Khalid Anwar
Reputation: 61
com.nimbusds.jose.RemoteKeySourceException: Couldn't retrieve remote JWK set: Hostname verification failed
I am using Nimbus-JOSE-JWT library library (version 4.39). Using this library, I am trying to do local JWT token validation which pulls down JWK set from the OAuth authorization server.
My code works perfectly fine when I run it within a JSE application, however, when I run the exact same code (as part of a JEE application) within WebLogic 12.1.3, it fails to run with the following exception:
com.nimbusds.jose.RemoteKeySourceException: Couldn't retrieve remote JWK set: Hostname verification failed: HostnameVerifier=weblogic.security.utils.SSLWLSHostnameVerifier, hostname=corpZ.oktapreview.com.
at com.nimbusds.jose.jwk.source.RemoteJWKSet.updateJWKSetFromURL(RemoteJWKSet.java:141)
at com.nimbusds.jose.jwk.source.RemoteJWKSet.get(RemoteJWKSet.java:219)
at com.nimbusds.jose.proc.JWSVerificationKeySelector.selectJWSKeys(JWSVerificationKeySelector.java:129)
at com.nimbusds.jwt.proc.DefaultJWTProcessor.process(DefaultJWTProcessor.java:323)
at com.nimbusds.jwt.proc.DefaultJWTProcessor.process(DefaultJWTProcessor.java:284)
at com.nimbusds.jwt.proc.DefaultJWTProcessor.process(DefaultJWTProcessor.java:275)
at org.corpZ.sec.okta.OktaClient.getAccessTokenInfoLocally(Unknown Source)
at org.corpZ.sec.okta.OktaClient.validateAccessTokenLocally(Unknown Source)
at org.corpZ.sec.okta.TokenValidator.isTokenValid(Unknown Source)
at org.corpZ.eis.ws.interceptor.WSInterceptor.handleRequest(WSInterceptor.java:126)
at org.springframework.ws.server.endpoint.interceptor.DelegatingSmartEndpointInterceptor.handleRequest(DelegatingSmartEndpointInterceptor.java:78)
at org.springframework.ws.server.MessageDispatcher.dispatch(MessageDispatcher.java:224)
at org.springframework.ws.server.MessageDispatcher.receive(MessageDispatcher.java:173)
at org.springframework.ws.transport.support.WebServiceMessageReceiverObjectSupport.handleConnection(WebServiceMessageReceiverObjectSupport.java:88)
at org.springframework.ws.transport.http.WebServiceMessageReceiverHandlerAdapter.handle(WebServiceMessageReceiverHandlerAdapter.java:59)
at org.springframework.ws.transport.http.MessageDispatcherServlet.doService(MessageDispatcherServlet.java:292)
at org.springframework.web.servlet.FrameworkServlet.processRequest(FrameworkServlet.java:970)
at org.springframework.web.servlet.FrameworkServlet.doPost(FrameworkServlet.java:872)
at javax.servlet.http.HttpServlet.service(HttpServ
Below is the Maven dependency that I have in my code:
<dependency>
<groupId>com.nimbusds</groupId>
<artifactId>nimbus-jose-jwt</artifactId>
<version>4.39</version>
</dependency>
Any help will be much appreciated.
Thanks.
Upvotes: 6
Views: 7335
Answers (1)
Leandro Cusack
Reputation: 369
Better late than never, this is due to WebLogic server configuration. You have to enter into SSL properties tab, and change the "Hostname Verification" to "none".
Upvotes: 1
Related Questions
- JWKS URI missing in JWT based on Keycloak Client
- How to produce correct jwks endpoint for spring oauth2 jwt server?
- java.lang.IllegalArgumentException: A signing key must be specified if the specified JWT is digitally signed
- How to disable Host name verification for nimbus JWKS ResourceRetriever
- Unable to parse JWK in Java
- Signed JWT rejected: Another algorithm expected, or no matching key(s) found
- Unexpected "InvalidJwtSignatureException: JWT rejected due to invalid signature"
- Quarkus MicroProfile JWT auth via JWKS
- How to invalidate cache of RemoteJWKSet in nimbus-jose-jwt
- Getting UnknownHostKey when connecting to remote server with JSch