azuresslhttpsspring-samlconnection-reset

httpClient throws Connection reset while invoking https connection from azure reverse proxy

Actually I'am having saml application that's configured to be redirect to keycloak when first I configured the application with HTTP URLs(httpClient 3.1,jdk1.8) I didn't receive any problem but when using the reverse proxy (WAF azure application gateway reverse proxy) for HTTPS connection an exception is appeared


 **Caused by**: org.opensaml.saml2.metadata.provider.MetadataProviderException: Error retrieving metadata from https://example.com/auth/realms/realmName/protocol/saml/descriptor
        at org.opensaml.saml2.metadata.provider.HTTPMetadataProvider.fetchMetadata (HTTPMetadataProvider.java:274)
        at org.opensaml.saml2.metadata.provider.AbstractReloadingMetadataProvider.refresh (AbstractReloadingMetadataProvider.java:255)
        ... 9 more
**Caused by**: java.net.SocketException: Connection reset
  at java.net.SocketInputStream.read(SocketInputStream.java:210)
        at java.net.SocketInputStream.read(SocketInputStream.java:141)
        at sun.security.ssl.InputRecord.readFully(InputRecord.java:465)
        at sun.security.ssl.InputRecord.read(InputRecord.java:503)
        at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:973)
        at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1375)
        at sun.security.ssl.SSLSocketImpl.writeRecord(SSLSocketImpl.java:747)
        at sun.security.ssl.AppOutputStream.write(AppOutputStream.java:123)
        at java.io.BufferedOutputStream.flushBuffer(BufferedOutputStream.java:82)
        at java.io.BufferedOutputStream.flush(BufferedOutputStream.java:140)
        at org.apache.commons.httpclient.HttpConnection.flushRequestOutputStream(HttpConnection.java:828)
        at org.apache.commons.httpclient.HttpMethodBase.writeRequest(HttpMethodBase.java:2116)
        at org.apache.commons.httpclient.HttpMethodBase.execute(HttpMethodBase.java:1096)
        at org.apache.commons.httpclient.HttpMethodDirector.executeWithRetry(HttpMethodDirector.java:398)
        at org.apache.commons.httpclient.HttpMethodDirector.executeMethod(HttpMethodDirector.java:171)
        at org.apache.commons.httpclient.HttpClient.executeMethod(HttpClient.java:397)
        at org.apache.commons.httpclient.HttpClient.executeMethod(HttpClient.java:323)
        at org.opensaml.saml2.metadata.provider.HTTPMetadataProvider.fetchMetadata(HTTPMetadataProvider.java:250)

Knowing that I have already added the certificate at the JVM level and the URL I just called (https://example.com/auth/realms/realmName/protocol/saml/descripto)is accessible through the curl command or from the browser

Solution

  • I was able to solve the same problem by upgrading my jdk version