[keycloak-user] Keycloak Express middleware VS self signed cert
Wei Li
weil at redhat.com
Thu Apr 12 11:07:46 EDT 2018
Hi Ali,
I think by default the http module in nodejs doesn't support self-signed
certificates. Can you try add this in the nodejs code:
process.env.NODE_TLS_REJECT_UNAUTHORIZED = "0";
Thanks.
On Thu, Apr 12, 2018 at 3:51 PM, Ali Ok <aliok at redhat.com> wrote:
> Resending, after subscribing to Keycloak user list
>
> ----------------------------------
>
> (also adding Keycloak ML)
>
> Hi,
> I am trying to integrate a Node application with a Keycloak instance
> running on my local OpenShift cluster.
>
> Node app uses the Keycloak client in this Gist: [1]
> Here is the keycloak.json file used in Node app: [2]
>
>
> When I pass a valid token to the Node app, Keycloak middleware on the Node
> app side is trying to get the public key from Keycloak, I see there is
> "self signed certificate in certificate chain" error when Keycloak lib
> tries to do this:
> "
>
> // retrieve public KEY and use it to validate token
> this.rotation.getJWK(token.header.kid).then(key => {
>
> "
> here: https://github.com/keycloak/keycloak-nodejs-connect/blob/master/
> middleware/auth-utils/grant-manager.js#L359
>
> 2 questions:
> - How can I configure client and the Node app to have the public key
> already, so that it doesn't go and fetch the public key?
> - If question above doesn't make sense (I can be considered a beginner in
> this area), how can I make middleware to work with a self signed cert
> Keycloak instance?
>
> I prefer the first approach.
>
> Thanks,
> Ali
>
> [1]: https://gist.github.com/aliok/8ae2c9d240d09367b59e491677400a96
> [2]: https://gist.github.com/aliok/23e93794847ef3493893627ca68e9650
>
>
--
WEI LI
Principal SOFTWARE ENGINEER
Red Hat Mobile <https://www.redhat.com/>
weil at redhat.com M: +353862393272
<https://red.ht/sig>
More information about the keycloak-user
mailing list