Uploaded image for project: 'Keycloak'
  1. Keycloak
  2. KEYCLOAK-14343

"Use Truststore SPI == Always" doesn't work with StartTLS

    Details

    • Sprint:
      Keycloak Sprint 40, Keycloak Sprint 41
    • Steps to Reproduce:
      Hide

      1) Setup LDAP server with StartTLS support
      2) Write Keycloak LDAP test utilizing LDAPConstants.USE_TRUSTSTORE_ALWAYS, connecting to the StartTLS-enabled LDAP server above.

      Current result:
      The test (LDAP search query) fails due to the truststore not being used within the StartTLS renegotiation.

      Expected result:
      The test works / Use Truststore SPI == Always setting works also with StartTLS.

      Show
      1) Setup LDAP server with StartTLS support 2) Write Keycloak LDAP test utilizing LDAPConstants.USE_TRUSTSTORE_ALWAYS , connecting to the StartTLS-enabled LDAP server above. Current result: The test (LDAP search query) fails due to the truststore not being used within the StartTLS renegotiation. Expected result: The test works / Use Truststore SPI == Always setting works also with StartTLS.
    • Docs QE Status:
      NEW
    • QE Status:
      NEW

      Description

      Requesting Use Truststore SPI == Always setting works properly with ldaps:// (LDAP over SSL connections). But doesn't work with StartTLS connections, since the default SSL socket factory (instead of the custom "org.keycloak.truststore.SSLSocketFactory", which is used as a result of the Use Truststore SPI == Always setting) is used, when performing the StartTLS (re)negotiation.

      Fix the Use Storage SPI == Always feature to work also with StartTLS connections.

        Gliffy Diagrams

          Attachments

            Issue Links

              Activity

                People

                • Assignee:
                  iankko Ján Lieskovský
                  Reporter:
                  iankko Ján Lieskovský
                • Votes:
                  0 Vote for this issue
                  Watchers:
                  1 Start watching this issue

                  Dates

                  • Created:
                    Updated:
                    Resolved: