2 Replies Latest reply on Jun 17, 2019 6:11 AM by Gerd Brost

    SSL config problems with Keycloak 6.0.1

    Gerd Brost Newbie

      Hi all,

       

      i am trying to work my way into Keycloak. I am having some issues configuring SSL for my realm though. I would like to configure SSL so i can use X.509 certificate based authentication. I guess the error i am seeing is due to not correctly configuring SSL overall.

       

      The error i get is this:

      15:11:09,300 ERROR [org.jboss.as.controller.management-operation] (Controller Boot Thread) WFLYCTL0013: Operation ("add") failed - address: ([

          ("core-service" => "management"),

          ("security-realm" => "UndertowRealm")

      ]) - failure description: {

          "WFLYCTL0412: Required services that are not installed:" => ["jboss.server.path.\"~/keycloak-6.0.1/standalone/configuration\""],

          "WFLYCTL0180: Services with missing/unavailable dependencies" => [

              "org.wildfly.core.management.security.realm.UndertowRealm.trust-manager is missing [jboss.server.path.\"~/keycloak-6.0.1/standalone/configuration\"]",

              "org.wildfly.core.management.security.realm.UndertowRealm.key-manager is missing [jboss.server.path.\"~/keycloak-6.0.1/standalone/configuration\"]"

          ]

      }

      What i did is:

      According to the documentation, i configured the security realm and added keystore and trust store:

                  <security-realm name="UndertowRealm">

                      <server-identities>

                          <ssl>

                              <keystore path="dapsaisec-keystore.jks"

                                   relative-to="~/keycloak-6.0.1/standalone/configuration"

                                   keystore-password="password"/>

                          </ssl>

                      </server-identities>

                      <authentication>

                          <truststore path="dapsaisec-truststore.jks"

                                  relative-to="~/keycloak-6.0.1/standalone/configuration"

                                  keystore-password="password"/>

                      </authentication>

                  </security-realm>

      I configured the https listener:

                  <server name="default-server">

                      <http-listener name="default" socket-binding="http" redirect-socket="https" enable-http2="true"/>

                      <https-listener name="https" socket-binding="https" security-realm="UndertowRealm" enable-http2="true" verify-client="REQUIRED"/>

                      <host name="default-host" alias="localhost">

                          <location name="/" handler="welcome-content"/>

                          <http-invoker security-realm="UndertowRealm"/>

                      </host>

                  </server>

      And, to be complete, i configured the key store for the management interface:

                  <security-realm name="ApplicationRealm">

                      <server-identities>

                          <ssl>

                              <keystore path="~/keycloak-6.0.1/standalone/configuration/dapsaisec-keystore.jks" relative-to="jboss.server.config.dir" keystore-password="pass$

                          </ssl>

                      </server-identities>

           

      I dont really get the dependency of core-service: management

      and the security-realm: UndertowRealm             

       

      Could you give me a hand? Thank you