Cert Authentication Ext.Ajax.request()

[codwow]

Is there an existing issue for this?

• [X] I have searched the existing issues

Are you using the latest version of STIG Manager?

• [X] I am using the latest Release.
• [ ] I am NOT using the latest Release. I am aware that the first thing I will be asked to do is update the application so that I have the latest bugfixes.

Where are you experiencing the issue?

• [ ] API
• [X] UI or other client
• [X] Deployment
• [ ] Elsewhere

Current Behavior

Trying to setup x.509 authentication and running into an issue where it will redirect to keycloak and find my username via CN and redirect back to stig manager and produce Ext.Ajax.request() failed within the stig manager webpage, Im using keycloak 25.0.4. Im able to authenticate via cert without issue if I use a slightly modifed version of the stigman-orchestration with keycloak on 19.0.2

Expected Behavior

No response

Steps To Reproduce

No response

Can you provide screenshots, logs, or other useful artifacts?

In the stig manager log I see this error but I dont know what it means or what else to look at

"error":"error in secret or public key callback: unable to verify the first certificate","stack":"Unauthorized: error in secret or public key callback: unable to verify the first certificate\n at HttpError.create (/home/node/node_modules/express-openapi-validator/dist/framework/types.js:42:24)\n at /home/node/node_modules/express-openapi-validator/dist/middlewares/openapi.security.js:78:43\n at process.processTicksAndRejections (node:internal/process/task_queues:95:5)"

Describe your Environment

- Hosting: on-prem
- Browser: Edge
- OS: Windows (Client) RHEL 8.10 (Server)
- Node:
- npm:

[cd-rite]

Hi @codwow Your issue sounds very similar to this discussion in our forums, and may have the same solution: https://github.com/NUWCDIVNPT/stig-manager/discussions/1046#discussioncomment-6641894

In this case, it sounds like Keycloak was configured with an HTTPS URL (corresponding to the value specified by STIGMAN_OIDC_PROVIDER). If so, you will need to make the CA for the keycloak certificate available to STIGMan using the NODE_EXTRA_CA_CERTS environment variable (and provide that CA in a volume to the container, mapped to the location specified in the envvar).

Since this is most likely an issue with the deployment rather than the app, I'll close the issue for now. Check out that discussion and see if anything there helps, and perhaps open a discussion in our forums if you need to. If you still have issues, providing your docker-compose file (if using one) may be helpful as well.

[codwow]

I posted a discussion due to still having the issue: https://github.com/NUWCDIVNPT/stig-manager/discussions/1369