Service Virtualization

yes Sankar,

We tried to import the same authentication-provides.xml which is working in 10.3.

In 10.6, Though its showing up all the entries on import in UI  and Test connection is working but Test Authentication failing with the imported password.

However we tried with the correct valid password as well, which still fails with error

Regards,
Harika Gonela

yes Sankar,

We tried to import the same authentication-provides.xml which is working in 10.3.

In 10.6, Though its showing up all the entries on import in UI  and Test connection is working but Test Authentication failing with the imported password.

However we tried with the correct valid password as well, which still fails with error

Regards,
Harika Gonela

2020-09-18 04:57:56,144 ERROR [org.keycloak.services] (default task-88) KC-SERVICES0055: Error when authenticating to LDAP: simple bind failed: sexxx.gxxx.xxx:xxx: javax.naming.CommunicationException: simple bind failed: sexxx.gxxx.xxx:xxx:636 [Root exception is javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target]

                at com.sun.jndi.ldap.LdapClient.authenticate(LdapClient.java:219)

                at com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2791)

                at com.sun.jndi.ldap.LdapCtx.<init>(LdapCtx.java:319)

                at com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(LdapCtxFactory.java:192)

                at com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(LdapCtxFactory.java:210)

                at com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(LdapCtxFactory.java:153)

                at com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(LdapCtxFactory.java:83)

                at org.jboss.as.naming.InitialContext.getDefaultInitCtx(InitialContext.java:116)

                at org.jboss.as.naming.InitialContext.init(InitialContext.java:101)

                at javax.naming.ldap.InitialLdapContext.<init>(InitialLdapContext.java:154)

                at org.jboss.as.naming.InitialContext.<init>(InitialContext.java:91)

                at org.jboss.as.naming.InitialContextFactory.getInitialContext(InitialContextFactory.java:43)

                at javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:684)

                at javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:313)

                at javax.naming.InitialContext.init(InitialContext.java:244)

                at javax.naming.ldap.InitialLdapContext.<init>(InitialLdapContext.java:154)

                at org.keycloak.services.managers.LDAPConnectionTestManager.testLDAP(LDAPConnectionTestManager.java:77)

                at org.keycloak.services.resources.admin.RealmAdminResource.testLDAPConnection(RealmAdminResource.java:813)

                at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)

                at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)

                at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)

                at java.lang.reflect.Method.invoke(Method.java:498)

                at org.jboss.resteasy.core.MethodInjectorImpl.invoke(MethodInjectorImpl.java:140)

                at org.jboss.resteasy.core.ResourceMethodInvoker.invokeOnTarget(ResourceMethodInvoker.java:295)

                at org.jboss.resteasy.core.ResourceMethodInvoker.invoke(ResourceMethodInvoker.java:249)

                at org.jboss.resteasy.core.ResourceLocatorInvoker.invokeOnTargetObject(ResourceLocatorInvoker.java:138)

                at org.jboss.resteasy.core.ResourceLocatorInvoker.invoke(ResourceLocatorInvoker.java:107)

                at org.jboss.resteasy.core.ResourceLocatorInvoker.invokeOnTargetObject(ResourceLocatorInvoker.java:133)

                at org.jboss.resteasy.core.ResourceLocatorInvoker.invoke(ResourceLocatorInvoker.java:101)

                at org.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:406)

                at org.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:213)

                at org.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:228)

                at org.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:56)

                at org.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:51)

                at javax.servlet.http.HttpServlet.service(HttpServlet.java:790)

                at io.undertow.servlet.handlers.ServletHandler.handleRequest(ServletHandler.java:85)

                at io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:129)

                at org.keycloak.services.filters.KeycloakSessionServletFilter.doFilter(KeycloakSessionServletFilter.java:90)

                at io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:61)

                at io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131)

                at io.undertow.servlet.handlers.FilterHandler.handleRequest(FilterHandler.java:84)

                at io.undertow.servlet.handlers.security.ServletSecurityRoleHandler.handleRequest(ServletSecurityRoleHandler.java:62)

                at io.undertow.servlet.handlers.ServletDispatchingHandler.handleRequest(ServletDispatchingHandler.java:36)

                at org.wildfly.extension.undertow.security.SecurityContextAssociationHandler.handleRequest(SecurityContextAssociationHandler.java:78)

                at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)

                at io.undertow.servlet.handlers.security.SSLInformationAssociationHandler.handleRequest(SSLInformationAssociationHandler.java:131)

                at io.undertow.servlet.handlers.security.ServletAuthenticationCallHandler.handleRequest(ServletAuthenticationCallHandler.java:57)

                at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)

                at io.undertow.security.handlers.AbstractConfidentialityHandler.handleRequest(AbstractConfidentialityHandler.java:46)

                at io.undertow.servlet.handlers.security.ServletConfidentialityConstraintHandler.handleRequest(ServletConfidentialityConstraintHandler.java:64)

                at io.undertow.security.handlers.AuthenticationMechanismsHandler.handleRequest(AuthenticationMechanismsHandler.java:60)

                at io.undertow.servlet.handlers.security.CachedAuthenticatedSessionHandler.handleRequest(CachedAuthenticatedSessionHandler.java:77)

                at io.undertow.security.handlers.NotificationReceiverHandler.handleRequest(NotificationReceiverHandler.java:50)

                at io.undertow.security.handlers.AbstractSecurityContextAssociationHandler.handleRequest(AbstractSecurityContextAssociationHandler.java:43)

                at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)

                at org.wildfly.extension.undertow.security.jacc.JACCContextIdHandler.handleRequest(JACCContextIdHandler.java:61)

                at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)

                at org.wildfly.extension.undertow.deployment.GlobalRequestControllerHandler.handleRequest(GlobalRequestControllerHandler.java:68)

                at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)

                at io.undertow.servlet.handlers.ServletInitialHandler.handleFirstRequest(ServletInitialHandler.java:292)

                at io.undertow.servlet.handlers.ServletInitialHandler.access$100(ServletInitialHandler.java:81)

                at io.undertow.servlet.handlers.ServletInitialHandler$2.call(ServletInitialHandler.java:138)

                at io.undertow.servlet.handlers.ServletInitialHandler$2.call(ServletInitialHandler.java:135)

                at io.undertow.servlet.core.ServletRequestContextThreadSetupAction$1.call(ServletRequestContextThreadSetupAction.java:48)

                at io.undertow.servlet.core.ContextClassLoaderSetupAction$1.call(ContextClassLoaderSetupAction.java:43)

                at org.wildfly.extension.undertow.security.SecurityContextThreadSetupAction.lambda$create$0(SecurityContextThreadSetupAction.java:105)

                at org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1508)

                at org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1508)

                at org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1508)

                at org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1508)

                at io.undertow.servlet.handlers.ServletInitialHandler.dispatchRequest(ServletInitialHandler.java:272)

                at io.undertow.servlet.handlers.ServletInitialHandler.access$000(ServletInitialHandler.java:81)

                at io.undertow.servlet.handlers.ServletInitialHandler$1.handleRequest(ServletInitialHandler.java:104)

                at io.undertow.server.Connectors.executeRootHandler(Connectors.java:326)

                at io.undertow.server.HttpServerExchange$1.run(HttpServerExchange.java:812)

                at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)

                at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)

                at java.lang.Thread.run(Thread.java:748)

Caused by: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

                at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)

                at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1946)

                at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:316)

                at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:310)

                at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1639)

                at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:223)

                at sun.security.ssl.Handshaker.processLoop(Handshaker.java:1037)

                at sun.security.ssl.Handshaker.process_record(Handshaker.java:965)

                at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1064)

                at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1367)

                at sun.security.ssl.SSLSocketImpl.writeRecord(SSLSocketImpl.java:750)

                at sun.security.ssl.AppOutputStream.write(AppOutputStream.java:123)

                at java.io.BufferedOutputStream.flushBuffer(BufferedOutputStream.java:82)

                at java.io.BufferedOutputStream.flush(BufferedOutputStream.java:140)

                at com.sun.jndi.ldap.Connection.writeRequest(Connection.java:443)

                at com.sun.jndi.ldap.Connection.writeRequest(Connection.java:416)

                at com.sun.jndi.ldap.LdapClient.ldapBind(LdapClient.java:359)

                at com.sun.jndi.ldap.LdapClient.authenticate(LdapClient.java:214)

                ... 77 more

Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

                at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:397)

                at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:302)

                at sun.security.validator.Validator.validate(Validator.java:262)

                at sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:330)

                at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:237)

                at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:132)

                at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1621)

                ... 90 more

Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

                at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141)

                at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126)

                at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:280)

                at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:392)

                ... 96 more

 
Regards,
Harika Gonela.

yes Sankar,

We tried to import the same authentication-provides.xml which is working in 10.3.

In 10.6, Though its showing up all the entries on import in UI  and Test connection is working but Test Authentication failing with the imported password.

However we tried with the correct valid password as well, which still fails with error

Regards,
Harika Gonela

2020-09-18 04:57:56,144 ERROR [org.keycloak.services] (default task-88) KC-SERVICES0055: Error when authenticating to LDAP: simple bind failed: sexxx.gxxx.xxx:xxx: javax.naming.CommunicationException: simple bind failed: sexxx.gxxx.xxx:xxx:636 [Root exception is javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target]

                at com.sun.jndi.ldap.LdapClient.authenticate(LdapClient.java:219)

                at com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2791)

                at com.sun.jndi.ldap.LdapCtx.<init>(LdapCtx.java:319)

                at com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(LdapCtxFactory.java:192)

                at com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(LdapCtxFactory.java:210)

                at com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(LdapCtxFactory.java:153)

                at com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(LdapCtxFactory.java:83)

                at org.jboss.as.naming.InitialContext.getDefaultInitCtx(InitialContext.java:116)

                at org.jboss.as.naming.InitialContext.init(InitialContext.java:101)

                at javax.naming.ldap.InitialLdapContext.<init>(InitialLdapContext.java:154)

                at org.jboss.as.naming.InitialContext.<init>(InitialContext.java:91)

                at org.jboss.as.naming.InitialContextFactory.getInitialContext(InitialContextFactory.java:43)

                at javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:684)

                at javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:313)

                at javax.naming.InitialContext.init(InitialContext.java:244)

                at javax.naming.ldap.InitialLdapContext.<init>(InitialLdapContext.java:154)

                at org.keycloak.services.managers.LDAPConnectionTestManager.testLDAP(LDAPConnectionTestManager.java:77)

                at org.keycloak.services.resources.admin.RealmAdminResource.testLDAPConnection(RealmAdminResource.java:813)

                at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)

                at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)

                at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)

                at java.lang.reflect.Method.invoke(Method.java:498)

                at org.jboss.resteasy.core.MethodInjectorImpl.invoke(MethodInjectorImpl.java:140)

                at org.jboss.resteasy.core.ResourceMethodInvoker.invokeOnTarget(ResourceMethodInvoker.java:295)

                at org.jboss.resteasy.core.ResourceMethodInvoker.invoke(ResourceMethodInvoker.java:249)

                at org.jboss.resteasy.core.ResourceLocatorInvoker.invokeOnTargetObject(ResourceLocatorInvoker.java:138)

                at org.jboss.resteasy.core.ResourceLocatorInvoker.invoke(ResourceLocatorInvoker.java:107)

                at org.jboss.resteasy.core.ResourceLocatorInvoker.invokeOnTargetObject(ResourceLocatorInvoker.java:133)

                at org.jboss.resteasy.core.ResourceLocatorInvoker.invoke(ResourceLocatorInvoker.java:101)

                at org.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:406)

                at org.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:213)

                at org.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:228)

                at org.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:56)

                at org.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:51)

                at javax.servlet.http.HttpServlet.service(HttpServlet.java:790)

                at io.undertow.servlet.handlers.ServletHandler.handleRequest(ServletHandler.java:85)

                at io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:129)

                at org.keycloak.services.filters.KeycloakSessionServletFilter.doFilter(KeycloakSessionServletFilter.java:90)

                at io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:61)

                at io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131)

                at io.undertow.servlet.handlers.FilterHandler.handleRequest(FilterHandler.java:84)

                at io.undertow.servlet.handlers.security.ServletSecurityRoleHandler.handleRequest(ServletSecurityRoleHandler.java:62)

                at io.undertow.servlet.handlers.ServletDispatchingHandler.handleRequest(ServletDispatchingHandler.java:36)

                at org.wildfly.extension.undertow.security.SecurityContextAssociationHandler.handleRequest(SecurityContextAssociationHandler.java:78)

                at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)

                at io.undertow.servlet.handlers.security.SSLInformationAssociationHandler.handleRequest(SSLInformationAssociationHandler.java:131)

                at io.undertow.servlet.handlers.security.ServletAuthenticationCallHandler.handleRequest(ServletAuthenticationCallHandler.java:57)

                at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)

                at io.undertow.security.handlers.AbstractConfidentialityHandler.handleRequest(AbstractConfidentialityHandler.java:46)

                at io.undertow.servlet.handlers.security.ServletConfidentialityConstraintHandler.handleRequest(ServletConfidentialityConstraintHandler.java:64)

                at io.undertow.security.handlers.AuthenticationMechanismsHandler.handleRequest(AuthenticationMechanismsHandler.java:60)

                at io.undertow.servlet.handlers.security.CachedAuthenticatedSessionHandler.handleRequest(CachedAuthenticatedSessionHandler.java:77)

                at io.undertow.security.handlers.NotificationReceiverHandler.handleRequest(NotificationReceiverHandler.java:50)

                at io.undertow.security.handlers.AbstractSecurityContextAssociationHandler.handleRequest(AbstractSecurityContextAssociationHandler.java:43)

                at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)

                at org.wildfly.extension.undertow.security.jacc.JACCContextIdHandler.handleRequest(JACCContextIdHandler.java:61)

                at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)

                at org.wildfly.extension.undertow.deployment.GlobalRequestControllerHandler.handleRequest(GlobalRequestControllerHandler.java:68)

                at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)

                at io.undertow.servlet.handlers.ServletInitialHandler.handleFirstRequest(ServletInitialHandler.java:292)

                at io.undertow.servlet.handlers.ServletInitialHandler.access$100(ServletInitialHandler.java:81)

                at io.undertow.servlet.handlers.ServletInitialHandler$2.call(ServletInitialHandler.java:138)

                at io.undertow.servlet.handlers.ServletInitialHandler$2.call(ServletInitialHandler.java:135)

                at io.undertow.servlet.core.ServletRequestContextThreadSetupAction$1.call(ServletRequestContextThreadSetupAction.java:48)

                at io.undertow.servlet.core.ContextClassLoaderSetupAction$1.call(ContextClassLoaderSetupAction.java:43)

                at org.wildfly.extension.undertow.security.SecurityContextThreadSetupAction.lambda$create$0(SecurityContextThreadSetupAction.java:105)

                at org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1508)

                at org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1508)

                at org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1508)

                at org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1508)

                at io.undertow.servlet.handlers.ServletInitialHandler.dispatchRequest(ServletInitialHandler.java:272)

                at io.undertow.servlet.handlers.ServletInitialHandler.access$000(ServletInitialHandler.java:81)

                at io.undertow.servlet.handlers.ServletInitialHandler$1.handleRequest(ServletInitialHandler.java:104)

                at io.undertow.server.Connectors.executeRootHandler(Connectors.java:326)

                at io.undertow.server.HttpServerExchange$1.run(HttpServerExchange.java:812)

                at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)

                at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)

                at java.lang.Thread.run(Thread.java:748)

Caused by: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

                at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)

                at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1946)

                at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:316)

                at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:310)

                at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1639)

                at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:223)

                at sun.security.ssl.Handshaker.processLoop(Handshaker.java:1037)

                at sun.security.ssl.Handshaker.process_record(Handshaker.java:965)

                at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1064)

                at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1367)

                at sun.security.ssl.SSLSocketImpl.writeRecord(SSLSocketImpl.java:750)

                at sun.security.ssl.AppOutputStream.write(AppOutputStream.java:123)

                at java.io.BufferedOutputStream.flushBuffer(BufferedOutputStream.java:82)

                at java.io.BufferedOutputStream.flush(BufferedOutputStream.java:140)

                at com.sun.jndi.ldap.Connection.writeRequest(Connection.java:443)

                at com.sun.jndi.ldap.Connection.writeRequest(Connection.java:416)

                at com.sun.jndi.ldap.LdapClient.ldapBind(LdapClient.java:359)

                at com.sun.jndi.ldap.LdapClient.authenticate(LdapClient.java:214)

                ... 77 more

Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

                at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:397)

                at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:302)

                at sun.security.validator.Validator.validate(Validator.java:262)

                at sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:330)

                at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:237)

                at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:132)

                at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1621)

                ... 90 more

Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

                at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141)

                at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126)

                at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:280)

                at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:392)

                ... 96 more

 
Regards,
Harika Gonela.

yes Sankar,

We tried to import the same authentication-provides.xml which is working in 10.3.

In 10.6, Though its showing up all the entries on import in UI  and Test connection is working but Test Authentication failing with the imported password.

However we tried with the correct valid password as well, which still fails with error

Regards,
Harika Gonela

we are seeing below error when trying to add the ssl cert to iam-truststore.ks 
keytool error: java.io.IOException: Keystore was tampered with, or password was incorrect

2020-09-18 04:57:56,144 ERROR [org.keycloak.services] (default task-88) KC-SERVICES0055: Error when authenticating to LDAP: simple bind failed: sexxx.gxxx.xxx:xxx: javax.naming.CommunicationException: simple bind failed: sexxx.gxxx.xxx:xxx:636 [Root exception is javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target]

                at com.sun.jndi.ldap.LdapClient.authenticate(LdapClient.java:219)

                at com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2791)

                at com.sun.jndi.ldap.LdapCtx.<init>(LdapCtx.java:319)

                at com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(LdapCtxFactory.java:192)

                at com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(LdapCtxFactory.java:210)

                at com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(LdapCtxFactory.java:153)

                at com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(LdapCtxFactory.java:83)

                at org.jboss.as.naming.InitialContext.getDefaultInitCtx(InitialContext.java:116)

                at org.jboss.as.naming.InitialContext.init(InitialContext.java:101)

                at javax.naming.ldap.InitialLdapContext.<init>(InitialLdapContext.java:154)

                at org.jboss.as.naming.InitialContext.<init>(InitialContext.java:91)

                at org.jboss.as.naming.InitialContextFactory.getInitialContext(InitialContextFactory.java:43)

                at javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:684)

                at javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:313)

                at javax.naming.InitialContext.init(InitialContext.java:244)

                at javax.naming.ldap.InitialLdapContext.<init>(InitialLdapContext.java:154)

                at org.keycloak.services.managers.LDAPConnectionTestManager.testLDAP(LDAPConnectionTestManager.java:77)

                at org.keycloak.services.resources.admin.RealmAdminResource.testLDAPConnection(RealmAdminResource.java:813)

                at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)

                at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)

                at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)

                at java.lang.reflect.Method.invoke(Method.java:498)

                at org.jboss.resteasy.core.MethodInjectorImpl.invoke(MethodInjectorImpl.java:140)

                at org.jboss.resteasy.core.ResourceMethodInvoker.invokeOnTarget(ResourceMethodInvoker.java:295)

                at org.jboss.resteasy.core.ResourceMethodInvoker.invoke(ResourceMethodInvoker.java:249)

                at org.jboss.resteasy.core.ResourceLocatorInvoker.invokeOnTargetObject(ResourceLocatorInvoker.java:138)

                at org.jboss.resteasy.core.ResourceLocatorInvoker.invoke(ResourceLocatorInvoker.java:107)

                at org.jboss.resteasy.core.ResourceLocatorInvoker.invokeOnTargetObject(ResourceLocatorInvoker.java:133)

                at org.jboss.resteasy.core.ResourceLocatorInvoker.invoke(ResourceLocatorInvoker.java:101)

                at org.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:406)

                at org.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:213)

                at org.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:228)

                at org.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:56)

                at org.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:51)

                at javax.servlet.http.HttpServlet.service(HttpServlet.java:790)

                at io.undertow.servlet.handlers.ServletHandler.handleRequest(ServletHandler.java:85)

                at io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:129)

                at org.keycloak.services.filters.KeycloakSessionServletFilter.doFilter(KeycloakSessionServletFilter.java:90)

                at io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:61)

                at io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131)

                at io.undertow.servlet.handlers.FilterHandler.handleRequest(FilterHandler.java:84)

                at io.undertow.servlet.handlers.security.ServletSecurityRoleHandler.handleRequest(ServletSecurityRoleHandler.java:62)

                at io.undertow.servlet.handlers.ServletDispatchingHandler.handleRequest(ServletDispatchingHandler.java:36)

                at org.wildfly.extension.undertow.security.SecurityContextAssociationHandler.handleRequest(SecurityContextAssociationHandler.java:78)

                at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)

                at io.undertow.servlet.handlers.security.SSLInformationAssociationHandler.handleRequest(SSLInformationAssociationHandler.java:131)

                at io.undertow.servlet.handlers.security.ServletAuthenticationCallHandler.handleRequest(ServletAuthenticationCallHandler.java:57)

                at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)

                at io.undertow.security.handlers.AbstractConfidentialityHandler.handleRequest(AbstractConfidentialityHandler.java:46)

                at io.undertow.servlet.handlers.security.ServletConfidentialityConstraintHandler.handleRequest(ServletConfidentialityConstraintHandler.java:64)

                at io.undertow.security.handlers.AuthenticationMechanismsHandler.handleRequest(AuthenticationMechanismsHandler.java:60)

                at io.undertow.servlet.handlers.security.CachedAuthenticatedSessionHandler.handleRequest(CachedAuthenticatedSessionHandler.java:77)

                at io.undertow.security.handlers.NotificationReceiverHandler.handleRequest(NotificationReceiverHandler.java:50)

                at io.undertow.security.handlers.AbstractSecurityContextAssociationHandler.handleRequest(AbstractSecurityContextAssociationHandler.java:43)

                at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)

                at org.wildfly.extension.undertow.security.jacc.JACCContextIdHandler.handleRequest(JACCContextIdHandler.java:61)

                at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)

                at org.wildfly.extension.undertow.deployment.GlobalRequestControllerHandler.handleRequest(GlobalRequestControllerHandler.java:68)

                at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)

                at io.undertow.servlet.handlers.ServletInitialHandler.handleFirstRequest(ServletInitialHandler.java:292)

                at io.undertow.servlet.handlers.ServletInitialHandler.access$100(ServletInitialHandler.java:81)

                at io.undertow.servlet.handlers.ServletInitialHandler$2.call(ServletInitialHandler.java:138)

                at io.undertow.servlet.handlers.ServletInitialHandler$2.call(ServletInitialHandler.java:135)

                at io.undertow.servlet.core.ServletRequestContextThreadSetupAction$1.call(ServletRequestContextThreadSetupAction.java:48)

                at io.undertow.servlet.core.ContextClassLoaderSetupAction$1.call(ContextClassLoaderSetupAction.java:43)

                at org.wildfly.extension.undertow.security.SecurityContextThreadSetupAction.lambda$create$0(SecurityContextThreadSetupAction.java:105)

                at org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1508)

                at org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1508)

                at org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1508)

                at org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1508)

                at io.undertow.servlet.handlers.ServletInitialHandler.dispatchRequest(ServletInitialHandler.java:272)

                at io.undertow.servlet.handlers.ServletInitialHandler.access$000(ServletInitialHandler.java:81)

                at io.undertow.servlet.handlers.ServletInitialHandler$1.handleRequest(ServletInitialHandler.java:104)

                at io.undertow.server.Connectors.executeRootHandler(Connectors.java:326)

                at io.undertow.server.HttpServerExchange$1.run(HttpServerExchange.java:812)

                at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)

                at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)

                at java.lang.Thread.run(Thread.java:748)

Caused by: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

                at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)

                at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1946)

                at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:316)

                at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:310)

                at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1639)

                at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:223)

                at sun.security.ssl.Handshaker.processLoop(Handshaker.java:1037)

                at sun.security.ssl.Handshaker.process_record(Handshaker.java:965)

                at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1064)

                at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1367)

                at sun.security.ssl.SSLSocketImpl.writeRecord(SSLSocketImpl.java:750)

                at sun.security.ssl.AppOutputStream.write(AppOutputStream.java:123)

                at java.io.BufferedOutputStream.flushBuffer(BufferedOutputStream.java:82)

                at java.io.BufferedOutputStream.flush(BufferedOutputStream.java:140)

                at com.sun.jndi.ldap.Connection.writeRequest(Connection.java:443)

                at com.sun.jndi.ldap.Connection.writeRequest(Connection.java:416)

                at com.sun.jndi.ldap.LdapClient.ldapBind(LdapClient.java:359)

                at com.sun.jndi.ldap.LdapClient.authenticate(LdapClient.java:214)

                ... 77 more

Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

                at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:397)

                at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:302)

                at sun.security.validator.Validator.validate(Validator.java:262)

                at sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:330)

                at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:237)

                at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:132)

                at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1621)

                ... 90 more

Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

                at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141)

                at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126)

                at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:280)

                at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:392)

                ... 96 more

 
Regards,
Harika Gonela.

yes Sankar,

We tried to import the same authentication-provides.xml which is working in 10.3.

In 10.6, Though its showing up all the entries on import in UI  and Test connection is working but Test Authentication failing with the imported password.

However we tried with the correct valid password as well, which still fails with error

Regards,
Harika Gonela

we are seeing below error when trying to add the ssl cert to iam-truststore.ks 
keytool error: java.io.IOException: Keystore was tampered with, or password was incorrect

2020-09-18 04:57:56,144 ERROR [org.keycloak.services] (default task-88) KC-SERVICES0055: Error when authenticating to LDAP: simple bind failed: sexxx.gxxx.xxx:xxx: javax.naming.CommunicationException: simple bind failed: sexxx.gxxx.xxx:xxx:636 [Root exception is javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target]

                at com.sun.jndi.ldap.LdapClient.authenticate(LdapClient.java:219)

                at com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2791)

                at com.sun.jndi.ldap.LdapCtx.<init>(LdapCtx.java:319)

                at com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(LdapCtxFactory.java:192)

                at com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(LdapCtxFactory.java:210)

                at com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(LdapCtxFactory.java:153)

                at com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(LdapCtxFactory.java:83)

                at org.jboss.as.naming.InitialContext.getDefaultInitCtx(InitialContext.java:116)

                at org.jboss.as.naming.InitialContext.init(InitialContext.java:101)

                at javax.naming.ldap.InitialLdapContext.<init>(InitialLdapContext.java:154)

                at org.jboss.as.naming.InitialContext.<init>(InitialContext.java:91)

                at org.jboss.as.naming.InitialContextFactory.getInitialContext(InitialContextFactory.java:43)

                at javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:684)

                at javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:313)

                at javax.naming.InitialContext.init(InitialContext.java:244)

                at javax.naming.ldap.InitialLdapContext.<init>(InitialLdapContext.java:154)

                at org.keycloak.services.managers.LDAPConnectionTestManager.testLDAP(LDAPConnectionTestManager.java:77)

                at org.keycloak.services.resources.admin.RealmAdminResource.testLDAPConnection(RealmAdminResource.java:813)

                at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)

                at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)

                at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)

                at java.lang.reflect.Method.invoke(Method.java:498)

                at org.jboss.resteasy.core.MethodInjectorImpl.invoke(MethodInjectorImpl.java:140)

                at org.jboss.resteasy.core.ResourceMethodInvoker.invokeOnTarget(ResourceMethodInvoker.java:295)

                at org.jboss.resteasy.core.ResourceMethodInvoker.invoke(ResourceMethodInvoker.java:249)

                at org.jboss.resteasy.core.ResourceLocatorInvoker.invokeOnTargetObject(ResourceLocatorInvoker.java:138)

                at org.jboss.resteasy.core.ResourceLocatorInvoker.invoke(ResourceLocatorInvoker.java:107)

                at org.jboss.resteasy.core.ResourceLocatorInvoker.invokeOnTargetObject(ResourceLocatorInvoker.java:133)

                at org.jboss.resteasy.core.ResourceLocatorInvoker.invoke(ResourceLocatorInvoker.java:101)

                at org.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:406)

                at org.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:213)

                at org.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:228)

                at org.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:56)

                at org.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:51)

                at javax.servlet.http.HttpServlet.service(HttpServlet.java:790)

                at io.undertow.servlet.handlers.ServletHandler.handleRequest(ServletHandler.java:85)

                at io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:129)

                at org.keycloak.services.filters.KeycloakSessionServletFilter.doFilter(KeycloakSessionServletFilter.java:90)

                at io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:61)

                at io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131)

                at io.undertow.servlet.handlers.FilterHandler.handleRequest(FilterHandler.java:84)

                at io.undertow.servlet.handlers.security.ServletSecurityRoleHandler.handleRequest(ServletSecurityRoleHandler.java:62)

                at io.undertow.servlet.handlers.ServletDispatchingHandler.handleRequest(ServletDispatchingHandler.java:36)

                at org.wildfly.extension.undertow.security.SecurityContextAssociationHandler.handleRequest(SecurityContextAssociationHandler.java:78)

                at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)

                at io.undertow.servlet.handlers.security.SSLInformationAssociationHandler.handleRequest(SSLInformationAssociationHandler.java:131)

                at io.undertow.servlet.handlers.security.ServletAuthenticationCallHandler.handleRequest(ServletAuthenticationCallHandler.java:57)

                at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)

                at io.undertow.security.handlers.AbstractConfidentialityHandler.handleRequest(AbstractConfidentialityHandler.java:46)

                at io.undertow.servlet.handlers.security.ServletConfidentialityConstraintHandler.handleRequest(ServletConfidentialityConstraintHandler.java:64)

                at io.undertow.security.handlers.AuthenticationMechanismsHandler.handleRequest(AuthenticationMechanismsHandler.java:60)

                at io.undertow.servlet.handlers.security.CachedAuthenticatedSessionHandler.handleRequest(CachedAuthenticatedSessionHandler.java:77)

                at io.undertow.security.handlers.NotificationReceiverHandler.handleRequest(NotificationReceiverHandler.java:50)

                at io.undertow.security.handlers.AbstractSecurityContextAssociationHandler.handleRequest(AbstractSecurityContextAssociationHandler.java:43)

                at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)

                at org.wildfly.extension.undertow.security.jacc.JACCContextIdHandler.handleRequest(JACCContextIdHandler.java:61)

                at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)

                at org.wildfly.extension.undertow.deployment.GlobalRequestControllerHandler.handleRequest(GlobalRequestControllerHandler.java:68)

                at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)

                at io.undertow.servlet.handlers.ServletInitialHandler.handleFirstRequest(ServletInitialHandler.java:292)

                at io.undertow.servlet.handlers.ServletInitialHandler.access$100(ServletInitialHandler.java:81)

                at io.undertow.servlet.handlers.ServletInitialHandler$2.call(ServletInitialHandler.java:138)

                at io.undertow.servlet.handlers.ServletInitialHandler$2.call(ServletInitialHandler.java:135)

                at io.undertow.servlet.core.ServletRequestContextThreadSetupAction$1.call(ServletRequestContextThreadSetupAction.java:48)

                at io.undertow.servlet.core.ContextClassLoaderSetupAction$1.call(ContextClassLoaderSetupAction.java:43)

                at org.wildfly.extension.undertow.security.SecurityContextThreadSetupAction.lambda$create$0(SecurityContextThreadSetupAction.java:105)

                at org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1508)

                at org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1508)

                at org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1508)

                at org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1508)

                at io.undertow.servlet.handlers.ServletInitialHandler.dispatchRequest(ServletInitialHandler.java:272)

                at io.undertow.servlet.handlers.ServletInitialHandler.access$000(ServletInitialHandler.java:81)

                at io.undertow.servlet.handlers.ServletInitialHandler$1.handleRequest(ServletInitialHandler.java:104)

                at io.undertow.server.Connectors.executeRootHandler(Connectors.java:326)

                at io.undertow.server.HttpServerExchange$1.run(HttpServerExchange.java:812)

                at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)

                at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)

                at java.lang.Thread.run(Thread.java:748)

Caused by: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

                at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)

                at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1946)

                at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:316)

                at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:310)

                at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1639)

                at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:223)

                at sun.security.ssl.Handshaker.processLoop(Handshaker.java:1037)

                at sun.security.ssl.Handshaker.process_record(Handshaker.java:965)

                at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1064)

                at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1367)

                at sun.security.ssl.SSLSocketImpl.writeRecord(SSLSocketImpl.java:750)

                at sun.security.ssl.AppOutputStream.write(AppOutputStream.java:123)

                at java.io.BufferedOutputStream.flushBuffer(BufferedOutputStream.java:82)

                at java.io.BufferedOutputStream.flush(BufferedOutputStream.java:140)

                at com.sun.jndi.ldap.Connection.writeRequest(Connection.java:443)

                at com.sun.jndi.ldap.Connection.writeRequest(Connection.java:416)

                at com.sun.jndi.ldap.LdapClient.ldapBind(LdapClient.java:359)

                at com.sun.jndi.ldap.LdapClient.authenticate(LdapClient.java:214)

                ... 77 more

Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

                at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:397)

                at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:302)

                at sun.security.validator.Validator.validate(Validator.java:262)

                at sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:330)

                at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:237)

                at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:132)

                at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1621)

                ... 90 more

Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

                at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141)

                at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126)

                at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:280)

                at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:392)

                ... 96 more

 
Regards,
Harika Gonela.

yes Sankar,

We tried to import the same authentication-provides.xml which is working in 10.3.

In 10.6, Though its showing up all the entries on import in UI  and Test connection is working but Test Authentication failing with the imported password.

However we tried with the correct valid password as well, which still fails with error

Regards,
Harika Gonela

we are seeing below error when trying to add the ssl cert to iam-truststore.ks 
keytool error: java.io.IOException: Keystore was tampered with, or password was incorrect

2020-09-18 04:57:56,144 ERROR [org.keycloak.services] (default task-88) KC-SERVICES0055: Error when authenticating to LDAP: simple bind failed: sexxx.gxxx.xxx:xxx: javax.naming.CommunicationException: simple bind failed: sexxx.gxxx.xxx:xxx:636 [Root exception is javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target]

                at com.sun.jndi.ldap.LdapClient.authenticate(LdapClient.java:219)

                at com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2791)

                at com.sun.jndi.ldap.LdapCtx.<init>(LdapCtx.java:319)

                at com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(LdapCtxFactory.java:192)

                at com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(LdapCtxFactory.java:210)

                at com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(LdapCtxFactory.java:153)

                at com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(LdapCtxFactory.java:83)

                at org.jboss.as.naming.InitialContext.getDefaultInitCtx(InitialContext.java:116)

                at org.jboss.as.naming.InitialContext.init(InitialContext.java:101)

                at javax.naming.ldap.InitialLdapContext.<init>(InitialLdapContext.java:154)

                at org.jboss.as.naming.InitialContext.<init>(InitialContext.java:91)

                at org.jboss.as.naming.InitialContextFactory.getInitialContext(InitialContextFactory.java:43)

                at javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:684)

                at javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:313)

                at javax.naming.InitialContext.init(InitialContext.java:244)

                at javax.naming.ldap.InitialLdapContext.<init>(InitialLdapContext.java:154)

                at org.keycloak.services.managers.LDAPConnectionTestManager.testLDAP(LDAPConnectionTestManager.java:77)

                at org.keycloak.services.resources.admin.RealmAdminResource.testLDAPConnection(RealmAdminResource.java:813)

                at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)

                at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)

                at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)

                at java.lang.reflect.Method.invoke(Method.java:498)

                at org.jboss.resteasy.core.MethodInjectorImpl.invoke(MethodInjectorImpl.java:140)

                at org.jboss.resteasy.core.ResourceMethodInvoker.invokeOnTarget(ResourceMethodInvoker.java:295)

                at org.jboss.resteasy.core.ResourceMethodInvoker.invoke(ResourceMethodInvoker.java:249)

                at org.jboss.resteasy.core.ResourceLocatorInvoker.invokeOnTargetObject(ResourceLocatorInvoker.java:138)

                at org.jboss.resteasy.core.ResourceLocatorInvoker.invoke(ResourceLocatorInvoker.java:107)

                at org.jboss.resteasy.core.ResourceLocatorInvoker.invokeOnTargetObject(ResourceLocatorInvoker.java:133)

                at org.jboss.resteasy.core.ResourceLocatorInvoker.invoke(ResourceLocatorInvoker.java:101)

                at org.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:406)

                at org.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:213)

                at org.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:228)

                at org.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:56)

                at org.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:51)

                at javax.servlet.http.HttpServlet.service(HttpServlet.java:790)

                at io.undertow.servlet.handlers.ServletHandler.handleRequest(ServletHandler.java:85)

                at io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:129)

                at org.keycloak.services.filters.KeycloakSessionServletFilter.doFilter(KeycloakSessionServletFilter.java:90)

                at io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:61)

                at io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131)

                at io.undertow.servlet.handlers.FilterHandler.handleRequest(FilterHandler.java:84)

                at io.undertow.servlet.handlers.security.ServletSecurityRoleHandler.handleRequest(ServletSecurityRoleHandler.java:62)

                at io.undertow.servlet.handlers.ServletDispatchingHandler.handleRequest(ServletDispatchingHandler.java:36)

                at org.wildfly.extension.undertow.security.SecurityContextAssociationHandler.handleRequest(SecurityContextAssociationHandler.java:78)

                at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)

                at io.undertow.servlet.handlers.security.SSLInformationAssociationHandler.handleRequest(SSLInformationAssociationHandler.java:131)

                at io.undertow.servlet.handlers.security.ServletAuthenticationCallHandler.handleRequest(ServletAuthenticationCallHandler.java:57)

                at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)

                at io.undertow.security.handlers.AbstractConfidentialityHandler.handleRequest(AbstractConfidentialityHandler.java:46)

                at io.undertow.servlet.handlers.security.ServletConfidentialityConstraintHandler.handleRequest(ServletConfidentialityConstraintHandler.java:64)

                at io.undertow.security.handlers.AuthenticationMechanismsHandler.handleRequest(AuthenticationMechanismsHandler.java:60)

                at io.undertow.servlet.handlers.security.CachedAuthenticatedSessionHandler.handleRequest(CachedAuthenticatedSessionHandler.java:77)

                at io.undertow.security.handlers.NotificationReceiverHandler.handleRequest(NotificationReceiverHandler.java:50)

                at io.undertow.security.handlers.AbstractSecurityContextAssociationHandler.handleRequest(AbstractSecurityContextAssociationHandler.java:43)

                at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)

                at org.wildfly.extension.undertow.security.jacc.JACCContextIdHandler.handleRequest(JACCContextIdHandler.java:61)

                at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)

                at org.wildfly.extension.undertow.deployment.GlobalRequestControllerHandler.handleRequest(GlobalRequestControllerHandler.java:68)

                at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)

                at io.undertow.servlet.handlers.ServletInitialHandler.handleFirstRequest(ServletInitialHandler.java:292)

                at io.undertow.servlet.handlers.ServletInitialHandler.access$100(ServletInitialHandler.java:81)

                at io.undertow.servlet.handlers.ServletInitialHandler$2.call(ServletInitialHandler.java:138)

                at io.undertow.servlet.handlers.ServletInitialHandler$2.call(ServletInitialHandler.java:135)

                at io.undertow.servlet.core.ServletRequestContextThreadSetupAction$1.call(ServletRequestContextThreadSetupAction.java:48)

                at io.undertow.servlet.core.ContextClassLoaderSetupAction$1.call(ContextClassLoaderSetupAction.java:43)

                at org.wildfly.extension.undertow.security.SecurityContextThreadSetupAction.lambda$create$0(SecurityContextThreadSetupAction.java:105)

                at org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1508)

                at org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1508)

                at org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1508)

                at org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1508)

                at io.undertow.servlet.handlers.ServletInitialHandler.dispatchRequest(ServletInitialHandler.java:272)

                at io.undertow.servlet.handlers.ServletInitialHandler.access$000(ServletInitialHandler.java:81)

                at io.undertow.servlet.handlers.ServletInitialHandler$1.handleRequest(ServletInitialHandler.java:104)

                at io.undertow.server.Connectors.executeRootHandler(Connectors.java:326)

                at io.undertow.server.HttpServerExchange$1.run(HttpServerExchange.java:812)

                at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)

                at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)

                at java.lang.Thread.run(Thread.java:748)

Caused by: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

                at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)

                at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1946)

                at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:316)

                at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:310)

                at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1639)

                at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:223)

                at sun.security.ssl.Handshaker.processLoop(Handshaker.java:1037)

                at sun.security.ssl.Handshaker.process_record(Handshaker.java:965)

                at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1064)

                at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1367)

                at sun.security.ssl.SSLSocketImpl.writeRecord(SSLSocketImpl.java:750)

                at sun.security.ssl.AppOutputStream.write(AppOutputStream.java:123)

                at java.io.BufferedOutputStream.flushBuffer(BufferedOutputStream.java:82)

                at java.io.BufferedOutputStream.flush(BufferedOutputStream.java:140)

                at com.sun.jndi.ldap.Connection.writeRequest(Connection.java:443)

                at com.sun.jndi.ldap.Connection.writeRequest(Connection.java:416)

                at com.sun.jndi.ldap.LdapClient.ldapBind(LdapClient.java:359)

                at com.sun.jndi.ldap.LdapClient.authenticate(LdapClient.java:214)

                ... 77 more

Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

                at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:397)

                at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:302)

                at sun.security.validator.Validator.validate(Validator.java:262)

                at sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:330)

                at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:237)

                at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:132)

                at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1621)

                ... 90 more

Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

                at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141)

                at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126)

                at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:280)

                at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:392)

                ... 96 more

 
Regards,
Harika Gonela.

yes Sankar,

We tried to import the same authentication-provides.xml which is working in 10.3.

In 10.6, Though its showing up all the entries on import in UI  and Test connection is working but Test Authentication failing with the imported password.

However we tried with the correct valid password as well, which still fails with error

Regards,
Harika Gonela

we are seeing below error when trying to add the ssl cert to iam-truststore.ks 
keytool error: java.io.IOException: Keystore was tampered with, or password was incorrect

2020-09-18 04:57:56,144 ERROR [org.keycloak.services] (default task-88) KC-SERVICES0055: Error when authenticating to LDAP: simple bind failed: sexxx.gxxx.xxx:xxx: javax.naming.CommunicationException: simple bind failed: sexxx.gxxx.xxx:xxx:636 [Root exception is javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target]

                at com.sun.jndi.ldap.LdapClient.authenticate(LdapClient.java:219)

                at com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2791)

                at com.sun.jndi.ldap.LdapCtx.<init>(LdapCtx.java:319)

                at com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(LdapCtxFactory.java:192)

                at com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(LdapCtxFactory.java:210)

                at com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(LdapCtxFactory.java:153)

                at com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(LdapCtxFactory.java:83)

                at org.jboss.as.naming.InitialContext.getDefaultInitCtx(InitialContext.java:116)

                at org.jboss.as.naming.InitialContext.init(InitialContext.java:101)

                at javax.naming.ldap.InitialLdapContext.<init>(InitialLdapContext.java:154)

                at org.jboss.as.naming.InitialContext.<init>(InitialContext.java:91)

                at org.jboss.as.naming.InitialContextFactory.getInitialContext(InitialContextFactory.java:43)

                at javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:684)

                at javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:313)

                at javax.naming.InitialContext.init(InitialContext.java:244)

                at javax.naming.ldap.InitialLdapContext.<init>(InitialLdapContext.java:154)

                at org.keycloak.services.managers.LDAPConnectionTestManager.testLDAP(LDAPConnectionTestManager.java:77)

                at org.keycloak.services.resources.admin.RealmAdminResource.testLDAPConnection(RealmAdminResource.java:813)

                at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)

                at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)

                at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)

                at java.lang.reflect.Method.invoke(Method.java:498)

                at org.jboss.resteasy.core.MethodInjectorImpl.invoke(MethodInjectorImpl.java:140)

                at org.jboss.resteasy.core.ResourceMethodInvoker.invokeOnTarget(ResourceMethodInvoker.java:295)

                at org.jboss.resteasy.core.ResourceMethodInvoker.invoke(ResourceMethodInvoker.java:249)

                at org.jboss.resteasy.core.ResourceLocatorInvoker.invokeOnTargetObject(ResourceLocatorInvoker.java:138)

                at org.jboss.resteasy.core.ResourceLocatorInvoker.invoke(ResourceLocatorInvoker.java:107)

                at org.jboss.resteasy.core.ResourceLocatorInvoker.invokeOnTargetObject(ResourceLocatorInvoker.java:133)

                at org.jboss.resteasy.core.ResourceLocatorInvoker.invoke(ResourceLocatorInvoker.java:101)

                at org.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:406)

                at org.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:213)

                at org.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:228)

                at org.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:56)

                at org.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:51)

                at javax.servlet.http.HttpServlet.service(HttpServlet.java:790)

                at io.undertow.servlet.handlers.ServletHandler.handleRequest(ServletHandler.java:85)

                at io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:129)

                at org.keycloak.services.filters.KeycloakSessionServletFilter.doFilter(KeycloakSessionServletFilter.java:90)

                at io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:61)

                at io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131)

                at io.undertow.servlet.handlers.FilterHandler.handleRequest(FilterHandler.java:84)

                at io.undertow.servlet.handlers.security.ServletSecurityRoleHandler.handleRequest(ServletSecurityRoleHandler.java:62)

                at io.undertow.servlet.handlers.ServletDispatchingHandler.handleRequest(ServletDispatchingHandler.java:36)

                at org.wildfly.extension.undertow.security.SecurityContextAssociationHandler.handleRequest(SecurityContextAssociationHandler.java:78)

                at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)

                at io.undertow.servlet.handlers.security.SSLInformationAssociationHandler.handleRequest(SSLInformationAssociationHandler.java:131)

                at io.undertow.servlet.handlers.security.ServletAuthenticationCallHandler.handleRequest(ServletAuthenticationCallHandler.java:57)

                at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)

                at io.undertow.security.handlers.AbstractConfidentialityHandler.handleRequest(AbstractConfidentialityHandler.java:46)

                at io.undertow.servlet.handlers.security.ServletConfidentialityConstraintHandler.handleRequest(ServletConfidentialityConstraintHandler.java:64)

                at io.undertow.security.handlers.AuthenticationMechanismsHandler.handleRequest(AuthenticationMechanismsHandler.java:60)

                at io.undertow.servlet.handlers.security.CachedAuthenticatedSessionHandler.handleRequest(CachedAuthenticatedSessionHandler.java:77)

                at io.undertow.security.handlers.NotificationReceiverHandler.handleRequest(NotificationReceiverHandler.java:50)

                at io.undertow.security.handlers.AbstractSecurityContextAssociationHandler.handleRequest(AbstractSecurityContextAssociationHandler.java:43)

                at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)

                at org.wildfly.extension.undertow.security.jacc.JACCContextIdHandler.handleRequest(JACCContextIdHandler.java:61)

                at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)

                at org.wildfly.extension.undertow.deployment.GlobalRequestControllerHandler.handleRequest(GlobalRequestControllerHandler.java:68)

                at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)

                at io.undertow.servlet.handlers.ServletInitialHandler.handleFirstRequest(ServletInitialHandler.java:292)

                at io.undertow.servlet.handlers.ServletInitialHandler.access$100(ServletInitialHandler.java:81)

                at io.undertow.servlet.handlers.ServletInitialHandler$2.call(ServletInitialHandler.java:138)

                at io.undertow.servlet.handlers.ServletInitialHandler$2.call(ServletInitialHandler.java:135)

                at io.undertow.servlet.core.ServletRequestContextThreadSetupAction$1.call(ServletRequestContextThreadSetupAction.java:48)

                at io.undertow.servlet.core.ContextClassLoaderSetupAction$1.call(ContextClassLoaderSetupAction.java:43)

                at org.wildfly.extension.undertow.security.SecurityContextThreadSetupAction.lambda$create$0(SecurityContextThreadSetupAction.java:105)

                at org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1508)

                at org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1508)

                at org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1508)

                at org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1508)

                at io.undertow.servlet.handlers.ServletInitialHandler.dispatchRequest(ServletInitialHandler.java:272)

                at io.undertow.servlet.handlers.ServletInitialHandler.access$000(ServletInitialHandler.java:81)

                at io.undertow.servlet.handlers.ServletInitialHandler$1.handleRequest(ServletInitialHandler.java:104)

                at io.undertow.server.Connectors.executeRootHandler(Connectors.java:326)

                at io.undertow.server.HttpServerExchange$1.run(HttpServerExchange.java:812)

                at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)

                at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)

                at java.lang.Thread.run(Thread.java:748)

Caused by: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

                at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)

                at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1946)

                at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:316)

                at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:310)

                at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1639)

                at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:223)

                at sun.security.ssl.Handshaker.processLoop(Handshaker.java:1037)

                at sun.security.ssl.Handshaker.process_record(Handshaker.java:965)

                at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1064)

                at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1367)

                at sun.security.ssl.SSLSocketImpl.writeRecord(SSLSocketImpl.java:750)

                at sun.security.ssl.AppOutputStream.write(AppOutputStream.java:123)

                at java.io.BufferedOutputStream.flushBuffer(BufferedOutputStream.java:82)

                at java.io.BufferedOutputStream.flush(BufferedOutputStream.java:140)

                at com.sun.jndi.ldap.Connection.writeRequest(Connection.java:443)

                at com.sun.jndi.ldap.Connection.writeRequest(Connection.java:416)

                at com.sun.jndi.ldap.LdapClient.ldapBind(LdapClient.java:359)

                at com.sun.jndi.ldap.LdapClient.authenticate(LdapClient.java:214)

                ... 77 more

Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

                at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:397)

                at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:302)

                at sun.security.validator.Validator.validate(Validator.java:262)

                at sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:330)

                at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:237)

                at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:132)

                at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1621)

                ... 90 more

Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

                at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141)

                at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126)

                at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:280)

                at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:392)

                ... 96 more

 
Regards,
Harika Gonela.

yes Sankar,

We tried to import the same authentication-provides.xml which is working in 10.3.

In 10.6, Though its showing up all the entries on import in UI  and Test connection is working but Test Authentication failing with the imported password.

However we tried with the correct valid password as well, which still fails with error

Regards,
Harika Gonela

we are seeing below error when trying to add the ssl cert to iam-truststore.ks 
keytool error: java.io.IOException: Keystore was tampered with, or password was incorrect

2020-09-18 04:57:56,144 ERROR [org.keycloak.services] (default task-88) KC-SERVICES0055: Error when authenticating to LDAP: simple bind failed: sexxx.gxxx.xxx:xxx: javax.naming.CommunicationException: simple bind failed: sexxx.gxxx.xxx:xxx:636 [Root exception is javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target]

                at com.sun.jndi.ldap.LdapClient.authenticate(LdapClient.java:219)

                at com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2791)

                at com.sun.jndi.ldap.LdapCtx.<init>(LdapCtx.java:319)

                at com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(LdapCtxFactory.java:192)

                at com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(LdapCtxFactory.java:210)

                at com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(LdapCtxFactory.java:153)

                at com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(LdapCtxFactory.java:83)

                at org.jboss.as.naming.InitialContext.getDefaultInitCtx(InitialContext.java:116)

                at org.jboss.as.naming.InitialContext.init(InitialContext.java:101)

                at javax.naming.ldap.InitialLdapContext.<init>(InitialLdapContext.java:154)

                at org.jboss.as.naming.InitialContext.<init>(InitialContext.java:91)

                at org.jboss.as.naming.InitialContextFactory.getInitialContext(InitialContextFactory.java:43)

                at javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:684)

                at javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:313)

                at javax.naming.InitialContext.init(InitialContext.java:244)

                at javax.naming.ldap.InitialLdapContext.<init>(InitialLdapContext.java:154)

                at org.keycloak.services.managers.LDAPConnectionTestManager.testLDAP(LDAPConnectionTestManager.java:77)

                at org.keycloak.services.resources.admin.RealmAdminResource.testLDAPConnection(RealmAdminResource.java:813)

                at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)

                at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)

                at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)

                at java.lang.reflect.Method.invoke(Method.java:498)

                at org.jboss.resteasy.core.MethodInjectorImpl.invoke(MethodInjectorImpl.java:140)

                at org.jboss.resteasy.core.ResourceMethodInvoker.invokeOnTarget(ResourceMethodInvoker.java:295)

                at org.jboss.resteasy.core.ResourceMethodInvoker.invoke(ResourceMethodInvoker.java:249)

                at org.jboss.resteasy.core.ResourceLocatorInvoker.invokeOnTargetObject(ResourceLocatorInvoker.java:138)

                at org.jboss.resteasy.core.ResourceLocatorInvoker.invoke(ResourceLocatorInvoker.java:107)

                at org.jboss.resteasy.core.ResourceLocatorInvoker.invokeOnTargetObject(ResourceLocatorInvoker.java:133)

                at org.jboss.resteasy.core.ResourceLocatorInvoker.invoke(ResourceLocatorInvoker.java:101)

                at org.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:406)

                at org.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:213)

                at org.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:228)

                at org.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:56)

                at org.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:51)

                at javax.servlet.http.HttpServlet.service(HttpServlet.java:790)

                at io.undertow.servlet.handlers.ServletHandler.handleRequest(ServletHandler.java:85)

                at io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:129)

                at org.keycloak.services.filters.KeycloakSessionServletFilter.doFilter(KeycloakSessionServletFilter.java:90)

                at io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:61)

                at io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131)

                at io.undertow.servlet.handlers.FilterHandler.handleRequest(FilterHandler.java:84)

                at io.undertow.servlet.handlers.security.ServletSecurityRoleHandler.handleRequest(ServletSecurityRoleHandler.java:62)

                at io.undertow.servlet.handlers.ServletDispatchingHandler.handleRequest(ServletDispatchingHandler.java:36)

                at org.wildfly.extension.undertow.security.SecurityContextAssociationHandler.handleRequest(SecurityContextAssociationHandler.java:78)

                at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)

                at io.undertow.servlet.handlers.security.SSLInformationAssociationHandler.handleRequest(SSLInformationAssociationHandler.java:131)

                at io.undertow.servlet.handlers.security.ServletAuthenticationCallHandler.handleRequest(ServletAuthenticationCallHandler.java:57)

                at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)

                at io.undertow.security.handlers.AbstractConfidentialityHandler.handleRequest(AbstractConfidentialityHandler.java:46)

                at io.undertow.servlet.handlers.security.ServletConfidentialityConstraintHandler.handleRequest(ServletConfidentialityConstraintHandler.java:64)

                at io.undertow.security.handlers.AuthenticationMechanismsHandler.handleRequest(AuthenticationMechanismsHandler.java:60)

                at io.undertow.servlet.handlers.security.CachedAuthenticatedSessionHandler.handleRequest(CachedAuthenticatedSessionHandler.java:77)

                at io.undertow.security.handlers.NotificationReceiverHandler.handleRequest(NotificationReceiverHandler.java:50)

                at io.undertow.security.handlers.AbstractSecurityContextAssociationHandler.handleRequest(AbstractSecurityContextAssociationHandler.java:43)

                at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)

                at org.wildfly.extension.undertow.security.jacc.JACCContextIdHandler.handleRequest(JACCContextIdHandler.java:61)

                at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)

                at org.wildfly.extension.undertow.deployment.GlobalRequestControllerHandler.handleRequest(GlobalRequestControllerHandler.java:68)

                at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)

                at io.undertow.servlet.handlers.ServletInitialHandler.handleFirstRequest(ServletInitialHandler.java:292)

                at io.undertow.servlet.handlers.ServletInitialHandler.access$100(ServletInitialHandler.java:81)

                at io.undertow.servlet.handlers.ServletInitialHandler$2.call(ServletInitialHandler.java:138)

                at io.undertow.servlet.handlers.ServletInitialHandler$2.call(ServletInitialHandler.java:135)

                at io.undertow.servlet.core.ServletRequestContextThreadSetupAction$1.call(ServletRequestContextThreadSetupAction.java:48)

                at io.undertow.servlet.core.ContextClassLoaderSetupAction$1.call(ContextClassLoaderSetupAction.java:43)

                at org.wildfly.extension.undertow.security.SecurityContextThreadSetupAction.lambda$create$0(SecurityContextThreadSetupAction.java:105)

                at org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1508)

                at org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1508)

                at org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1508)

                at org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1508)

                at io.undertow.servlet.handlers.ServletInitialHandler.dispatchRequest(ServletInitialHandler.java:272)

                at io.undertow.servlet.handlers.ServletInitialHandler.access$000(ServletInitialHandler.java:81)

                at io.undertow.servlet.handlers.ServletInitialHandler$1.handleRequest(ServletInitialHandler.java:104)

                at io.undertow.server.Connectors.executeRootHandler(Connectors.java:326)

                at io.undertow.server.HttpServerExchange$1.run(HttpServerExchange.java:812)

                at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)

                at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)

                at java.lang.Thread.run(Thread.java:748)

Caused by: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

                at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)

                at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1946)

                at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:316)

                at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:310)

                at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1639)

                at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:223)

                at sun.security.ssl.Handshaker.processLoop(Handshaker.java:1037)

                at sun.security.ssl.Handshaker.process_record(Handshaker.java:965)

                at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1064)

                at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1367)

                at sun.security.ssl.SSLSocketImpl.writeRecord(SSLSocketImpl.java:750)

                at sun.security.ssl.AppOutputStream.write(AppOutputStream.java:123)

                at java.io.BufferedOutputStream.flushBuffer(BufferedOutputStream.java:82)

                at java.io.BufferedOutputStream.flush(BufferedOutputStream.java:140)

                at com.sun.jndi.ldap.Connection.writeRequest(Connection.java:443)

                at com.sun.jndi.ldap.Connection.writeRequest(Connection.java:416)

                at com.sun.jndi.ldap.LdapClient.ldapBind(LdapClient.java:359)

                at com.sun.jndi.ldap.LdapClient.authenticate(LdapClient.java:214)

                ... 77 more

Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

                at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:397)

                at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:302)

                at sun.security.validator.Validator.validate(Validator.java:262)

                at sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:330)

                at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:237)

                at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:132)

                at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1621)

                ... 90 more

Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

                at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141)

                at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126)

                at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:280)

                at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:392)

                ... 96 more

 
Regards,
Harika Gonela.

yes Sankar,

We tried to import the same authentication-provides.xml which is working in 10.3.

In 10.6, Though its showing up all the entries on import in UI  and Test connection is working but Test Authentication failing with the imported password.

However we tried with the correct valid password as well, which still fails with error

Regards,
Harika Gonela