KC_CACHE_EMBEDDED_MTLS_ENABLED ignored

ertu · September 11, 2024, 3:37pm

I am deploying keycloak with operator 25.0.4
I enabled mtls on cache with a certificate from letsencrypt but it is ignored:

ENV KC_CACHE_EMBEDDED_MTLS_ENABLED=true
ENV KC_CACHE_EMBEDDED_MTLS_KEY_STORE_FILE=/opt/keycloak/conf/keycloakx-keystore.p12
ENV KC_CACHE_EMBEDDED_MTLS_KEY_STORE_PASSWORD=password

Any idea why it is ignored?

philngu · November 4, 2024, 9:03pm

Can you try using CACHE_EMBEDDED_MTLS_ENABLED instead without the KC_ prefix and see if that works? There seems to be a bug starting from v25 that causes this

ertu · November 5, 2024, 4:56am

I changed in the custom resource KC_CACHE_EMBEDDED_MTLS_ENABLED to CACHE_EMBEDDED_MTLS_ENABLED.

Now the statefulset looks correct. But MTLS still not enabled.

Here I put more details: https://github.com/keycloak/keycloak/issues/32842

Topic		Replies	Views
Run keycloak in Production without TLS configuration Configuring the server	9	5954	November 28, 2023
Secure Connection Failure when KC_HTTPS_CLIENT_AUTH is set to "request" Configuring the server	1	392	October 7, 2024
Kcadm.sh mTLS connection Getting advice	1	475	November 28, 2022
How to disable TLS? authentication	2	2254	May 14, 2021
Ldap mTLS connection problem on Base Command Manager 11 Ubuntu 24.04 Configuring the server ldap	6	60	December 15, 2025

KC_CACHE_EMBEDDED_MTLS_ENABLED ignored

Related topics