Lightrun
question-mark
Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

Keycloak plugin does not work in RH SSO Openshift image

See original GitHub issue

Describe the bug I added sasl plugin to a RH SSO image (downstream for Keycloak) but the ProtonServer throws an exception on startup - io.vertx.core.VertxException: Key/certificate is mandatory for SSL (full stack trace).

This seems to happen because of a different server config - diff here. Plugin seems to rely on a configuration options which are not present in configuration file for keycloak/RH SSO on openshift.

To Reproduce Deploy RH SSO with sasl plugin(.jar I used is hosted here) added to /opt/eap/providers Observe keycloak pod logs to see an exception mentioned above.

Expected behavior No exceptions in keycloak pod logs. Plugin working as expected.

Additional context I am working on Integreatly project, we would like to use external Keycloak instance because we already deploy one, and we have better control of it (HA configuration, monitoring, etc.).

Issue Analytics

  • State:closed
  • Created 4 years ago
  • Comments:14 (7 by maintainers)

github_iconTop GitHub Comments

1reaction
lulfcommented, May 6, 2020

Closing this, as we will not be able to fix this for the 0.32 release, and the release after that will not have Keycloak installed. (See #4391 )

0reactions
matskivcommented, Dec 12, 2019

@lulf I see. Thanks for clarifying.

In our use case the external keycloak will be shared. Also, users of that keycloak will be able to create realms with arbitrary name, so name collision with enmasse is a concern.

I like the idea of a lightweight authservice that would just get/watch MessagingUsers resources. It can be implemented as an external AuthenticationService first, and if you like, it can replace standard AuthenticationService (and built-in Keycloack). I’ll give it a shot in spare time.

Read more comments on GitHub >

github_iconTop Results From Across the Web

Red Hat Single Sign-On for OpenShift
Red Hat Single Sign-On (RH-SSO) is an integrated sign-on solution available as a Red Hat JBoss Middleware for OpenShift containerized image. The RH-SSO...
Read more >
Red Hat OpenShift GitOps release notes
Red Hat OpenShift GitOps Operator can make use of RHSSO (KeyCloak) through ... The Red Hat SSO (RH SSO) Operator is not supported...
Read more >
Java | GExperts Inc
This container file is referencing the default rh-sso image from Red Hat and then downloading and installing the Aerogear SPI extension. I ...
Read more >
Server Administration Guide
Keycloak is a single sign on solution for web apps and RESTful web ... Not-before revocation policies per realm, application and user.
Read more >
jboss/keycloak - Docker Image
Keycloak Server Docker image. Usage. To boot in standalone mode docker run jboss/keycloak. Expose on localhost. To be able to open Keycloak ......
Read more >

github_iconTop Related Medium Post

No results found

github_iconTop Related StackOverflow Question

No results found

github_iconTroubleshoot Live Code

Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free

github_iconTop Related Reddit Thread

No results found

github_iconTop Related Hackernoon Post

No results found

github_iconTop Related Tweet

No results found

github_iconTop Related Dev.to Post

No results found

github_iconTop Related Hashnode Post

No results found
Previous page

Add support for defining DLQ/expiry queue for an individual queue

Next page

Installation via OLM in specific namespace fails