We created LDAPS server with CA cert and tested in my client server with that cert then able to working.
Same thing tried Kubernetes keycloak container but ‘test authentication failing’
Kyecloak version - 3.0.0
- Created truststore.jks
keytool -import -alias ldapcert -keystore truststore.jks -file ca-certificates.crt -storepass changeit -noprompt
- Created Kubernetes secret
kubectl create secret generic ldap-keystore --from-file=truststore.jks
- Volume mount and JAVA_OPTS
extraEnv: |
- name: KEYCLOAK_USER
value: AdminUser
- name: KEYCLOAK_PASSWORD
value: AdminPassword
- name: PROXY_ADDRESS_FORWARDING
value: "true"
- name: JAVA_OPTS
value: >-
-XX:+UseContainerSupport
-XX:MaxRAMPercentage=50.0
-Djava.net.preferIPv4Stack=true
-Djboss.modules.system.pkgs=$JBOSS_MODULES_SYSTEM_PKGS
-Djava.awt.headless=true
-Djavax.net.ssl.trustStore=/opt/jboss/.cacerts/truststore.jks
-Djavax.net.ssl.trustStorePassword=LDAPS_TRUSTSTORE_PASSWORD
extraVolumes: |
- name: scert
secret:
secretName: ldap-keystore
extraVolumeMounts: |
- name: scert
mountPath: /opt/jboss/.cacerts
readOnly: true
Step 4
deployed keycloak trough HELM!
But getting below error
No truststore provider found - using default SSLSocketFactory
ERROR [org.keycloak.services] (default task-12) KC-SERVICES0055: Error when authenticating to LDAP: simple bind failed: <FQDN>:636: javax.naming.CommunicationException: simple bind failed: <FQDN>:636 [Root exception is javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target]