0

I'm running a Keycloak instance in standalone mode. I have configure the Keycloak as an OIDC federated IdP in the WSO2 IS and configured the WSO2 IS as a client in the Keycloak. I also have an application running which is connected to WSO2 IS and uses Keycloak for federated authentication. I can log into the application without any issues, but when I try to logout from the application, logout happens in the Keycloak but there's the following error in the Keycloak console,

[org.keycloak.services] (default task-17) KC-SERVICES0057: Logout for client 'WSO2-IS' failed: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

I tried creating a keystore, standalone/configuration/application.keystore and importing the certificate of the WSO2 IS to it and importing the certificate of the Keycloak to WSO2 IS keystore. But it didn't work. (Note that application.keystore wasn't in the standalone/configuration/ location even after the sever was started.)

I also followed this guide to setup a keystore but nothing seems to work.

Is there something I'm missing in this setup ?

Community
  • 1
  • 1
Thamindu Randil
  • 1
  • 3
  • Some intermediate CA certs may be missing. It's common problem of Let's Encrypt users. They don't import/configure intermediate certs, so proper verification path can be verified. – Jan Garaj Feb 02 '21 at 10:46
  • Thanks for the quick reply. After your comment I checked the certs in the keystore and it seems that the WSO2 IS certificate was not properly imported. Now the issue is solved. – Thamindu Randil Feb 02 '21 at 11:46

1 Answers1

0

Fixed the issue after checking the certs in the truststore of the Keycloak.

Reason: cert of the WSO2 IS was not properly imported and truststore was not properly configured.

Thamindu Randil
  • 1
  • 3