-
Type:
Bug
-
Status: Closed (View Workflow)
-
Priority:
Major
-
Resolution: Explained
-
Affects Version/s: 7.0.1
-
Fix Version/s: None
-
Component/s: User Federation - LDAP
-
Labels:None
-
Steps to Reproduce:
- Configure a User Federation against an LDAP server using ldaps that only supports TLS 1.1
- Use the "Test Authentication" button and get an error message.
-
Docs QE Status:NEW
-
QE Status:NEW
Since the new 7.0.1 Docker image is based on ubi-minimal:8, the underlying version of OpenJDK has changed from 8 to 11.
This breaks LDAPS connections against LDAP servers that only supports TLS 1.1 (in this case, an Active Directory 2012 R2 that can't be re-configured due to misc. reasons), with an error KC-SERVICES0055, + an exception javax.net.ssl.SSLHandshakeException; No appropriate protocol (protocol is disabled or cipher suites are inappropriate). Error when authenticating to LDAP; simple bind failed.
Exactly the same configuration worked with the 7.0.0 image based on jboss/base-jdk:8
PS: The versioning of Keycloak is a complete mess w.r.t. semantic version (which you probably don't follow anyways). Even though Keycloak was bumped to 7.0.1, the Docker image should really have its major version number bumped when you base it off a different base image with a different OpenJDK version.
- relates to
-
-
- Triage
-
