2 Replies Latest reply on Jun 17, 2019 6:11 AM by Gerd Brost

    SSL config problems with Keycloak 6.0.1

    Gerd Brost Newbie

      Hi all,


      i am trying to work my way into Keycloak. I am having some issues configuring SSL for my realm though. I would like to configure SSL so i can use X.509 certificate based authentication. I guess the error i am seeing is due to not correctly configuring SSL overall.


      The error i get is this:

      15:11:09,300 ERROR [org.jboss.as.controller.management-operation] (Controller Boot Thread) WFLYCTL0013: Operation ("add") failed - address: ([

          ("core-service" => "management"),

          ("security-realm" => "UndertowRealm")

      ]) - failure description: {

          "WFLYCTL0412: Required services that are not installed:" => ["jboss.server.path.\"~/keycloak-6.0.1/standalone/configuration\""],

          "WFLYCTL0180: Services with missing/unavailable dependencies" => [

              "org.wildfly.core.management.security.realm.UndertowRealm.trust-manager is missing [jboss.server.path.\"~/keycloak-6.0.1/standalone/configuration\"]",

              "org.wildfly.core.management.security.realm.UndertowRealm.key-manager is missing [jboss.server.path.\"~/keycloak-6.0.1/standalone/configuration\"]"



      What i did is:

      According to the documentation, i configured the security realm and added keystore and trust store:

                  <security-realm name="UndertowRealm">



                              <keystore path="dapsaisec-keystore.jks"






                          <truststore path="dapsaisec-truststore.jks"





      I configured the https listener:

                  <server name="default-server">

                      <http-listener name="default" socket-binding="http" redirect-socket="https" enable-http2="true"/>

                      <https-listener name="https" socket-binding="https" security-realm="UndertowRealm" enable-http2="true" verify-client="REQUIRED"/>

                      <host name="default-host" alias="localhost">

                          <location name="/" handler="welcome-content"/>

                          <http-invoker security-realm="UndertowRealm"/>



      And, to be complete, i configured the key store for the management interface:

                  <security-realm name="ApplicationRealm">



                              <keystore path="~/keycloak-6.0.1/standalone/configuration/dapsaisec-keystore.jks" relative-to="jboss.server.config.dir" keystore-password="pass$




      I dont really get the dependency of core-service: management

      and the security-realm: UndertowRealm             


      Could you give me a hand? Thank you