How do you use the client when Keycloak is running over https

[kapadiup]

When I run Keycloak in SSL mode when I try to use the client I don't see an option of passing in any certificates. When I try the https url anyways for keycloak I am getting a handshake error when I try to use KeycloakOpenID.

SSLError(SSLError("bad handshake: Error([('SSL routines', 'tls_process_server_certificate', 'certificate verify failed'

[gianfabiopezzolla]

You have found some solutions for this?

[EvandoBlanco]

@kapadiup @sagolab

I was recently able to resolve this. I don't have the code in front of me, so some variable names may be wrong. But you can add a certificate path directly to the requests.Session like this:

connection = keycloak_client._connection
connection._s.cert = "/path/to/certificate"
keycloak_client._connection = connection

I hope this helps.

[lokeish]

There is no such method connection._s.cert, can you help with exact code snippet.

[a-n-t-h-o-n-y]

It looks like the verify constructor parameter of KeycloakOpenID, KeycloakAdmin and KeycloakOpenIDConnection are passed directly to the requests.Session calls, so it can be a certificate path. The python-keycloak docs could be more informative:

:param verify: True if want check connection SSL
:type verify: bool

The following works for me:

connection = KeycloakOpenIDConnection(
    server_url="...",
    username="...",
    password="...",
    realm_name="...",
    verify="/path/to/cert.pem",
)