SSL config problems with Keycloak 6.0.1
fluffygtx Jun 14, 2019 5:48 AMHi all,
i am trying to work my way into Keycloak. I am having some issues configuring SSL for my realm though. I would like to configure SSL so i can use X.509 certificate based authentication. I guess the error i am seeing is due to not correctly configuring SSL overall.
The error i get is this:
15:11:09,300 ERROR [org.jboss.as.controller.management-operation] (Controller Boot Thread) WFLYCTL0013: Operation ("add") failed - address: ([
("core-service" => "management"),
("security-realm" => "UndertowRealm")
]) - failure description: {
"WFLYCTL0412: Required services that are not installed:" => ["jboss.server.path.\"~/keycloak-6.0.1/standalone/configuration\""],
"WFLYCTL0180: Services with missing/unavailable dependencies" => [
"org.wildfly.core.management.security.realm.UndertowRealm.trust-manager is missing [jboss.server.path.\"~/keycloak-6.0.1/standalone/configuration\"]",
"org.wildfly.core.management.security.realm.UndertowRealm.key-manager is missing [jboss.server.path.\"~/keycloak-6.0.1/standalone/configuration\"]"
]
}
What i did is:
According to the documentation, i configured the security realm and added keystore and trust store:
<security-realm name="UndertowRealm">
<server-identities>
<ssl>
<keystore path="dapsaisec-keystore.jks"
relative-to="~/keycloak-6.0.1/standalone/configuration"
keystore-password="password"/>
</ssl>
</server-identities>
<authentication>
<truststore path="dapsaisec-truststore.jks"
relative-to="~/keycloak-6.0.1/standalone/configuration"
keystore-password="password"/>
</authentication>
</security-realm>
I configured the https listener:
<server name="default-server">
<http-listener name="default" socket-binding="http" redirect-socket="https" enable-http2="true"/>
<https-listener name="https" socket-binding="https" security-realm="UndertowRealm" enable-http2="true" verify-client="REQUIRED"/>
<host name="default-host" alias="localhost">
<location name="/" handler="welcome-content"/>
<http-invoker security-realm="UndertowRealm"/>
</host>
</server>
And, to be complete, i configured the key store for the management interface:
<security-realm name="ApplicationRealm">
<server-identities>
<ssl>
<keystore path="~/keycloak-6.0.1/standalone/configuration/dapsaisec-keystore.jks" relative-to="jboss.server.config.dir" keystore-password="pass$
</ssl>
</server-identities>
I dont really get the dependency of core-service: management
and the security-realm: UndertowRealm
Could you give me a hand? Thank you