1

I have integration tests in my spring boot application and some tests need to get a token from Keycloak. Every communication is via SSL with a self-signed certificate.

When launching those tests I got that exception : 

SunCertPathBuilderException: unable to find valid certification path to requested target

The problem seem similar to Accept server's self-signed ssl certificate in Java client but this solution doesn't work for me.

This is where I get the token : 

private AccessTokenResponse getToken() throws GeneralSecurityException {        
        Keycloak keycloak = Keycloak.getInstance(keycloakAuthServerUrl, keycloakRealm, 
            login, password, keycloakResource, keycloakCredentialsSecret);
        return keycloak.tokenManager().getAccessToken();
    }
Julien
  • 2,078
  • 1
  • 22
  • 39
  • have you tried setting up keystore for keycloak https://www.keycloak.org/docs/latest/server_installation/index.html#enabling-ssl-https-for-the-keycloak-server – ravthiru Feb 12 '19 at 12:39

1 Answers1

1

As suggested in Accept server's self-signed ssl certificate in Java client , create a custom trust manager : 

import javax.net.ssl.X509TrustManager;

public class TestTrustManager implements X509TrustManager {

        @Override
        public java.security.cert.X509Certificate[] getAcceptedIssuers() {
            return new java.security.cert.X509Certificate[0];
        }
        @Override
        public void checkClientTrusted(java.security.cert.X509Certificate[] certs, String authType) {
        }
        @Override
        public void checkServerTrusted(java.security.cert.X509Certificate[] certs, String authType) {
        }
}

Then add it in the keycloak "constructor" :

private AccessTokenResponse getToken() throws GeneralSecurityException {
        // Install the all-trusting trust manager
        SSLContext sslContext = SSLContext.getInstance("SSL");
        sslContext.init(null, new TrustManager[] { new TestTrustManager() }, new java.security.SecureRandom());

        Keycloak keycloak = Keycloak.getInstance(keycloakAuthServerUrl, keycloakRealm, 
            login, password, keycloakResource, keycloakCredentialsSecret, sslContext); // <--- !!! ADD IT HERE !!!
        return keycloak.tokenManager().getAccessToken();
    }
Julien
  • 2,078
  • 1
  • 22
  • 39
  • I have only these keycloak properties: serverUr; realm; grantType; clientId; clientSecret...How can i modify the method getToken()? please help me...I need to trust ssl certificate – guidop21 May 17 '21 at 13:47