SHA1 key has been disabled in JDK 9 onwards. But ldap server is using SHA1 key to support went through the site found using the below jdk.certpath.disabledAlgorithms property SHA1 can be supported.

But unfortunately, passing this attribute as part of
extraEnv: |

• name: JAVA_OPTS_APPEND
  value: >-
  -Djgroups.dns.query={{ include "keycloak.fullname" . }}-headless
  -Djdk.certpath.disabledAlgorithms=MD2

is not having effect. So decided to update java.security file but due the permission issue we couldn't update java.security file.

Please provide a solution to support SHA1 algorithm as keycloak is acting as client for ldap server.

Adding the exception from the logs file:

javax.net.ssl.SSLHandshakeException: PKIX path validation failed: java.security.cert.CertPathValidatorException: Algorithm constraints check failed on signature algorithm: SHA1withRSA

This issue has been marked as stale because it has been open for 30 days with no activity. It will be automatically closed in 10 days if no further activity occurs.