Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

SHA1 support has been removed from JDK 9 onwards. Need to have option to support SHA1 algorithm. #764

Open
rajsekarm1 opened this issue Apr 24, 2024 · 1 comment
Open

SHA1 support has been removed from JDK 9 onwards. Need to have option to support SHA1 algorithm. #764

rajsekarm1 opened this issue Apr 24, 2024 · 1 comment

Comments

@rajsekarm1
Copy link

SHA1 key has been disabled in JDK 9 onwards. But ldap server is using SHA1 key to support went through the site found using the below jdk.certpath.disabledAlgorithms property SHA1 can be supported.

But unfortunately, passing this attribute as part of
extraEnv: |

  • name: JAVA_OPTS_APPEND
    value: >-
    -Djgroups.dns.query={{ include "keycloak.fullname" . }}-headless
    -Djdk.certpath.disabledAlgorithms=MD2

is not having effect. So decided to update java.security file but due the permission issue we couldn't update java.security file.

Please provide a solution to support SHA1 algorithm as keycloak is acting as client for ldap server.
@rajsekarm1
Copy link
Author

Adding the exception from the logs file:

javax.net.ssl.SSLHandshakeException: PKIX path validation failed: java.security.cert.CertPathValidatorException: Algorithm constraints check failed on signature algorithm: SHA1withRSA

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@rajsekarm1