All,
I Successfully Installed Keycloak 17. I have created/configured realms without an issue. My issue is I’m unable to delete test realms for some reason.
My Environment:
- Ubuntu 20.04.4 LTS
- Keycloak 17.0.0
- JAVA openjdk version “11.0.14.1” 2022-02-08
- quarkus.version=2.7.0.Final
- Virtual Machine 4 CPU, 4 GB RAM, 500Gb HDD
- Firewall is disabled
- Selinux /Apparmor is not enabled
Setup Configuration:
./kc.sh start --https-certificate-file=/opt/keycloak-17.0.0/localhost.pem --https-certificate-key-file=/opt/keycloak-17.0.0/localhost.key.pem --https-protocols=TLSv1.3 --db-url-host=127.0.0.1 --db-url-database=keycloak --db-username=keycloak --db-password=keycloak --hostname=keycloak.domain.com:8443 --hostname-strict-backchannel=true
Example:
Create a realm called “help” and Enable it.
Now I want to delete that realm right after enabling it.
I navigated to master realm and under clients the realm called “help”…
Now I hit the deleted button on the far right of client called “help-realm”.
Next , after I click the red delete button I receive an error.
I also tried using the command
./kcadm.sh delete -x realms/help
I received the following error from the CLI
root@keycloak:/opt/keycloak-17.0.0/bin# ./kcadm.sh delete -x realms/help
HTTP request error: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
java.lang.RuntimeException: HTTP request error: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at org.keycloak.client.admin.cli.commands.AbstractRequestCmd.process(AbstractRequestCmd.java:352)
at org.keycloak.client.admin.cli.commands.AbstractRequestCmd.execute(AbstractRequestCmd.java:126)
at org.jboss.aesh.console.command.container.DefaultCommandContainer.executeCommand(DefaultCommandContainer.java:63)
at org.jboss.aesh.console.command.container.DefaultCommandContainer.executeCommand(DefaultCommandContainer.java:48)
at org.keycloak.client.admin.cli.aesh.AeshConsoleCallbackImpl.execute(AeshConsoleCallbackImpl.java:54)
at org.jboss.aesh.console.AeshProcess.run(AeshProcess.java:53)
at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1128)
at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628)
at java.base/java.lang.Thread.run(Thread.java:829)
Caused by: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at java.base/sun.security.ssl.Alert.createSSLException(Alert.java:131)
at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:352)
at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:295)
at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:290)
at java.base/sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1357)
at java.base/sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232)
at java.base/sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175)
at java.base/sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:392)
at java.base/sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:443)
at java.base/sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:421)
at java.base/sun.security.ssl.TransportContext.dispatch(TransportContext.java:182)
at java.base/sun.security.ssl.SSLTransport.decode(SSLTransport.java:172)
at java.base/sun.security.ssl.SSLSocketImpl.decode(SSLSocketImpl.java:1501)
at java.base/sun.security.ssl.SSLSocketImpl.readHandshakeRecord(SSLSocketImpl.java:1411)
at java.base/sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:451)
at java.base/sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:422)
at org.apache.http.conn.ssl.SSLConnectionSocketFactory.createLayeredSocket(SSLConnectionSocketFactory.java:436)
at org.apache.http.conn.ssl.SSLConnectionSocketFactory.connectSocket(SSLConnectionSocketFactory.java:384)
at org.apache.http.impl.conn.DefaultHttpClientConnectionOperator.connect(DefaultHttpClientConnectionOperator.java:142)
at org.apache.http.impl.conn.PoolingHttpClientConnectionManager.connect(PoolingHttpClientConnectionManager.java:376)
at org.apache.http.impl.execchain.MainClientExec.establishRoute(MainClientExec.java:393)
at org.apache.http.impl.execchain.MainClientExec.execute(MainClientExec.java:236)
at org.apache.http.impl.execchain.ProtocolExec.execute(ProtocolExec.java:186)
at org.apache.http.impl.execchain.RetryExec.execute(RetryExec.java:89)
at org.apache.http.impl.execchain.RedirectExec.execute(RedirectExec.java:110)
at org.apache.http.impl.client.InternalHttpClient.doExecute(InternalHttpClient.java:185)
at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:83)
at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:108)
at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:56)
at org.keycloak.client.admin.cli.util.HttpUtil.doRequest(HttpUtil.java:163)
at org.keycloak.client.admin.cli.commands.AbstractRequestCmd.process(AbstractRequestCmd.java:350)
... 8 more
Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at java.base/sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:439)
at java.base/sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306)
at java.base/sun.security.validator.Validator.validate(Validator.java:264)
at java.base/sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:313)
at java.base/sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:222)
at java.base/sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:129)
at java.base/sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1341)
... 34 more
Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at java.base/sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141)
at java.base/sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126)
at java.base/java.security.cert.CertPathBuilder.build(CertPathBuilder.java:297)
at java.base/sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:434)
... 40 more
Ok so I get the CLI, but why am I unable to delete a realm from the Web UI?
Not sure If its because of the installation or if I missed something.
Any help would be appreciate
Thanks in advance