keycloak: add KC_HTTPS_TRUST_STORE_TYPE #108

sumit-bose · 2024-10-25T12:28:22Z

It looks like recent version of keycloak require that the
KC_HTTPS_TRUST_STORE_TYPE environment variable is set. Otherwise an
error like "kc.sh[54]: Unable to determine 'https-trust-store-type'
automatically. Adjust the file extension or specify the property." might
occur and keycloak fails to start.

It looks like recent version of keycloak require that the KC_HTTPS_TRUST_STORE_TYPE environment variable is set. Otherwise an error like "kc.sh[54]: Unable to determine 'https-trust-store-type' automatically. Adjust the file extension or specify the property." might occur and keycloak fails to start.

sumit-bose · 2024-10-25T12:47:52Z

Hi,

it looks like in recent version of keycloak KC_HTTPS_TRUST_STORE_FILE, KC_HTTPS_TRUST_STORE_PASSWORD and KC_HTTPS_TRUST_STORE_TYPE are deprecated in favor of System Truststore.

Additionally there are the messages

Oct 25 12:41:25 master.keycloak.test kc.sh[304]: 2024-10-25 12:41:25,881 WARN  [org.keycloak.services] (main) KC-SERVICES0110: Environment variable 'KEYCLOAK_ADMIN' is deprecated, use 'KC_BOOTSTRAP_ADMIN_USERNAME' instead
Oct 25 12:41:25 master.keycloak.test kc.sh[304]: 2024-10-25 12:41:25,881 WARN  [org.keycloak.services] (main) KC-SERVICES0110: Environment variable 'KEYCLOAK_ADMIN_PASSWORD' is deprecated, use 'KC_BOOTSTRAP_ADMIN_PASSWORD' instead

asking to change KEYCLOAK_ADMIN and KEYCLOAK_ADMIN_PASSWORD as well.

Since I wasn't sure about backwards compatibility I only added KC_HTTPS_TRUST_STORE_TYPE for the time being but I can prepare an additional pull-request with the other changes if needed as well.

bye,
Sumit

justin-stephenson

In ipa-tuura deployment we execute:

keytool -importcert -alias bridge -file /opt/keycloak/bridge.crt -keystore /opt/keycloak/keystore.jks -trustcacerts -storepass redhat -noprompt

Maybe it is enough to change the keystore file to have .jks filename extension?

sumit-bose · 2024-10-29T15:13:25Z

In ipa-tuura deployment we execute:
keytool -importcert -alias bridge -file /opt/keycloak/bridge.crt -keystore /opt/keycloak/keystore.jks -trustcacerts -storepass redhat -noprompt
Maybe it is enough to change the keystore file to have .jks filename extension?

Hi,

yes, this works for me as well, not sure what would be the preferable solution.

bye,
Sumit

justin-stephenson · 2024-10-29T15:17:09Z

In ipa-tuura deployment we execute:
keytool -importcert -alias bridge -file /opt/keycloak/bridge.crt -keystore /opt/keycloak/keystore.jks -trustcacerts -storepass redhat -noprompt
Maybe it is enough to change the keystore file to have .jks filename extension?
Hi,

yes, this works for me as well, not sure what would be the preferable solution.

bye, Sumit

I'm fine with either approach, Ack.

spoore1

I'm ok with the change.

alexey-tikhonov requested review from justin-stephenson and spoore1 October 29, 2024 13:42

alexey-tikhonov assigned justin-stephenson and spoore1 Oct 29, 2024

justin-stephenson reviewed Oct 29, 2024

View reviewed changes

justin-stephenson approved these changes Oct 29, 2024

View reviewed changes

spoore1 approved these changes Oct 29, 2024

View reviewed changes

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

keycloak: add KC_HTTPS_TRUST_STORE_TYPE #108

keycloak: add KC_HTTPS_TRUST_STORE_TYPE #108

sumit-bose commented Oct 25, 2024

sumit-bose commented Oct 25, 2024

justin-stephenson left a comment

sumit-bose commented Oct 29, 2024

justin-stephenson commented Oct 29, 2024

spoore1 left a comment

keycloak: add KC_HTTPS_TRUST_STORE_TYPE #108

Are you sure you want to change the base?

keycloak: add KC_HTTPS_TRUST_STORE_TYPE #108

Conversation

sumit-bose commented Oct 25, 2024

sumit-bose commented Oct 25, 2024

justin-stephenson left a comment

Choose a reason for hiding this comment

sumit-bose commented Oct 29, 2024

justin-stephenson commented Oct 29, 2024

spoore1 left a comment

Choose a reason for hiding this comment