For testing and non-production use (or production at your own peril), you can add ".setSkipSignatureVerification()" to your JWTConsumerBuilder in the o.a.g.a.o.t.TokenValidationService of the OpenID extension. That worked for me but may not solve your exact problem.
-Ryan -----Original Message----- From: Yang Yang <[email protected]> Sent: Tuesday, July 23, 2019 9:13 AM To: [email protected] Subject: Disable SSL certificate verification with OpenID Connect Authentication Hello, I’m testing OpenID Connect Authentication with https on, and got the problem below. Could you help to tell how to disable ssl certificate verification? Is there a “ssl_verify” flag that I can turn off? 17:11:56.117 [http-nio-8080-exec-2] DEBUG org.jose4j.http.Get - HTTP GET of https://119.3.69.8:8443/auth/realms/Supra/protocol/openid-connect/certs 17:11:56.125 [http-nio-8080-exec-2] INFO o.a.g.a.o.t.TokenValidationService - Rejected invalid OpenID token: Unable to process JOSE object (cause: org.jose4j.lang.UnresolvableKeyException: Unable to find a suitable verification key for JWS w/ header {"alg":"RS256","typ" : "JWT","kid" : "4SUxbbXKnge_r1h1jgjQOUYQk7yg_bHnqBIZTFSPbxY"} due to an unexpected exception (javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: No subject alternative names present) while obtaining or using keys from JWKS endpoint at https://MY-OIDC-SERVER-URI/openid-connect/certs): JsonWebSignature{"alg":"RS256","typ" : "JWT","kid" : "4SUxbbXKnge_r1h1jgjQOUYQk7yg_bHnqBIZTFSPbxY"}->eyJhbGci...34IfpdFF8g 17:11:56.128 [http-nio-8080-exec-2] DEBUG o.a.g.a.o.t.TokenValidationService - Invalid JWT received. org.jose4j.jwt.consumer.InvalidJwtException: Unable to process JOSE object (cause: org.jose4j.lang.UnresolvableKeyException: Unable to find a suitable verification key for JWS w/ header {"alg":"RS256","typ" : "JWT","kid" : "4SUxbbXKnge_r1h1jgjQOUYQk7yg_bHnqBIZTFSPbxY"} due to an unexpected exception (javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: No subject alternative names present) while obtaining or using keys from JWKS endpoint at https://MY-OIDC-SERVER-URI/openid-connect/certs): JsonWebSignature{"alg":"RS256","typ" : "JWT","kid" : "4SUxbbXKnge_r1h1jgjQOUYQk7yg_bHnqBIZTFSPbxY"}->eyJhbGci…34IfpdFF8g Thanks, Yang --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
