Hi,
We recently started with IAG in kubernetes and struggle with what looks like self signed certificates on our internal IDP IBM Security Verify Access. We have tried to add these certificates under identity: ssl.
We get the following error:
2021-01-25-11:07:34.055+00:00I----- 0x38AD54CC iag WARNING wiv ssl SSLConnection.cpp 2460 0x7fdd6affd700DPWIV1228W IAG could not establish a secure connection to the server, #####, for the default junction (Function call: gsk_secure_soc_init; failed error: 0x19e GSK_ERROR_BAD_CERT).
2021-01-25-11:07:34.055+00:00I----- 0x38983425 iag ERROR wad general AMWJsonClient.cpp 696 0x7fdd6affd700
DPWAD1061E Failed to connect to the server: #####:443.
When i log into the instance and verify the certificate with openssl, it seems to be valid:
➜ kubectl exec --stdin --tty iag-instance-ff695fdb7-f87kr -- /bin/bash
[ivmgr@iag-instance-ff695fdb7-f87kr /]$ cd /var/iag/config/
openssl s_client -CAfile root.pem <access manager>:443
Server Temp Key: ECDH, P-256, 256 bits
---
SSL handshake has read 4516 bytes and written 453 bytes
Verification: OK
We have the following config as configmap:
apiVersion: v1
kind: ConfigMap
metadata:
name: test-config
data:
config.yaml: |
version: "20.12"
server:
ssl:
front_end:
identity:
oidc:
discovery_endpoint: "https://<access manager>/.well-known/openid-configuration"
client_id: ""
client_secret: ""
ssl:
certificate:
- "@root.pem"
- "@intermediate-ca.pem"
root.pem: |
-----BEGIN CERTIFICATE-----
-----END CERTIFICATE-----
intermediate-ca.pem: |
-----BEGIN CERTIFICATE-----
-----END CERTIFICATE-----
------------------------------
Øyvind Bergerud
------------------------------