I can’t find a way to make the oidc_discovery_url “skipSslVerify” in order to integrate with Keycloak.
I’ve already been “throttled” by LE a few times (rightfully so) because my end-to-end testing destroys all of my infrastructure, therefor i’ve been requesting lots of Certs. So I’ve moved to use the Acme-Staging service which provides a “CN=Fake LE Intermediate X1” cert which vault does not like when doing the oidc configuration:
"* error checking oidc discovery URL: error creating provider with given values: Get https://keycloak.DEMO.TLD/auth/realms/demo/.well-known/openid-configuration: x509: certificate signed by unknown authority",
For concourse and other services, I’ve been able to pass some variation of “oidc_skip_ssl_validation” but I can’t find a similar option for vault.
FWIW, all the services are running in containers behind traefik.
Traefik terminates SSL.
If I do not use the Acme-staing service, it all works.