python-keycloak icon indicating copy to clipboard operation
python-keycloak copied to clipboard
verified publisher icon marcospereirampj

How do you use the client when Keycloak is running over https

Open kapadiup opened this issue 6 years ago • 4 comments

When I run Keycloak in SSL mode when I try to use the client I don't see an option of passing in any certificates. When I try the https url anyways for keycloak I am getting a handshake error when I try to use KeycloakOpenID.

SSLError(SSLError("bad handshake: Error([('SSL routines', 'tls_process_server_certificate', 'certificate verify failed'

kapadiup avatar Apr 15 '20 14:04 kapadiup

You have found some solutions for this?

gianfabiopezzolla avatar Jun 25 '21 08:06 gianfabiopezzolla

@kapadiup @SAGOlab

I was recently able to resolve this. I don't have the code in front of me, so some variable names may be wrong. But you can add a certificate path directly to the requests.Session like this:

connection = keycloak_client._connection
connection._s.cert = "/path/to/certificate"
keycloak_client._connection = connection

I hope this helps.

EvandoBlanco avatar Oct 22 '21 18:10 EvandoBlanco

There is no such method connection._s.cert, can you help with exact code snippet.

lokeish avatar Feb 16 '23 08:02 lokeish

It looks like the verify constructor parameter of KeycloakOpenID, KeycloakAdmin and KeycloakOpenIDConnection are passed directly to the requests.Session calls, so it can be a certificate path. The python-keycloak docs could be more informative:

:param verify: True if want check connection SSL
:type verify: bool

The following works for me:

connection = KeycloakOpenIDConnection(
    server_url="...",
    username="...",
    password="...",
    realm_name="...",
    verify="/path/to/cert.pem",
)

a-n-t-h-o-n-y avatar Apr 06 '23 19:04 a-n-t-h-o-n-y