My WildFly application is configured for two-way TLS (HTTPS authentication certificate from client). When my application (servlet) does a “logout” it appears that the Keycloak server hits a URL on my WildFly application. This causes the following error in the keycloak log file:
failed: javax.net.ssl.SSLHandshakeException: Received fatal alert: bad_certificate
If I configure my WildFly application for “not” two-way, then I don’t get the error in the keycloak log file.
I know how to configure WildFly for two-way authentication when using the elytron undertow https-listener (ssl-context), but how do I configure Keycloak for two-way authentication (using the legacy security configuration)?
It appears that the Keycloak server uses the legacy WildFly security model (https-listener’s security-realm instead of ssl-context). And when might the default Keycloak server configuration (standalone.xml) be converted over to use the more modern elytron security model?