Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Unable to connect springboot with keycloak #794

Open
Ajmalkhan7 opened this issue Sep 9, 2024 · 0 comments
Open

Unable to connect springboot with keycloak #794

Ajmalkhan7 opened this issue Sep 9, 2024 · 0 comments

Comments

@Ajmalkhan7
Copy link

Ajmalkhan7 commented Sep 9, 2024
edited
Loading

I have keycloak codecentric helm chart deployed and keycloak version is 25.0.0 and its up and running. I want to connect springboot application with keycloak.

But i am getting the following error

Couldn't retrieve remote JWK set: org.springframework.web.client.ResourceAccessException: I/O error on GET request for "https://example.com/auth/realms/RELAM_NAME/protocol/openid-connect/certs": PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

My application.yaml configurations for keycloak are as follows:

keycloak:
jwk-set-uri: https://example.com/auth/realms/REALM_NAME/protocol/openid-connect/certs
auth-server-url: https://example.com

keycloak-tenants:
auth-server-url: https://example.com
realms:
- CLI_ADMIN:
realm: REL_NAME
resource: CLI_ADMIN
principal-attribute:
admin-cli: false
client-secret: M
order: 1
- CLI_MASTER:
realm:
resource:
principal-attribute:
admin-cli: false
client-secret:
order: 2

security:
jwt:
issuers:
- https://example.com/auth/realms/REALM_NAME
- https://example.com/auth/realms/REALM_NAME

and values.yaml for code centric helm charts is as follows

command:

  • "/opt/keycloak/bin/kc.sh"
  • "start"
  • "--spi-events-listener-jboss-logging-success-level=info"
  • "--spi-events-listener-jboss-logging-error-level=warn"

extraEnv: |

  • name: KEYCLOAK_ADMIN
    value: admin
  • name: KEYCLOAK_ADMIN_PASSWORD
    value: admin
  • name: JAVA_OPTS_APPEND
    value: >-
    -Djgroups.dns.query={{ include "keycloak.fullname" . }}-headless
    -Dkeycloak.hostname=example.com
    -Dkeycloak.proxy=forward
  • name: KC_HOSTNAME_STRICT
    value: "false"
  • name: KC_HTTP_RELATIVE_PATH
    value: "/auth"
  • name: KC_CACHE_STACK
    value: kubernetes
  • name: KC_PROXY
    value: edge
  • name: HTTP_ADDRESS_FORWARDING
    value: "true"
  • name: KC_HOSTNAME
    value: example.com
  • name: KC_HEALTH_ENABLED
    value: "true"
  • name: KC_HTTP_ENABLED # SSL termnites at reverser proxy, need this enabled.
    value: "true"
  • name: KC_HOSTNAME_STRICT_HTTPS # SSL termnites at reverser proxy, need this disabled.
    value: "true"
  • name: KC_SPI_HOSTNAME_DEFAULT_ADMIN
    value: "example.com"
  • name: PROXY_ADDRESS_FORWARDING
    value: "true"
  • name: KEYCLOAK_PRODUCTION
    value: "true"

Any help on this would be highly appreciated.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@Ajmalkhan7