I'm running a Spring Boot 3.2.1 with an embedded Keycloak server
<dependency>
<groupId>org.pac4j</groupId>
<artifactId>jakartaee-pac4j</artifactId>
<version>8.0.0</version>
</dependency>
<dependency>
<groupId>org.pac4j</groupId>
<artifactId>pac4j-oidc</artifactId>
<version>6.0.1</version>
</dependency>
Everything works fine with no encryption and PAC4J is able to handle things nicely. When I introduce SSL using a SSL Bundle, the web application works fine (HTTPS) and interaction with the embedded Keycloak server also works fine including this call: https://localhost:8888/auth/realms/master/.well-known/openid-configuration when made from a web browser on the same machine. However, when going through the authentication process Pac4J appears to throw the following error:
org.pac4j.core.exception.TechnicalException: Error getting URL resource
at org.pac4j.core.resource.SpringResourceHelper.getResourceInputStream(SpringResourceHelper.java:74)
at org.pac4j.oidc.metadata.OidcOpMetadataResolver.retrieveMetadata(OidcOpMetadataResolver.java:89)
at org.pac4j.oidc.metadata.OidcOpMetadataResolver.internalLoad(OidcOpMetadataResolver.java:76)
at org.pac4j.core.resource.SpringResourceLoader.load(SpringResourceLoader.java:50)
at org.pac4j.oidc.config.OidcConfiguration.findPkceMethod(OidcConfiguration.java:285)
at org.pac4j.oidc.redirect.OidcRedirectionActionBuilder.addStateAndNonceParameters(OidcRedirectionActionBuilder.java:115)
at org.pac4j.oidc.redirect.OidcRedirectionActionBuilder.getRedirectionAction(OidcRedirectionActionBuilder.java:58)
at org.pac4j.core.client.IndirectClient.getRedirectionAction(IndirectClient.java:136)
at org.pac4j.core.engine.DefaultSecurityLogic.redirectToIdentityProvider(DefaultSecurityLogic.java:240)
at org.pac4j.core.engine.DefaultSecurityLogic.perform(DefaultSecurityLogic.java:160)
at com.ebremer.server.MyCustomSecurityFilter.internalFilter(MyCustomSecurityFilter.java:79)
I added a trustAllCertificates and TrustAllHostnames at the system startup, but still to no avail.
You need to create a truststore with the self-signed certificate and assign it to the JVM: https://docs.oracle.com/cd/E29585_01/PlatformServices.61x/security/src/csec_ssl_jsp_start_server.html