[keycloak-user] Getting SSLPeerUnverifiedException
Chandran Soundrapandian
soundrachan at gmail.com
Wed Feb 28 00:53:45 EST 2018
Hi,
When we moved the working QA Setup to Production, we are getting the
following error when user uses Google identity provider:
I do see the CN name doesn't match the name in the certificate. But I am
not sure if that is the problem.
We are using Keycloak version - keycloak-3.2.0.Final
2018-02-27 03:16:50,531 ERROR [org.keycloak.broker.oidc.
AbstractOAuth2IdentityProvider] (default task-63) Failed to make identity
provider oauth callback: javax.net.ssl.SSLPeerUnverifiedException: Host
name 'www.googleapis.com' does not match the certificate subject provided
by the peer (*CN=gateway.***.***.org*, OU=PositiveSSL, OU=Domain Control
Validated)
at org.apache.http.conn.ssl.SSLConnectionSocketFactory.
verifyHostname(SSLConnectionSocketFactory.java:465)
at org.apache.http.conn.ssl.SSLConnectionSocketFactory.
createLayeredSocket(SSLConnectionSocketFactory.java:395)
at org.apache.http.conn.ssl.SSLConnectionSocketFactory.
connectSocket(SSLConnectionSocketFactory.java:353)
at org.apache.http.impl.conn.DefaultHttpClientConnectionOpe
rator.connect(DefaultHttpClientConnectionOperator.java:134)
at org.apache.http.impl.conn.PoolingHttpClientConnectionMan
ager.connect(PoolingHttpClientConnectionManager.java:353)
at org.apache.http.impl.execchain.MainClientExec.
establishRoute(MainClientExec.java:380)
at org.apache.http.impl.execchain.MainClientExec.
execute(MainClientExec.java:236)
at org.apache.http.impl.execchain.ProtocolExec.
execute(ProtocolExec.java:184)
at org.apache.http.impl.execchain.RetryExec.execute(
RetryExec.java:88)
at org.apache.http.impl.execchain.RedirectExec.
execute(RedirectExec.java:110)
at org.apache.http.impl.client.InternalHttpClient.doExecute(
InternalHttpClient.java:184)
at org.apache.http.impl.client.CloseableHttpClient.execute(
CloseableHttpClient.java:82)
at org.apache.http.impl.client.CloseableHttpClient.execute(
CloseableHttpClient.java:107)
at org.apache.http.impl.client.CloseableHttpClient.execute(
CloseableHttpClient.java:55)
at org.keycloak.broker.provider.util.SimpleHttp.makeRequest(
SimpleHttp.java:142)
at org.keycloak.broker.provider.util.SimpleHttp.asString(
SimpleHttp.java:90)
at org.keycloak.broker.oidc.AbstractOAuth2IdentityProvider
$Endpoint.authResponse(AbstractOAuth2IdentityProvider.java:230)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(
NativeMethodAccessorImpl.java:62)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(
DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:498)
at org.jboss.resteasy.core.MethodInjectorImpl.invoke(
MethodInjectorImpl.java:139)
at org.jboss.resteasy.core.ResourceMethodInvoker.invokeOnTarget(
ResourceMethodInvoker.java:295)
at org.jboss.resteasy.core.ResourceMethodInvoker.invoke(
ResourceMethodInvoker.java:249)
at org.jboss.resteasy.core.ResourceLocatorInvoker.
invokeOnTargetObject(ResourceLocatorInvoker.java:138)
at org.jboss.resteasy.core.ResourceLocatorInvoker.invoke(
ResourceLocatorInvoker.java:107)
at org.jboss.resteasy.core.ResourceLocatorInvoker.
invokeOnTargetObject(ResourceLocatorInvoker.java:133)
at org.jboss.resteasy.core.ResourceLocatorInvoker.invoke(
ResourceLocatorInvoker.java:101)
at org.jboss.resteasy.core.SynchronousDispatcher.invoke(
SynchronousDispatcher.java:395)
at org.jboss.resteasy.core.SynchronousDispatcher.invoke(
SynchronousDispatcher.java:202)
at org.jboss.resteasy.plugins.server.servlet.
ServletContainerDispatcher.service(ServletContainerDispatcher.java:221)
at org.jboss.resteasy.plugins.server.servlet.
HttpServletDispatcher.service(HttpServletDispatcher.java:56)
at org.jboss.resteasy.plugins.server.servlet.
HttpServletDispatcher.service(HttpServletDispatcher.java:51)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:790)
Please let me know, when do we get this error. I really appreciate your
help.
Thanks,
-Chandran
More information about the keycloak-user
mailing list