CODEWITHSUNDEEP
keycloakactivemq-artemis
Subhidh Agarwal
Subhidh Agarwal

Reputation: 181

Keycloak Integration with ActiveMQ Artemis

The keycloak instance is running in pod on AKS. I have configured the necessary variable to run it in production mode. The keycloak and ActiveMQ Artemis both are running on HTTPS.

When I am trying to login Artemis ActiveMQ Im getting the following error -

PS - I was able to login when both keycloak and ActiveMQ were on HTTP.

2023-05-19 06:48:04,070 INFO  [io.hawt.web.auth.keycloak.KeycloakServlet] Keycloak integration is enabled
2023-05-19 06:48:04,071 INFO  [io.hawt.web.auth.keycloak.KeycloakServlet] Will load keycloak config from location: /var/lib/artemis/etc/keycloak-js-client.json
2023-05-19 06:48:32,919 WARN  [org.keycloak.adapters.KeycloakDeployment] Failed to load URLs from https://xx.xx.xxx.xxx:8443/realms/artemis-keycloak-demo/.well-known/openid-configuration
javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
        at sun.security.ssl.Alert.createSSLException(Alert.java:130) ~[?:?]
        at sun.security.ssl.TransportContext.fatal(TransportContext.java:378) ~[?:?]
        at sun.security.ssl.TransportContext.fatal(TransportContext.java:321) ~[?:?]
        at sun.security.ssl.TransportContext.fatal(TransportContext.java:316) ~[?:?]
        at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1318) ~[?:?]
        at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1195) ~[?:?]
        at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1138) ~[?:?]
        at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:393) ~[?:?]
        at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:476) ~[?:?]
        at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:447) ~[?:?]
        at sun.security.ssl.TransportContext.dispatch(TransportContext.java:201) ~[?:?]
        at sun.security.ssl.SSLTransport.decode(SSLTransport.java:172) ~[?:?]
        at sun.security.ssl.SSLSocketImpl.decode(SSLSocketImpl.java:1506) ~[?:?]
        at sun.security.ssl.SSLSocketImpl.readHandshakeRecord(SSLSocketImpl.java:1421) ~[?:?]
        at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:455) ~[?:?]
        at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:426) ~[?:?]
        at org.apache.http.conn.ssl.SSLSocketFactory.createLayeredSocket(SSLSocketFactory.java:570) ~[httpclient-4.5.14.jar:4.5.14]
        at org.keycloak.adapters.SniSSLSocketFactory.createLayeredSocket(SniSSLSocketFactory.java:119) ~[keycloak-adapter-core-20.0.5.jar:20.0.5]
        at org.apache.http.conn.ssl.SSLSocketFactory.connectSocket(SSLSocketFactory.java:554) ~[httpclient-4.5.14.jar:4.5.14]
        at org.keycloak.adapters.SniSSLSocketFactory.connectSocket(SniSSLSocketFactory.java:114) ~[keycloak-adapter-core-20.0.5.jar:20.0.5]
        at org.apache.http.impl.conn.DefaultHttpClientConnectionOperator.connect(DefaultHttpClientConnectionOperator.java:142) ~[httpclient-4.5.14.jar:4.5.14]
        at org.apache.http.impl.conn.PoolingHttpClientConnectionManager.connect(PoolingHttpClientConnectionManager.java:376) ~[httpclient-4.5.14.jar:4.5.14]
        at org.apache.http.impl.execchain.MainClientExec.establishRoute(MainClientExec.java:393) ~[httpclient-4.5.14.jar:4.5.14]
        at org.apache.http.impl.execchain.MainClientExec.execute(MainClientExec.java:236) ~[httpclient-4.5.14.jar:4.5.14]
        at org.apache.http.impl.execchain.ProtocolExec.execute(ProtocolExec.java:186) ~[httpclient-4.5.14.jar:4.5.14]
        at org.apache.http.impl.execchain.RetryExec.execute(RetryExec.java:89) ~[httpclient-4.5.14.jar:4.5.14]
        at org.apache.http.impl.execchain.RedirectExec.execute(RedirectExec.java:110) ~[httpclient-4.5.14.jar:4.5.14]
        at org.apache.http.impl.client.InternalHttpClient.doExecute(InternalHttpClient.java:185) ~[httpclient-4.5.14.jar:4.5.14]
        at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:83) ~[httpclient-4.5.14.jar:4.5.14]
        at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:108) ~[httpclient-4.5.14.jar:4.5.14]
        at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:56) ~[httpclient-4.5.14.jar:4.5.14]
        at org.keycloak.adapters.KeycloakDeployment.getOidcConfiguration(KeycloakDeployment.java:230) ~[keycloak-adapter-core-20.0.5.jar:20.0.5]
        at org.keycloak.adapters.KeycloakDeployment.resolveUrls(KeycloakDeployment.java:182) ~[keycloak-adapter-core-20.0.5.jar:20.0.5]
        at org.keycloak.adapters.KeycloakDeployment.getRealmInfoUrl(KeycloakDeployment.java:246) ~[keycloak-adapter-core-20.0.5.jar:20.0.5]
        at org.keycloak.adapters.rotation.AdapterTokenVerifier.createVerifier(AdapterTokenVerifier.java:107) ~[keycloak-adapter-core-20.0.5.jar:20.0.5]
        at org.keycloak.adapters.rotation.AdapterTokenVerifier.verifyToken(AdapterTokenVerifier.java:47) ~[keycloak-adapter-core-20.0.5.jar:20.0.5]
        at org.keycloak.adapters.jaas.AbstractKeycloakLoginModule.bearerAuth(AbstractKeycloakLoginModule.java:205) ~[keycloak-adapter-core-20.0.5.jar:20.0.5]
        at org.keycloak.adapters.jaas.BearerTokenLoginModule.doAuth(BearerTokenLoginModule.java:37) ~[keycloak-adapter-core-20.0.5.jar:20.0.5]
        at org.keycloak.adapters.jaas.AbstractKeycloakLoginModule.login(AbstractKeycloakLoginModule.java:127) ~[keycloak-adapter-core-20.0.5.jar:20.0.5]

Do I need to add keycloak truststore somewhere in Artemis ActiveMQ?

Upvotes: 0

Views: 553

Answers (1)

Domenico Francesco Bruscino
Domenico Francesco Bruscino

Reputation: 2309

Use the system properties javax.net.ssl.trustStore and javax.net.ssl.trustStorePassword to set the trustStore for the Keycloak BearerTokenLoginModule, i.e.

-Djavax.net.ssl.trustStore=my-trustsore.jks -Djavax.net.ssl.trustStorePassword=my-truststore-password

Upvotes: 1

Related Questions