[mitreid-connect] I seem to have a problem with an empty keystore

Justin Richer jricher at mit.edu
Mon Dec 12 17:48:37 EST 2016 

Yes, the server will still issue a JWT formatted token for client credentials clients. The “claims” here are the claims inside the JWT, not the “claims” of user information or authentication event information in an OpenID Connect transaction. (Since you’re doing client credentials, you’re not using OpenID Connect functionality anyway, you’re doing plain OAuth, so none of that comes into play.) All of those claims should already be set in when the token is created.

If your keystore is empty, though, the server won’t be able to sign *any* tokens. Which means it won’t be able to issue any tokens. Is that the case? If so, why is your keystore empty?

 — Justin


> On Dec 12, 2016, at 5:40 PM, William Hadden1 <WilHadden at uk.ibm.com> wrote:
> 
> Hi,
>  
> I have been writing my own overlay and at this point I can call the API and create clients. However when I try to create a client_credentials token I get a null pointer. Now bear in mind I have been changing the spring config files, so that would be a prime candidate for where I have done something wrong.
>  
> The NP ultimately is:
> 2016-12-12 20:58:39 DEBUG DispatcherServlet:988 - Could not complete request
> java.lang.NullPointerException
>         at com.nimbusds.jose.JWSObject.ensureJWSSignerSupport(JWSObject.java:268)
>         at com.nimbusds.jose.JWSObject.sign(JWSObject.java:291)
>         at org.mitre.jwt.signer.service.impl.DefaultJWTSigningAndValidationService.signJwt(DefaultJWTSigningAndValidationService.java:225)
>         at org.mitre.openid.connect.token.ConnectTokenEnhancer.enhance(ConnectTokenEnhancer.java:114)
>  
> This seems to come down to this line not creating a proper object
>  
> SignedJWT signed = new SignedJWT(header, claims);
>  
> My question is, for client_credentials, should the code be trying to create / use a JWT? If so then is it likely that my claims are wrong, as in I have setup my client to use it's own scope but do I also have to setup a claim to go along with it?
>  
> Thanks for any help
> Wil
>  
>  
>  
> Unless stated otherwise above:
> IBM United Kingdom Limited - Registered in England and Wales with number 741598. 
> Registered office: PO Box 41, North Harbour, Portsmouth, Hampshire PO6 3AU
> 
> _______________________________________________
> mitreid-connect mailing list
> mitreid-connect at mit.edu
> http://mailman.mit.edu/mailman/listinfo/mitreid-connect

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.mit.edu/pipermail/mitreid-connect/attachments/20161212/33eaac68/attachment-0001.html

More information about the mitreid-connect mailing list