Reputation: 2236
Local Keycloak setup returns "Error: unable to verify the first certificate" nodejs error
Trying to use Keycloak as SSO running within Kubernetes cluster on minikube to authenticate demo nodejs app:
var express = require('express');
var session = require('express-session');
var Keycloak = require('keycloak-connect');
var cors = require('cors');
var app = express();
app.use(cors());
const memoryStore = new session.MemoryStore();
app.use(session({
secret: 'some secret',
resave: false,
saveUninitialized: true,
store: memoryStore
}));
var keycloakConfig = {
"realm": "Demo-Realm",
"auth-server-url": "https://keycloak.192.168.49.2.nip.io/auth/",
"ssl-required": "external",
"resource": "nodejs-microservice",
"verify-token-audience": true,
"credentials": {
"secret": "14de3a01-5c15-42fd-aa6a-fcc35c0961ff"
},
"use-resource-role-mappings": true,
"confidential-port": 0,
"policy-enforcer": {}
};
const keycloak = new Keycloak( { store : memoryStore }, keycloakConfig );
app.use(keycloak.middleware({
logout: '/logout',
admin: '/'
}));
app.get('/user', keycloak.protect('user'), function(req, res){
res.send("Hello User");
});
app.listen(3000, function () {
console.log('Started at port 3000');
});
But getting Access denied page when accessing http://localhost:3000/user with NodeJS console error: Could not obtain grant code: Error: unable to verify the first certificate
I have Demo-Realm realm created in Keycloak with such settings:
nodejs-microservice client:
Access Type: confidential
Valid Redirect URIs: http://localhost:3000/*
Authorization Enabled: ON
Roles: [ 'user', 'admin' ]
No login redirects happening (basic example works properly though). What could be the problem? How can I secure my NodeJS microservice with Keycloak?
Upvotes: 2
Views: 2242
Answers (1)
Reputation: 2236
Problem is somehow related to default self-signed certificate on Keycloak side. People recommend spending some time on obtaining proper certificate.
Can be temporary solved by muting certificate verification on NodeJS side with placing such line before api/express calls:
process.env['NODE_TLS_REJECT_UNAUTHORIZED'] = 0;
Upvotes: 6
Related Questions
- NodeJs and Keycloak Integration giving 403?
- Keycloak - Grant validation failed. Reason: invalid token (wrong ISS)
- TypeError: Cannot read property 'keycloak-token' of undefined
- Logging into Keycloak from NodeJS: 400 Bad Request
- Keycloak nodeJS always get 403
- Keycloak authentication issue
- How to fix: Cannot read property 'keycloak-token' of undefined in node js?
- How to fix 'TypeError: Cannot read property 'keycloak-token' of undefined' error in javascript?
- Getting "Invalid parameter: redirect_uri" trying NODE.JS authentication with KeyCloak
- Could not obtain grant code: Error: self signed certificate in certificate chain - NodeJS adapter Keycloak