Details
-
Bug
-
Resolution: Done
-
Critical
-
2.2.0.GA
-
None
Description
When installing CRW on a cluster configured with an authenticated proxy (with proxyUser and proxyPassword), the installation fails because the CRW server (wsmaster) cannot contact the Keycloak OIDC endpoint:
Caused by: java.lang.RuntimeException: Exception while retrieving OpenId configuration from endpoint: https://keycloak-dfestal-tests.apps.ci-ln-f38t0fk-d5d6b.origin-ci-int-aws.dev.rhcloud.com/auth/realms/codeready/.well-known/openid-configurationCaused by: java.lang.RuntimeException: Exception while retrieving OpenId configuration from endpoint: https://keycloak-dfestal-tests.apps.ci-ln-f38t0fk-d5d6b.origin-ci-int-aws.dev.rhcloud.com/auth/realms/codeready/.well-known/openid-configuration at org.eclipse.che.multiuser.keycloak.server.KeycloakSettings.<init>(KeycloakSettings.java:104) at org.eclipse.che.multiuser.keycloak.server.KeycloakSettings$$FastClassByGuice$$e0d0786b.newInstance(<generated>) at com.google.inject.internal.DefaultConstructionProxyFactory$FastClassProxy.newInstance(DefaultConstructionProxyFactory.java:89) at com.google.inject.internal.ConstructorInjector.provision(ConstructorInjector.java:114) at com.google.inject.internal.ConstructorInjector.construct(ConstructorInjector.java:91) at com.google.inject.internal.ConstructorBindingImpl$Factory.get(ConstructorBindingImpl.java:306) ... Caused by: java.io.IOException: Unable to tunnel through proxy. Proxy returns "HTTP/1.1 407 Proxy Authentication Required" at sun.net.www.protocol.http.HttpURLConnection.doTunneling(HttpURLConnection.java:2152) at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:183) at sun.net.www.protocol.http.HttpURLConnection.getInputStream0(HttpURLConnection.java:1570) at sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:1498) at sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream(HttpsURLConnectionImpl.java:268) at java.net.URL.openStream(URL.java:1068) at org.eclipse.che.multiuser.keycloak.server.KeycloakSettings.<init>(KeycloakSettings.java:97) ... 115 more
I checked in the Che config map, and in the Che server Java properties (through logs) and the proxyUser and proxyPassword properties seem to be correctly set
Part of the problem seems to be related to this issue: https://bugs.openjdk.java.net/browse/JDK-8197921
However when trying to apply the proposed solution, it doesn't seem sufficient to fix the issue. It might also require a code change to configure the default Authenticator, as suggested in https://blog.capsiel.fr/articles/bonnes-pratiques/java/java-proxy/