[mitreid-connect] OpenID Connect PKI implementation question
Justin Richer
jricher at mitre.org
Thu Apr 24 10:33:02 EDT 2014
This is likely a simple problem: your client code (ie, the Tomcat server
running simple-web-app) needs to be told to trust the certificate used
by the server (ie, the Tomcat server running
openid-connect-server-webapp). You're probably running a self-signed
cert or something, I'm assuming? You need to either get a cert signed by
a trusted authority or inject your server's certificate into Tomcat's
trust store for Simple Web App to find it. Getting certs into the trust
store is kind of a pain to do, but there's information on the web on how
to do that.
Also, for test instances (I'm assuming that's what this is at the
moment), note that you can always skip TLS. The requirement in the spec
is for "real" systems where you actually care about the security.
-- Justin
On 04/21/2014 06:05 PM, Kyle Walker wrote:
> Hello,
> I am currently working on implementing the use of PKI browser certs into the OpenID-Connect-Java-Spring-Server and simple-web-app.
>
> I have successfully implemented the PKI aspect into the OpenID-Connect-Java-Spring-Server but I am having problems getting PKI authenticated users to authenticate on the simple-web-app side. What would be the correct process to make the simple-web-app speak SSL because when I attempt to make a log in submission to the server I get a “javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated”?
>
> Per OpenID spec 3.1.2 and 3.1.3 both authorization and token endpoint must utilize TLS.
>
> Thanks,
> Kyle Walker
> _______________________________________________
> mitreid-connect mailing list
> mitreid-connect at mit.edu
> http://mailman.mit.edu/mailman/listinfo/mitreid-connect
More information about the mitreid-connect
mailing list