[keycloak-user] Resteasy client SSLHandshakeException
Rajkiran K
rajkiran.k at inteqsolutions.com
Fri Apr 21 04:39:56 EDT 2017
Thank you marek.
On 4/21/2017 1:15 PM, Marek Posolda wrote:
> Forgot to add list yesterday:
>
> Ah ok. Then the problem is possibly in connection pooling. Maybe it
> helps if you increase connection pool of Apache HTTP Client on
> admin-client side or maximum number of IO threads and/or Worker
> threads in the undertow subsystem on the Keycloak server side.
> Exception states "Remote host closed the connection", which indicates
> that issue is rather on server side, but I am not 100% sure.
>
> Marek
>
> On 20/04/17 07:37, Rajkiran K wrote:
>> Thanks you for reply marek.
>>
>> yes, SSL certificate is signed by well known Certificate Authority. This
>> SSLHandshakeException is occuring few times only. Many times this
>> exception is not seen, can you guess possible issue here (if
>> admin-client is not trusted by Keycloak server, we should get exception
>> every time)
>>
>> Thanks,
>>
>> Raj Kiran K
>>
>>
>> On 4/19/2017 9:56 PM, Marek Posolda wrote:
>>> It seems that your application where admin-client is running, needs to
>>> trust the Keycloak server, so it's able to communicate with it through
>>> SSL.
>>>
>>> One possibility to do it is to ensure that your SSL certificate is
>>> signed by some well known Certificate Authority. This is good
>>> especially in production environments.
>>>
>>> Other possibility is to configure your admin-client to trust the
>>> Keycloak server. The easiest is to use property like
>>> javax.net.ssl.trustStore system properties (see JVM docs for more
>>> details). Another possibility is to use custom RestEasyClient or
>>> SSLContext to your admin client, which will "trust" the Keycloak
>>> server.
>>>
>>> Marek
>>>
>>> On 19/04/17 14:33, Rajkiran K wrote:
>>>> Hi all,
>>>>
>>>> We are trying to get all roles data of realm from keycloak. We are
>>>> getting "SSLHandshakeException", can any one help on this issue
>>>>
>>>> *Keycloak version*: 1.9.8 Final
>>>>
>>>> *resteasy-client version*: resteasy-client-3.0.14.Final
>>>>
>>>> build 19-Apr-2017 02:00:18 2017-04-19 02:00:18 INFO
>>>> KeycloakRestUserDataLoader:228 - Retrieving Roles from Keycloak
>>>> error 19-Apr-2017 02:00:19 javax.ws.rs.ProcessingException:
>>>> java.lang.RuntimeException: javax.net.ssl.SSLHandshakeException:
>>>> Remote
>>>> host closed connection during handshake
>>>> error 19-Apr-2017 02:00:19 at
>>>> org.jboss.resteasy.client.jaxrs.internal.ClientInvocation.invoke(ClientInvocation.java:430)
>>>>
>>>>
>>>> error 19-Apr-2017 02:00:19 at
>>>> org.jboss.resteasy.client.jaxrs.internal.proxy.ClientInvoker.invoke(ClientInvoker.java:102)
>>>>
>>>>
>>>> error 19-Apr-2017 02:00:19 at
>>>> org.jboss.resteasy.client.jaxrs.internal.proxy.ClientProxy.invoke(ClientProxy.java:64)
>>>>
>>>>
>>>> error 19-Apr-2017 02:00:19 at
>>>> com.sun.proxy.$Proxy27.list(Unknown Source)
>>>> error 19-Apr-2017 02:00:19 at
>>>> com.sample.loader.KeycloakRestUserDataLoader.getRealmRoles(KeycloakRestUserDataLoader.java:230)
>>>>
>>>>
>>>> error 19-Apr-2017 02:00:19 at
>>>> com.sample.loader.KeycloakRestUserDataLoader.loadUserData(KeycloakRestUserDataLoader.java:199)
>>>>
>>>>
>>>> error 19-Apr-2017 02:00:19 at
>>>> com.sample.loader.KeycloakDataManager.main(KeycloakDataManager.java:34)
>>>>
>>>> error 19-Apr-2017 02:00:19 Caused by:
>>>> java.lang.RuntimeException:
>>>> javax.net.ssl.SSLHandshakeException: Remote host closed connection
>>>> during handshake
>>>> error 19-Apr-2017 02:00:19 at
>>>> org.jboss.resteasy.client.jaxrs.engines.URLConnectionEngine.executeRequest(URLConnectionEngine.java:174)
>>>>
>>>>
>>>> error 19-Apr-2017 02:00:19 at
>>>> org.jboss.resteasy.client.jaxrs.engines.URLConnectionEngine.invoke(URLConnectionEngine.java:47)
>>>>
>>>>
>>>> error 19-Apr-2017 02:00:19 at
>>>> org.jboss.resteasy.client.jaxrs.internal.ClientInvocation.invoke(ClientInvocation.java:436)
>>>>
>>>>
>>>> error 19-Apr-2017 02:00:19 at
>>>> org.jboss.resteasy.client.jaxrs.internal.proxy.ClientInvoker.invoke(ClientInvoker.java:102)
>>>>
>>>>
>>>> error 19-Apr-2017 02:00:19 at
>>>> org.jboss.resteasy.client.jaxrs.internal.proxy.ClientProxy.invoke(ClientProxy.java:64)
>>>>
>>>>
>>>> error 19-Apr-2017 02:00:19 at
>>>> com.sun.proxy.$Proxy19.grantToken(Unknown Source)
>>>> error 19-Apr-2017 02:00:19 at
>>>> org.keycloak.admin.client.token.TokenManager.grantToken(TokenManager.java:85)
>>>>
>>>>
>>>> error 19-Apr-2017 02:00:19 at
>>>> org.keycloak.admin.client.token.TokenManager.getAccessToken(TokenManager.java:65)
>>>>
>>>>
>>>> error 19-Apr-2017 02:00:19 at
>>>> org.keycloak.admin.client.token.TokenManager.getAccessTokenString(TokenManager.java:60)
>>>>
>>>>
>>>> error 19-Apr-2017 02:00:19 at
>>>> org.keycloak.admin.client.resource.BearerAuthFilter.filter(BearerAuthFilter.java:52)
>>>>
>>>>
>>>> error 19-Apr-2017 02:00:19 at
>>>> org.jboss.resteasy.client.jaxrs.internal.ClientInvocation.invoke(ClientInvocation.java:413)
>>>>
>>>>
>>>> error 19-Apr-2017 02:00:19 ... 6 more
>>>> error 19-Apr-2017 02:00:19 Caused by:
>>>> javax.net.ssl.SSLHandshakeException: Remote host closed connection
>>>> during handshake
>>>> error 19-Apr-2017 02:00:19 at
>>>> sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:992)
>>>> error 19-Apr-2017 02:00:19 at
>>>> sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1375)
>>>>
>>>>
>>>> error 19-Apr-2017 02:00:19 at
>>>> sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1403)
>>>> error 19-Apr-2017 02:00:19 at
>>>> sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1387)
>>>> error 19-Apr-2017 02:00:19 at
>>>> sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:559)
>>>>
>>>>
>>>> error 19-Apr-2017 02:00:19 at
>>>> sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:185)
>>>>
>>>>
>>>> error 19-Apr-2017 02:00:19 at
>>>> sun.net.www.protocol.http.HttpURLConnection.getOutputStream0(HttpURLConnection.java:1316)
>>>>
>>>>
>>>> error 19-Apr-2017 02:00:19 at
>>>> sun.net.www.protocol.http.HttpURLConnection.getOutputStream(HttpURLConnection.java:1291)
>>>>
>>>>
>>>> error 19-Apr-2017 02:00:19 at
>>>> sun.net.www.protocol.https.HttpsURLConnectionImpl.getOutputStream(HttpsURLConnectionImpl.java:250)
>>>>
>>>>
>>>> error 19-Apr-2017 02:00:19 at
>>>> org.jboss.resteasy.client.jaxrs.engines.URLConnectionEngine.executeRequest(URLConnectionEngine.java:167)
>>>>
>>>>
>>>> error 19-Apr-2017 02:00:19 ... 16 more
>>>> error 19-Apr-2017 02:00:19 Caused by: java.io.EOFException: SSL
>>>> peer shut down incorrectly
>>>> error 19-Apr-2017 02:00:19 at
>>>> sun.security.ssl.InputRecord.read(InputRecord.java:505)
>>>> error 19-Apr-2017 02:00:19 at
>>>> sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:973)
>>>> error 19-Apr-2017 02:00:19 ... 25 more
>>>> build 19-Apr-2017 02:00:19 2017-04-19 02:00:19 ERROR
>>>> KeycloakDataManager:38 - java.lang.RuntimeException:
>>>> javax.net.ssl.SSLHandshakeException: Remote host closed connection
>>>> during handshake
>>>>
>>>
>>>
>>>
>
>
>
>
--
Thanks & Regards,
Rajkiran K
The information transmitted is intended only for the person or entity to which it is addressed and may contain confidential and/or privileged material; unauthorized use of this information is prohibited. If you have received this in error, please contact the sender and delete the material immediately.
More information about the keycloak-user
mailing list