Pac4J has issues encrypting with self-signed certificate
- 王林forward
- 2024-02-05 22:18:121031browse
I am running spring boot 3.2.1
with an embedded keycloak server<dependency>
<groupid>org.pac4j</groupid>
<artifactid>jakartaee-pac4j</artifactid>
<version>8.0.0</version>
</dependency>
<dependency>
<groupid>org.pac4j</groupid>
<artifactid>pac4j-oidc</artifactid>
<version>6.0.1</version>
</dependency>
No encryption required, everything works fine, pac4j handles things just fine. When I bring in ssl using the ssl bundle, the web application works fine (https) and interactions with the embedded keycloak server work fine, including the following calls: https://localhost:8888/auth/realms/master/.well-known/openid-configuration When made via a web browser on the same machine. However, while performing the authentication process, pac4j seems to throw the following error:
org.pac4j.core.exception.TechnicalException: Error getting URL resource
at org.pac4j.core.resource.SpringResourceHelper.getResourceInputStream(SpringResourceHelper.java:74)
at org.pac4j.oidc.metadata.OidcOpMetadataResolver.retrieveMetadata(OidcOpMetadataResolver.java:89)
at org.pac4j.oidc.metadata.OidcOpMetadataResolver.internalLoad(OidcOpMetadataResolver.java:76)
at org.pac4j.core.resource.SpringResourceLoader.load(SpringResourceLoader.java:50)
at org.pac4j.oidc.config.OidcConfiguration.findPkceMethod(OidcConfiguration.java:285)
at org.pac4j.oidc.redirect.OidcRedirectionActionBuilder.addStateAndNonceParameters(OidcRedirectionActionBuilder.java:115)
at org.pac4j.oidc.redirect.OidcRedirectionActionBuilder.getRedirectionAction(OidcRedirectionActionBuilder.java:58)
at org.pac4j.core.client.IndirectClient.getRedirectionAction(IndirectClient.java:136)
at org.pac4j.core.engine.DefaultSecurityLogic.redirectToIdentityProvider(DefaultSecurityLogic.java:240)
at org.pac4j.core.engine.DefaultSecurityLogic.perform(DefaultSecurityLogic.java:160)
at com.ebremer.server.MyCustomSecurityFilter.internalFilter(MyCustomSecurityFilter.java:79)
I added trustallcertificates and trustallhostnames when the system started, but still had no effect.
Correct answer
You need to create a truststore with a self-signed certificate and assign it to the JVM: https://docs.oracle.com/cd /E29585_01/PlatformServices.61x/security/src/csec_ssl_jsp_start_server.html
The above is the detailed content of Pac4J has issues encrypting with self-signed certificate. For more information, please follow other related articles on the PHP Chinese website!
Related articles
See more- How to migrate from embedded jetty 10 to jetty 12 ee8?
- How to implement CORS in Reactor Netty?
- Why does opening a generated index.html javadoc file in Eclipse cause one of the html-like files to open?
- How to create beans in .txt?
- Should I create an update function for each property, or should I allow partial updates?