Details

    • Steps to Reproduce:
      Hide

      Press 'Test Authentication' when editing the LDAP user federation instance .

      Show
      Press 'Test Authentication' when editing the LDAP user federation instance .
    • Docs QE Status:
      NEW
    • QE Status:
      NEW

      Description

      I'm trying to add LDAP user federation to keycloak running on the official docker image. I've used X509_CA_BUNDLE to add the CA certificate of our FreeIPA and it seems to be imported properly in the Java KeyStore file. But when editing the LDAP settings for the user federation provider I get success for 'Test Connection' and failure for 'Test Authentication'. The logs show:

      Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

      I've found https://lists.jboss.org/pipermail/keycloak-user/2018-October/015706.html, which describe adding a truststore SPI. But should this not be handled by the code handling X509_CA_BUNDLE, since the docker image is recreated when restarting keycloak?

        Gliffy Diagrams

          Attachments

            Issue Links

              Activity

                People

                • Assignee:
                  Unassigned
                  Reporter:
                  paultotterman Paul Tötterman
                • Votes:
                  0 Vote for this issue
                  Watchers:
                  1 Start watching this issue

                  Dates

                  • Created:
                    Updated:
                    Resolved: