Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Documentation/example for "trusted_certificate_authority" #121

Open
atoy3731 opened this issue Sep 30, 2020 · 3 comments
Open

Documentation/example for "trusted_certificate_authority" #121

atoy3731 opened this issue Sep 30, 2020 · 3 comments

Comments

@atoy3731
Copy link

Can an example be provided detailing how exactly to reference a multi-line trusted CA using the trusted_certificate_authority option. There's no way to tell if it is an escaped string with \n, a base-64 encoded value, or a pointer to a file that should be mounted into the container.

We've tried most of the above with no luck.
@perezjasonr
Copy link

perezjasonr commented Sep 16, 2021
edited
Loading

can we convert this to a proposal wherein that value is a base 64 encoded value? i tried that initially and it didn't seem to like that
the bookinfo example is a helm chart and it would be much easier to pass the value in that way.

@perezjasonr
Copy link

did you ever figure this out? i took the ca that is used to secure our keycloak w/ https (from cert manager)

its an escaped string with \n which i've seen other folks apparently doing.

but i keep getting:

[2021-09-17 14:18:33.365] [console] [trace] MatchesCallbackRequest: matches_callback: true
[2021-09-17 14:18:33.365] [console] [trace] RetrieveToken
[2021-09-17 14:18:33.365] [console] [trace] Post
[2021-09-17 14:18:33.365] [console] [info] Post: Trusting the provided certificate authority
[2021-09-17 14:18:33.365] [console] [info] Post: opening connection to keycloak.myredacteddomain.com:443
[2021-09-17 14:18:33.378] [console] [info] Post: unexpected exception: CERTIFICATE_VERIFY_FAILED
[2021-09-17 14:18:33.378] [console] [info] RetrieveToken: HTTP error encountered: IdP connection error
[2021-09-17 14:18:33.378] [console] [trace] Request processing complete
[2021-09-17 14:18:33.378] [console] [trace] Processing completion and deleting state
[2021-09-17 14:19:02.729] [console] [info] operator(): Starting periodic cleanup (period of 60 seconds)

when I do a curl call with the same ca in a file, it seems to be ok with the token endpoint:

curl --cacert ca.crt -L -X POST https://keycloak.myredacteddomain.com/auth/realms/endgame/protocol/openid-connect/token -H 'Content-Type: application/x-www-form-urlencoded' --data-urlencode 'client_id=bookinfo' --data-urlencode 'grant_type=password' --data-urlencode 'client_secret=same-secret-thats-in-the-configmap' --data-urlencode 'scope=openid' --data-urlencode 'username=user' --data-urlencode 'password=password'

@perezjasonr
Copy link

ok i think i finally got it...i think, for me what got past this was providing it the ca of keycloak's https endpoint. and in escaped string format w/ \ns i hope someone finds this useful

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@atoy3731 @perezjasonr