You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
{{ message }}
This repository has been archived by the owner on Dec 7, 2020. It is now read-only.
I have a bitnami-docker-keycloak-gatekeeper that I am configuring to protect a backend published url. The Keycloak instance sits behind an HAproxy that requires SSL verification. When I use the TLS options in keycloak-gatekeeper config I get a handshake failure. I don't know if I'm using the configs incorrectly or if I'm using the wrong configs.
1.6061816580288205e+09 info keycloak-gatekeeper/server.go:84 starting the service {"prog": "keycloak-gatekeeper", "author": "Keycloak", "version": "10.0.0 (git+sha: , built: 15-05-2020)"}
1.606181658028976e+09 info keycloak-gatekeeper/server.go:694 attempting to retrieve configuration discovery url {"url": "https://smv.ossim.io/auth/realms/FOO", "timeout": "30s"}
1.6061816581014059e+09 warn keycloak-gatekeeper/server.go:700 failed to get provider configuration from discovery {"error": "Get \"https://smv.ossim.io/auth/realms/FOO/.well-known/openid-configuration\": remote error: tls: handshake failure"}
Results expected:
1.606181758990695e+09 info keycloak-gatekeeper/server.go:84 starting the service {"prog": "keycloak-gatekeeper", "author": "Keycloak", "version": "10.0.0 (git+sha: , built: 15-05-2020)"}
1.606181758990836e+09 info keycloak-gatekeeper/server.go:694 attempting to retrieve configuration discovery url {"url": "https://smv.ossim.io/auth/realms/FOO", "timeout": "30s"}
1.606181758994708e+09 info keycloak-gatekeeper/server.go:710 successfully retrieved openid configuration from the discovery
Additional information (config.yml):
# is the url for retrieve the OpenID configuration - normally the <server>/auth/realm/<realm_name>
verbose: true
discovery-url: https://smv.ossim.io/auth/realms/FOO
skip-openid-provider-tls-verify: false
tls-cert: /etc/ssl/certs/server_final.pem
tls-private-key: /etc/ssl/certs/server_key.pem
tls-ca-certificate: /etc/ssl/certs/ca_final.pem
# the client id for the 'client' application
client-id: gatekeeper
# the secret associated to the 'client' application
client-secret: d51b831e-e8b2-4fc5-8d4e-cb4cdf4ada32
listen: :3000
enable-refresh-tokens: true
enable-default-deny: true
# the encryption key used to encode the session state
encryption-key: EC02A10D23935F07D316345A0B973D76
# the upstream endpoint which we should proxy request
upstream-url: http://smv.ossim.io:5034/app/myapp
secure-cookie: false # needs to be false for http
resources:
- uri: /app/myapp
roles:
- users
Description
I have a bitnami-docker-keycloak-gatekeeper that I am configuring to protect a backend published url. The Keycloak instance sits behind an HAproxy that requires SSL verification. When I use the TLS options in keycloak-gatekeeper config I get a handshake failure. I don't know if I'm using the configs incorrectly or if I'm using the wrong configs.
I submitted this issue here (https://github.com/bitnami/bitnami-docker-keycloak-gatekeeper/issues/12) and was directed to the upstream devs
Steps to reproduce the issue:
keycloak-gatekeeper --config config.yml
]Results received:
Results expected:
Additional information (config.yml):
Additional information (output of curl):
Version
docker version
:docker info
:The text was updated successfully, but these errors were encountered: