Open cjbackman opened 4 years ago
I have faced a similar issue where keycloak is using a certificate signed by our in-house root CA. It failed with the following error: failed to initialize server: server: Failed to open connector keycloak: failed to open connector: failed to create connector keycloak: failed to get provider: Get https://keycloak.domain.com/auth/realms/my-realm/.well-known/openid-configuration: x509 certificate signed by unknown authority However, I didn't see any options to bypass certificate verification or set root CA like we can do for ldap connector, ex: insecureSkipVerify: true and rootCAData: ( base64 encoded PEM file ) Really troubled with this issue, any suggestion is welcome, thanks.
hello :wave:
in a container/k8s context as a workaround you can mount your certificate as volume to /etc/ssl/certs/certificates.crt
I figured out this workaround too. Thanks anyway.
Hi,
I'm trying to integrate Dex with Keycloak using the OIDC connector. It fails however with the following error:
failed to initialize server: server: Failed to open connector keycloak: failed to open connector: failed to create connector keycloak: failed to get provider: Get https://keycloak.subdomain.domain.com/auth/realms/my-realm/.well-known/openid-configuration: x509: certificate is valid for *.subdomain.domain.com, not keycloak.subdomain.domain.com
I thought that a certificate for *.subdomain.domain.com ought to be valid for keycloak.subdomain.domain.com? Is there a way to resolve this issue? Any input is much appreciated.
Best, CJ