Thank you very much for the information, Ryan! It worked for me. Thanks, Yang
> On Jul 23, 2019, at 21:40, Ryan Underwood <[email protected]> wrote: > > For testing and non-production use (or production at your own peril), you can > add ".setSkipSignatureVerification()" to your JWTConsumerBuilder in the > o.a.g.a.o.t.TokenValidationService of the OpenID extension. That worked for > me but may not solve your exact problem. > > -Ryan > > -----Original Message----- > From: Yang Yang <[email protected]> > Sent: Tuesday, July 23, 2019 9:13 AM > To: [email protected] > Subject: Disable SSL certificate verification with OpenID Connect > Authentication > > Hello, > > I’m testing OpenID Connect Authentication with https on, and got the problem > below. Could you help to tell how to disable ssl certificate verification? Is > there a “ssl_verify” flag that I can turn off? > > 17:11:56.117 [http-nio-8080-exec-2] DEBUG org.jose4j.http.Get - HTTP GET of > https://119.3.69.8:8443/auth/realms/Supra/protocol/openid-connect/certs > 17:11:56.125 [http-nio-8080-exec-2] INFO o.a.g.a.o.t.TokenValidationService > - Rejected invalid OpenID token: Unable to process JOSE object (cause: > org.jose4j.lang.UnresolvableKeyException: Unable to find a suitable > verification key for JWS w/ header {"alg":"RS256","typ" : "JWT","kid" : > "4SUxbbXKnge_r1h1jgjQOUYQk7yg_bHnqBIZTFSPbxY"} due to an unexpected exception > (javax.net.ssl.SSLHandshakeException: > java.security.cert.CertificateException: No subject alternative names > present) while obtaining or using keys from JWKS endpoint at > https://MY-OIDC-SERVER-URI/openid-connect/certs): > JsonWebSignature{"alg":"RS256","typ" : "JWT","kid" : > "4SUxbbXKnge_r1h1jgjQOUYQk7yg_bHnqBIZTFSPbxY"}->eyJhbGci...34IfpdFF8g > 17:11:56.128 [http-nio-8080-exec-2] DEBUG o.a.g.a.o.t.TokenValidationService > - Invalid JWT received. > org.jose4j.jwt.consumer.InvalidJwtException: Unable to process JOSE object > (cause: org.jose4j.lang.UnresolvableKeyException: Unable to find a suitable > verification key for JWS w/ header {"alg":"RS256","typ" : "JWT","kid" : > "4SUxbbXKnge_r1h1jgjQOUYQk7yg_bHnqBIZTFSPbxY"} due to an unexpected exception > (javax.net.ssl.SSLHandshakeException: > java.security.cert.CertificateException: No subject alternative names > present) while obtaining or using keys from JWKS endpoint at > https://MY-OIDC-SERVER-URI/openid-connect/certs): > JsonWebSignature{"alg":"RS256","typ" : "JWT","kid" : > "4SUxbbXKnge_r1h1jgjQOUYQk7yg_bHnqBIZTFSPbxY"}->eyJhbGci…34IfpdFF8g > > Thanks, > Yang > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [email protected] > For additional commands, e-mail: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
