-
Notifications
You must be signed in to change notification settings - Fork 218
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Issue with custom certification authority #52
Comments
I have exactly the same problem and I haven't found any solution to bypass that error at the moment. |
@trourance as a workaround I configured userinfo_uri, token_uri, token_introspection_uri with the http endpoint. This is my client_secret.json:
Hope this can help you in the meantime |
@njordr Thank you so much, your workaround works perfectly. |
Btw, I have the same issue when using a perfectly valid certificate. It's impossible at the moment to use https at all and it's a blocker. |
@njordr I've found the workaround. The problem comes from the httplib2 library which uses its own ca file to validate the ssl certificates. You can add your own ca certificate to this file and enable https endpoints in client_secret.json: HTH |
@trourance great, thanks a lot |
Yeah, so this depends on your deployment of httplib2 and the fact that it uses its own CA. |
cat myca-cert.crt >> [path_to_python_libs]/certifi/cacert.pem did it for me |
…ages. Configured the use of HTTPS for Keycloak to avoid mixed content errors in browser: https://developer.mozilla.org/en-US/docs/Web/Security/Mixed_content ; to do that, we also had to face the following issue for flask-oidc: puiterwijk/flask-oidc#52 . The solution of installing keycloak's certificate into httplib2/cacerts.txt wasn't enough because the IP address could be different; therefore, we added a configuration parameter about disabling SSL verification, and if it is set to true, then some code in python site-packages (inside the Docker) will be modified at run-time to disable SSL verification.
Hi.
flask-oidc==1.3.0
python 3.6.5
flask 0.12.2
ubuntu 16.4.3
I setup everything to login with keycloak. Everything worked as expected if run against keycloak over HTTP.
Then I configured keycloak over HTTPS with a certificate created from a self signed CA:
I suppose the problem is in these rows (
flask_oidc/__init__.py
, method_oidc_callback
):I think flask tries to communicate with keycloak and the SSL handshake fails.
Custom CA cert is imported in system ca store where flask runs.
I tried to use the following env vars:
but no way to get rid of the issue.
I tried to follow the code, but I missed myself in it.
Thanks
The text was updated successfully, but these errors were encountered: