roles data of realm from keycloak. We are
>>> getting "SSLHandshakeException", can any one help on this issue
>>>
>>> *Keycloak version*: 1.9.8 Final
>>>
>>> *resteasy-client version*: resteasy-client-3.0.14.Final
>>>
>>> build    19-Apr-2017 02:00:18    2017-04-19 02:00:18 INFO
>>> KeycloakRestUserDataLoader:228 - Retrieving Roles from Keycloak
>>> error    19-Apr-2017 02:00:19 javax.ws.rs.ProcessingException:
>>> java.lang.RuntimeException: javax.net.ssl.SSLHandshakeException: Remote
>>> host closed connection during handshake
>>> error    19-Apr-2017 02:00:19        at
>>> org.jboss.resteasy.client.jaxrs.internal.ClientInvocation.invoke(ClientInvocation.java:430)
>>>
>>> error    19-Apr-2017 02:00:19        at
>>> org.jboss.resteasy.client.jaxrs.internal.proxy.ClientInvoker.invoke(ClientInvoker.java:102)
>>>
>>> error    19-Apr-2017 02:00:19        at
>>> org.jboss.resteasy.client.jaxrs.internal.proxy.ClientProxy.invoke(ClientProxy.java:64)
>>>
>>> error    19-Apr-2017 02:00:19        at
>>> com.sun.proxy.$Proxy27.list(Unknown Source)
>>> error    19-Apr-2017 02:00:19        at
>>> com.sample.loader.KeycloakRestUserDataLoader.getRealmRoles(KeycloakRestUserDataLoader.java:230)
>>>
>>> error    19-Apr-2017 02:00:19        at
>>> com.sample.loader.KeycloakRestUserDataLoader.loadUserData(KeycloakRestUserDataLoader.java:199)
>>>
>>> error    19-Apr-2017 02:00:19        at
>>> com.sample.loader.KeycloakDataManager.main(KeycloakDataManager.java:34)
>>> error    19-Apr-2017 02:00:19    Caused by: java.lang.RuntimeException:
>>> javax.net.ssl.SSLHandshakeException: Remote host closed connection
>>> during handshake
>>> error    19-Apr-2017 02:00:19        at
>>> org.jboss.resteasy.client.jaxrs.engines.URLConnectionEngine.executeRequest(URLConnectionEngine.java:174)
>>>
>>> error    19-Apr-2017 02:00:19        at
>>> org.jboss.resteasy.client.jaxrs.engines.URLConnectionEngine.invoke(URLConnectionEngine.java:47)
>>>
>>> error    19-Apr-2017 02:00:19        at
>>> org.jboss.resteasy.client.jaxrs.internal.ClientInvocation.invoke(ClientInvocation.java:436)
>>>
>>> error    19-Apr-2017 02:00:19        at
>>> org.jboss.resteasy.client.jaxrs.internal.proxy.ClientInvoker.invoke(ClientInvoker.java:102)
>>>
>>> error    19-Apr-2017 02:00:19        at
>>> org.jboss.resteasy.client.jaxrs.internal.proxy.ClientProxy.invoke(ClientProxy.java:64)
>>>
>>> error    19-Apr-2017 02:00:19        at
>>> com.sun.proxy.$Proxy19.grantToken(Unknown Source)
>>> error    19-Apr-2017 02:00:19        at
>>> org.keycloak.admin.client.token.TokenManager.grantToken(TokenManager.java:85)
>>>
>>> error    19-Apr-2017 02:00:19        at
>>> org.keycloak.admin.client.token.TokenManager.getAccessToken(TokenManager.java:65)
>>>
>>> error    19-Apr-2017 02:00:19        at
>>> org.keycloak.admin.client.token.TokenManager.getAccessTokenString(TokenManager.java:60)
>>>
>>> error    19-Apr-2017 02:00:19        at
>>> org.keycloak.admin.client.resource.BearerAuthFilter.filter(BearerAuthFilter.java:52)
>>>
>>> error    19-Apr-2017 02:00:19        at
>>> org.jboss.resteasy.client.jaxrs.internal.ClientInvocation.invoke(ClientInvocation.java:413)
>>>
>>> error    19-Apr-2017 02:00:19        ... 6 more
>>> error    19-Apr-2017 02:00:19    Caused by:
>>> javax.net.ssl.SSLHandshakeException: Remote host closed connection
>>> during handshake
>>> error    19-Apr-2017 02:00:19        at
>>> sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:992)
>>> error    19-Apr-2017 02:00:19        at
>>> sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1375)
>>>
>>> error    19-Apr-2017 02:00:19        at
>>> sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1403)
>>> error    19-Apr-2017 02:00:19        at
>>> sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1387)
>>> error    19-Apr-2017 02:00:19        at
>>> sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:559)
>>>
>>> error    19-Apr-2017 02:00:19        at
>>> sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:185)
>>>
>>> error    19-Apr-2017 02:00:19        at
>>> sun.net.www.protocol.http.HttpURLConnection.getOutputStream0(HttpURLConnection.java:1316)
>>>
>>> error    19-Apr-2017 02:00:19        at
>>> sun.net.www.protocol.http.HttpURLConnection.getOutputStream(HttpURLConnection.java:1291)
>>>
>>> error    19-Apr-2017 02:00:19        at
>>> sun.net.www.protocol.https.HttpsURLConnectionImpl.getOutputStream(HttpsURLConnectionImpl.java:250)
>>>
>>> error    19-Apr-2017 02:00:19        at
>>> org.jboss.resteasy.client.jaxrs.engines.URLConnectionEngine.executeRequest(URLConnectionEngine.java:167)
>>>
>>> error    19-Apr-2017 02:00:19        ... 16 more
>>> error    19-Apr-2017 02:00:19    Caused by: java.io.EOFException: SSL
>>> peer shut down incorrectly
>>> error    19-Apr-2017 02:00:19        at
>>> sun.security.ssl.InputRecord.read(InputRecord.java:505)
>>> error    19-Apr-2017 02:00:19        at
>>> sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:973)
>>> error    19-Apr-2017 02:00:19        ... 25 more
>>> build    19-Apr-2017 02:00:19    2017-04-19 02:00:19 ERROR
>>> KeycloakDataManager:38 - java.lang.RuntimeException:
>>> javax.net.ssl.SSLHandshakeException: Remote host closed connection
>>> during handshake
>>>
>>
>>
>>

More information about the keycloak-user mailing list