<div dir="ltr">Hi, everyone<br><br>1. I am trying to configure Midpoint 4.8.3 to authenticate using Keycloak 19.0.3;<br>2. I have created a client "midpoint48localhost" on Keycloak with the following configuration:<br><br>Client Protocol : openid-connect<br>Access Type: public<br>Root URL : <a href="http://10.3.180.15:8080/midpoint">http://10.3.180.15:8080/midpoint</a><br>Valid Redirect URIs: <a href="http://10.3.180.15:8080/midpoint/*">http://10.3.180.15:8080/midpoint/*</a><br><br>3. On Midpoint, the Security Policy is configured as:<br><br><i><font color="#ff0000"><securitypolicy><br><br>(...)<br>       <modules><br>            <loginForm id="1"><br>                <identifier>loginForm</identifier><br>            </loginForm><br>            <httpBasic id="2"><br>                <identifier>httpBasic</identifier><br>            </httpBasic><br>            <oidc id="18"><br>                <identifier>gui-oidc</identifier><br>                <client id="19"><br>                    <registrationId>oidc-registration</registrationId><br>                    <clientId>midpoint48localhost</clientId><br>                    <openIdProvider><br>                        <authorizationUri><a href="https://keycloak-hom.trt3.jus.br/auth/realms/trt3/protocol/openid-connect/auth">https://keycloak-hom.trt3.jus.br/auth/realms/trt3/protocol/openid-connect/auth</a></authorizationUri><br>                        <tokenUri><a href="https://keycloak-hom.trt3.jus.br/auth/realms/trt3/protocol/openid-connect/token">https://keycloak-hom.trt3.jus.br/auth/realms/trt3/protocol/openid-connect/token</a></tokenUri><br>                        <userInfoUri><a href="https://keycloak-hom.trt3.jus.br/auth/realms/trt3/protocol/openid-connect/userinfo">https://keycloak-hom.trt3.jus.br/auth/realms/trt3/protocol/openid-connect/userinfo</a></userInfoUri><br>                        <jwkSetUri><a href="https://keycloak-hom.trt3.jus.br/auth/realms/trt3/protocol/openid-connect/certs">https://keycloak-hom.trt3.jus.br/auth/realms/trt3/protocol/openid-connect/certs</a></jwkSetUri><br>                        <issuerUri><a href="https://keycloak-hom.trt3.jus.br/auth/realms/trt3">https://keycloak-hom.trt3.jus.br/auth/realms/trt3</a></issuerUri><br>                        <endSessionUri><a href="https://keycloak-hom.trt3.jus.br/auth/realms/trt3/protocol/openid-connect/logout">https://keycloak-hom.trt3.jus.br/auth/realms/trt3/protocol/openid-connect/logout</a></endSessionUri><br>                    </openIdProvider><br>                </client><br>            </oidc><br>            <br>(...)            <br>        <sequence id="16"><br>            <identifier>gui-oidc</identifier><br>            <channel><br>                <channelId><a href="http://midpoint.evolveum.com/xml/ns/public/common/channels-3#user">http://midpoint.evolveum.com/xml/ns/public/common/channels-3#user</a></channelId><br>                <default>true</default><br>                <urlSuffix>gui-oidc</urlSuffix><br>            </channel><br>            <module id="17"><br>                <identifier>gui-oidc</identifier><br>                <order>10</order><br>                <necessity>sufficient</necessity><br>            </module><br>        </sequence> <br>        <br>(...)        <br></securitypolicy></font></i><br><br>4. When I try to authenticate on Midpoint using keycloak, I am presented with a form (from keycloak) and succeed on logging in. As a proof, a session is registered:<br><br><br>  IP Address         Started                             Last Access                         Clients  <br>10.3.180.15   Jun 14, 2024 11:57:46 AM        Jun 14, 2024 11:57:46 AM midpoint48localhost<br>10.3.180.15       Jun 14, 2024 11:51:59 AM        Jun 14, 2024 11:51:40 AM midpoint48localhost<br><br><br>5. Yet, when redirecting to Midpoint, I receive the following error:<br><br><i>     Currently we are unable to process your request. Kindly try again later.<br></i><br>6. And an error is registered on the midpoint.log file:<br>        <br>        <br><i>2024-06-14 14:57:13,677 [REPOSITORY] [http-nio-8080-exec-3] INFO (com.evolveum.midpoint.audit.log): 2024-06-14T14:57:13.677+0000 eid=1718377033677-42516-2, et=CREATE_SESSION, es=REQUEST, sid=C13E267CCD89C262F2E7CBCCA336466F, rid=null, tid=1718377033677-42516-1, toid=null, hid=50cacb4119c3, nid=DefaultNode, raddr=10.3.180.15, I=null, EP=null, epm=null, T=null, TO=null, D=[], ch=<a href="http://midpoint.evolveum.com/xml/ns/public/common/channels-3#user">http://midpoint.evolveum.com/xml/ns/public/common/channels-3#user</a>, o=FATAL_ERROR, p=null, m=[invalid_token_response] An error occurred while attempting to retrieve the OAuth 2.0 Access Token Response: I/O error on POST request for "<a href="https://keycloak-hom.trt3.jus.br/auth/realms/trt3/protocol/openid-connect/token">https://keycloak-hom.trt3.jus.br/auth/realms/trt3/protocol/openid-connect/token</a>": Unexpected error: java.security.InvalidAlgorithmParameterException: the trustAnchors parameter must be non-empty</i><div><i><br>2024-06-14 14:57:13,680 [REPOSITORY] [http-nio-8080-exec-3] INFO (com.evolveum.midpoint.audit.log): 2024-06-14T14:57:13.679+0000 eid=1718377033679-42516-2, et=CREATE_SESSION, es=REQUEST, sid=C13E267CCD89C262F2E7CBCCA336466F, rid=null, tid=1718377033679-42516-1, toid=null, hid=50cacb4119c3, nid=DefaultNode, raddr=10.3.180.15, I=null, EP=null, epm=null, T=null, TO=null, D=[], ch=<a href="http://midpoint.evolveum.com/xml/ns/public/common/channels-3#user">http://midpoint.evolveum.com/xml/ns/public/common/channels-3#user</a>, o=FATAL_ERROR, p=unknown user, m=OIDC authentication module: web.security.provider.unavailable</i><br><br><br>Has anybody succeeded in the integration? <br><br>Thks,</div></div>