Keycloak Deleting Realm

All,

I Successfully Installed Keycloak 17. I have created/configured realms without an issue. My issue is I’m unable to delete test realms for some reason.

My Environment:

  • Ubuntu 20.04.4 LTS
  • Keycloak 17.0.0
  • JAVA openjdk version “11.0.14.1” 2022-02-08
  • quarkus.version=2.7.0.Final
  • Virtual Machine 4 CPU, 4 GB RAM, 500Gb HDD
  • Firewall is disabled
  • Selinux /Apparmor is not enabled

Setup Configuration:

./kc.sh start --https-certificate-file=/opt/keycloak-17.0.0/localhost.pem --https-certificate-key-file=/opt/keycloak-17.0.0/localhost.key.pem --https-protocols=TLSv1.3 --db-url-host=127.0.0.1 --db-url-database=keycloak --db-username=keycloak --db-password=keycloak --hostname=keycloak.domain.com:8443 --hostname-strict-backchannel=true

Example:
Create a realm called “help” and Enable it.

Now I want to delete that realm right after enabling it.
I navigated to master realm and under clients the realm called “help”…

Now I hit the deleted button on the far right of client called “help-realm”.

Next , after I click the red delete button I receive an error.

I also tried using the command

./kcadm.sh delete -x realms/help
I received the following error from the CLI

root@keycloak:/opt/keycloak-17.0.0/bin# ./kcadm.sh delete -x  realms/help
HTTP request error: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
java.lang.RuntimeException: HTTP request error: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
        at org.keycloak.client.admin.cli.commands.AbstractRequestCmd.process(AbstractRequestCmd.java:352)
        at org.keycloak.client.admin.cli.commands.AbstractRequestCmd.execute(AbstractRequestCmd.java:126)
        at org.jboss.aesh.console.command.container.DefaultCommandContainer.executeCommand(DefaultCommandContainer.java:63)
        at org.jboss.aesh.console.command.container.DefaultCommandContainer.executeCommand(DefaultCommandContainer.java:48)
        at org.keycloak.client.admin.cli.aesh.AeshConsoleCallbackImpl.execute(AeshConsoleCallbackImpl.java:54)
        at org.jboss.aesh.console.AeshProcess.run(AeshProcess.java:53)
        at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1128)
        at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628)
        at java.base/java.lang.Thread.run(Thread.java:829)
Caused by: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
        at java.base/sun.security.ssl.Alert.createSSLException(Alert.java:131)
        at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:352)
        at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:295)
        at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:290)
        at java.base/sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1357)
        at java.base/sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232)
        at java.base/sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175)
        at java.base/sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:392)
        at java.base/sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:443)
        at java.base/sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:421)
        at java.base/sun.security.ssl.TransportContext.dispatch(TransportContext.java:182)
        at java.base/sun.security.ssl.SSLTransport.decode(SSLTransport.java:172)
        at java.base/sun.security.ssl.SSLSocketImpl.decode(SSLSocketImpl.java:1501)
        at java.base/sun.security.ssl.SSLSocketImpl.readHandshakeRecord(SSLSocketImpl.java:1411)
        at java.base/sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:451)
        at java.base/sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:422)
        at org.apache.http.conn.ssl.SSLConnectionSocketFactory.createLayeredSocket(SSLConnectionSocketFactory.java:436)
        at org.apache.http.conn.ssl.SSLConnectionSocketFactory.connectSocket(SSLConnectionSocketFactory.java:384)
        at org.apache.http.impl.conn.DefaultHttpClientConnectionOperator.connect(DefaultHttpClientConnectionOperator.java:142)
        at org.apache.http.impl.conn.PoolingHttpClientConnectionManager.connect(PoolingHttpClientConnectionManager.java:376)
        at org.apache.http.impl.execchain.MainClientExec.establishRoute(MainClientExec.java:393)
        at org.apache.http.impl.execchain.MainClientExec.execute(MainClientExec.java:236)
        at org.apache.http.impl.execchain.ProtocolExec.execute(ProtocolExec.java:186)
        at org.apache.http.impl.execchain.RetryExec.execute(RetryExec.java:89)
        at org.apache.http.impl.execchain.RedirectExec.execute(RedirectExec.java:110)
        at org.apache.http.impl.client.InternalHttpClient.doExecute(InternalHttpClient.java:185)
        at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:83)
        at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:108)
        at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:56)
        at org.keycloak.client.admin.cli.util.HttpUtil.doRequest(HttpUtil.java:163)
        at org.keycloak.client.admin.cli.commands.AbstractRequestCmd.process(AbstractRequestCmd.java:350)
        ... 8 more
Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
        at java.base/sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:439)
        at java.base/sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306)
        at java.base/sun.security.validator.Validator.validate(Validator.java:264)
        at java.base/sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:313)
        at java.base/sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:222)
        at java.base/sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:129)
        at java.base/sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1341)
        ... 34 more
Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
        at java.base/sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141)
        at java.base/sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126)
        at java.base/java.security.cert.CertPathBuilder.build(CertPathBuilder.java:297)
        at java.base/sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:434)
        ... 40 more

Ok so I get the CLI, but why am I unable to delete a realm from the Web UI?
Not sure If its because of the installation or if I missed something.

Any help would be appreciate

Thanks in advance

Don‘t try to delete a realm through the clients section of the master realm.
In the admin UI, switch to the realm (top left select) and then hit the trashbin icon next to the realm name on the realm settings page.

1 Like

@dasniko

I’m feeling like a n00b over here.
This is resolved

Thank you :+1:

1 Like