-
Bug
-
Resolution: Not a Bug
-
Major
-
0.10.1
-
None
-
2020 Week 25-27 (from Jun 15), 2020 Week 28-30 (from Jul 6)
When I deploy the Kogito and Keycloak operators and then the KogitoInfra to create/configure the Keycloak instance:
apiVersion: app.kiegroup.org/v1alpha1
kind: KogitoInfra
metadata:
name: kogito-infra
namespace: cucumber-nero
spec:
installKeycloak: true
Then, when I run the tests using process-usertasks-with-security-oidc-springboot and the deployed Keycloak instance, it fails because:
2020-05-22 09:17:39.230 WARN 1 --- [0.0-8080-exec-4] o.keycloak.adapters.KeycloakDeployment : Failed to load URLs from https://keycloak-cucumber-nero.apps.playground.rhba.openshift-aws.rhocf-dev.com/auth/realms/kogito/.well-known/openid-configuration
javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at java.base/sun.security.ssl.Alert.createSSLException(Alert.java:131) ~[na:na]
Note that this is an environmental issue where the SSL certification is not valid. However, I think we should provide the ability to workaround this: in order to make this worked, we need to disable the trust manager by adding these properties:
- In Spring:
keycloak.disable-trust-manager=true
- In Quarkus:
quarkus.oidc.tls.verification=none