<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
</head>
<body>
<p dir="ltr">Thanks for the reply!</p>
<p dir="ltr">May be it is possible to configure RP to not check the certificate during the SSL connection ( do not verify HTTP connection certificate).</p>
<p dir="ltr">I definitely want to check the token signature but I do not need to check the local HTTPS connection.</p>
<p dir="ltr">Best regards,<br>
Michael</p>
<div class="gmail_extra"><br>
<div class="gmail_quote">On Sep 10, 2016 3:40 PM, Justin Richer <jricher@mit.edu> wrote:<br type="attribution">
<blockquote class="quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div>
<p>This isn't possible in our codebase. <br>
</p>
<p><br>
</p>
<p> -- Justin<br>
</p>
<br>
<div>On 9/10/2016 3:44 AM, Michael Furman wrote:<br>
</div>
<blockquote>
<div style="font-size:12pt;color:#000000;background-color:#ffffff;font-family:'calibri' , 'arial' , 'helvetica' , sans-serif">
<pre>Hi all,</pre>
<pre>I want to deploy IDP and RP on the same server in the production. </pre>
<pre>Therefore I want RP will access to IDP endpoints via HTTP.</pre>
<pre>It mean the front channel will be via HTTPS and back channel with HTTP.</pre>
<pre>How it is possible?</pre>
<p> </p>
<p>I have configured the HTTPS issuer on the IDP site:</p>
<p><br>
</p>
<p><i><property name="issuer" value="<a href=" ">https://</a><...>/openid-connect-server-webapp/" /></i></p>
<p><br>
</p>
<p>I have configured the following on RP:</p>
<p><br>
</p>
<p><i><bean class="org.mitre.openid.connect.client.service.impl.StaticServerConfigurationService"></i></p>
<p><i><property name="servers"></i></p>
<p><i><map></i></p>
<p><i><entry key="<a href=" ">https://</a><...>/openid-connect-server-webapp/"></i></p>
<p><i> <bean class="org.mitre.openid.connect.config.ServerConfiguration"></i></p>
<p><i> <property name="issuer" value="<a href=" ">https://</a><...>/openid-connect-server-webapp/" /></i></p>
<p><i> <property name="authorizationEndpointUri" value="<a href=" ">http://</a><...>:8088/openid-connect-server-webapp/authorize" /></i></p>
<p><i> <property name="tokenEndpointUri" value="<a href=" ">http://</a><...>:8088/openid-connect-server-webapp/token" /></i></p>
<p><i> <property name="userInfoUri" value="<a href=" ">http://</a><...>:8088/openid-connect-server-webapp/userinfo" /></i></p>
<p><i> <property name="jwksUri" value="<a href=" ">http://</a><...>:8088/openid-connect-server-webapp/jwk" /></i></p>
<p><i> </bean></i></p>
<p><i></entry></i></p>
<p><i></map></i></p>
<p><i></property></i></p>
<p><i></bean></i></p>
<p>Somehow the RP switch to use HTTPS:</p>
<p><br>
</p>
<p><i>WARN : org.mitre.openid.connect.client.service.impl.WebfingerIssuerService - Returning normalized input string as issuer, hoping for the best:
<a href=" ">https://</a><...>/openid-connect-server-webapp/</i></p>
<p><i>WARN : org.mitre.openid.connect.client.service.impl.DynamicServerConfigurationService - Couldn't load configuration for
<a href=" ">https://</a><...>/openid-connect-server-webapp/: </i></p>
<p><br>
</p>
<p>Thank you in advance for your help.</p>
<p>Best regards,</p>
<pre> Michael</pre>
<pre> </pre>
<br>
</div>
<br>
<fieldset></fieldset> <br>
<pre>_______________________________________________
mitreid-connect mailing list
<a href="mailto:mitreid-connect@mit.edu">mitreid-connect@mit.edu</a>
<a href="http://mailman.mit.edu/mailman/listinfo/mitreid-connect">http://mailman.mit.edu/mailman/listinfo/mitreid-connect</a>
</pre>
</blockquote>
<br>
</div>
</blockquote>
</div>
<br>
</div>
</body>
</html>