KC version: 21.0.1
The FileTruststoreProviderFactory class is not being used for loading the truststore because:
Problem: I wanted to verify which certificates were loaded during and after startup. To do this, I added logging to the FileTruststoreProviderFactory class methods:
create(session) – is never called during keycloak statup
init(config)
postinit(factory)
The goal was to check if the TruststoreProvider was correctly set. However, the provider instance is always null in these methods. Here’s the snippet I used:
TruststoreProvider provider_ = TruststoreProviderSingleton.get();
log.info("-------------------provider: " + provider_);
Docker Compose Settings:
- KC_HTTPS_TRUST_STORE_FILE=/opt/keycloak/bin/TrustStore.jks
- KC_HTTPS_TRUST_STORE_TYPE=jks
- KC_HTTPS_TRUST_STORE_PASSWORD=**********
- KC_HTTPS_CLIENT_AUTH=request
Will there be any runtime resolution apart FileTruststoreProviderFactory?
Observation: During certificate-based authentication, the browser lists supported certificates, and upon selection, I can successfully log in using a certificate. But how?