Beta: WebSphere Liberty and tools (September 2016)

September Beta of Liberty introduced a very nifty use case to allow signed JSON Web Token for authentication. This is how I configured openidConnectClient element in server.xml

<openidConnectClient id="authRP"
  clientId="authrp"
  inboundPropagation="required"
  issuerIdentifier="https://localhost:9600/oidc/endpoint/OP"
  signatureAlgorithm="RS256"
  trustAliasName="signingcert"
  trustStoreRef="defaultTrustStore"
  >

And yet, a GET call without JWT in the request parameter isn't blocked from invoking my application servlet. What am I missing in the configuration? Thanks for all the help.

Solution

The application servlet itself must be J2EE security role protected, i.e., it must have authorization constraint in web.xml.

Can authorize endpoint return login page? OpenID Connect
Google Firebase: How do I "work around" an invalid "issuer" value in my client's OIDC discovery document?
Redirect Loop Issue with OpenID Authentication in Spring Boot 3.3
ASP.NET Core: OpenIDConnect: Keycloak: Logout: not redirecting to keycloak login page
Entra SSO returning a 302/502 in a .NET Core site
Do I need IDistributedCache when using Open ID Connect for single sign-on?
OIDC login flow breaks in react strict mode for react-admin v5
Spring boot 3 access to /.well-known/openid-configuration from docker times out
ASP.NET Core 3.1 Use both OpenIDConnect and Custom Cookie Authentication
How to customize the well-known endpoint in Spring Authorization Server?
Why is my Blazor Web App throwing a SocketException when authenticating with OpenIddict when deployed to Azure App Service?
Blazor WASM OIDC authentication with Google fail
Pinniped cli not working on windows from CMD and Powershell
Failed to make identity provider oauth callback: javax.net.ssl.SSLHandshakeException:
Access user info from SecurityIdentity using quarkus-oidc
Verifying JWT signed with the RS256 algorithm using public key in C#
How to map a user attribute to a standard OIDC claim in keycloak
Sign In with LinkedIn using OpenID Connect with Firebase Auth or GCP Identity Platform
Proper design for th Keycloak auth with APIs and UI
Assume role in different account using an assumed role with web identity
The required field 'nonce' is missing from the credential. Ensure that you have all the necessary parameters for the login request. [Azure Open ID]
Invalid_client using OpenIdConnect in client application
Custom Claims in a Multitenant Microsoft Entra App
I/O error on GET request for "https://localhost/application/o/{name}/.well-known/openid-configuration": Connection refused
Add Github Identity Provider to AWS Cognito
unsupported_grant_type error for authorization_code grant type: Spring Security OAuth2
OWIN middleware for OpenID Connect - Code flow ( Flow type - AuthorizationCode) documentation?
Keycloak with AzureAD how to change the IDP user ID / IDP Links
How to use the Spring OAuth2 client to retrieve an access token only?
why offline_access scope is needed to request refresh token in IdentityServer (OAuth2)?