The way the RH-SSO documentation is written to configure the keystore is wrong.
The instruction provided are imprecise and lead to many errors.
It is not possible to configure the keystore of RH-SSO using Elytron with the instructions provided in the doc.
====> This make this part of the documentation totally unusable.
Section considered
8.3.1.2. Configure Red Hat Single Sign-On to Use the Keystore
https://access.redhat.com/documentation/en-us/red_hat_single_sign-on/7.6/html/server_installation_and_configuration_guide/network#configure_red_hat_single_sign_on_to_use_the_keystore
The main errors noticed are:
1) TLS 1.3 should not be used here, otherwise you obtain the message:
2022-11-24 12:35:56,130 ERROR [stderr] (default I/O-3) javax.net.ssl|ERROR|58|default I/O-3|2022-11-24 12:35:56.130 CET|TransportContext.java:345|Fatal (INTERNAL_ERROR): problem unwrapping net record (
2022-11-24 12:35:56,130 ERROR [stderr] (default I/O-3) "throwable" : {
2022-11-24 12:35:56,131 ERROR [stderr] (default I/O-3) javax.net.ssl.SSLHandshakeException: No appropriate protocol (protocol is disabled or cipher suites are inappropriate)
You should use TLS v1.2 instead TLS v1.3
/subsystem=elytron/server-ssl-context=httpsSSC:add(key-manager=httpsKM,protocols=[\"TLSv1.3\"])
2) The instructions that you have provided are incomplete, as you should indicate that you will no longer use the security realm.
You should mention the legacy security realm as undefined.
3) There should be a full validated example showcasing how it is possible to configure RH-SSO keystore with Elytron
================================================================================
The 2 main errors of the doc are:
IF you want to use TLS v1.3, you need to have:
a) JDK11
b) add specific ciphers suite for TLS v1.3