Couldn't retrieve remote JWK set: connect timed out

Comments (8)

1. 

   Vladimir Dzhuvinov

   Looking at the error message, the remote JWK set URL could be invalid, or there might be some other HTTP or networking issue when trying to download the OpenID provider keys in order to validate the ID token.

   There could also be an issue with the server TLS certificate not being trusted by the JVM.

   • 2017-10-03T19:57:07+00:00
2. 

   ayyabas05

   thank you for reply .JWT set URL is valid. Do i need to add any additional configuration in web logic server .

   • 2017-10-05T09:39:42+00:00
3. 

   ayyabas05

   The following line is not setting properly. when i debug the code it is always showing connection time out and read time out as 0 .Can you please assist me how to resolve this issue.

   com.nimbusds.jose.util.DefaultResourceRetriever

   94 . con.setConnectTimeout(getConnectTimeout());
   95 . con.setReadTimeout(getReadTimeout());
   

   • 2017-10-05T13:12:16+00:00
4. 

   Vladimir Dzhuvinov

   Zero values means that the timeout is left to the underlying networking layer / OS.

   Could you past the entire stack trace? (not just the top line)

   • 2017-10-05T19:35:20+00:00
5. 

   Connect2id OSS

   • changed status to invalid

   Marking as invalid - error reportedly a HTTP timeout

   • 2017-12-11T13:02:07+00:00
6. 

   sumankpattnaik

   I used jwks url to get the public key following way and then verify with jwt token. Hope this helps!! ////////////////////////////

   public PublicKey getPublicKeyFromJWKSet(URL jwksURL, String keyId) throws Exception{ PublicKey publicKey = null; JSONObject jwkSet = JWKSet.load(jwksURL).toJSONObject() JSONArray keyset = (JSONArray) jwkSet.get("keys"); JSONObject jwKey = null; for(Object obj : keyset){ jwKey = (JSONObject)obj; if(jwKey.get("kid").equals(keyId)){ break; }//EndIf jwKey = null; }//EndFor

       if(jwKey !=null){
           org.apache.commons.codec.binary.Base64 base64Decoder = new org.apache.commons.codec.binary.Base64(true);
   
           BigInteger modulus = new BigInteger(1, base64Decoder.decode((String)jwKey.get("n")));
           BigInteger exponent = new BigInteger(1, base64Decoder.decode((String)jwKey.get("e")));
           publicKey = KeyFactory.getInstance("RSA").generatePublic(new RSAPublicKeySpec(modulus, exponent));
       }//EndIf
       return publicKey;
   

   }//EndMethod

   public boolean verifyJWTByJWKS(String jwtToken, String jwksURL) throws Exception {

   SignedJWT signedJWT =  SignedJWT.parse(jwtToken);
   if(signedJWT!=null) {
       WSVerifier verifier = new RSASSAVerifier(
                   (RSAPublicKey) getPublicKeyFromJWKSet(new URL(jwkUri),signedJWT.getHeader().getKeyID()));
     if(verifier!=null && signedJWT.verify(verifier)) 
          return true;
   
   }
   

   return false }

   • 2018-07-09T14:13:20+00:00
7. 

   Marius Oancea

   Is there wa way to increase the timeout?

   I see that RemoteJWKSet expects has a read timout of 500ms. Is there a way to change it when using oauth-2.0-sdk?

   ‌

   ‌

   ‌

   • 2022-05-18T14:56:14+00:00
8. 

   Vladimir Dzhuvinov

   Always check out the class JavaDocs , they have all the info:

   https://www.javadoc.io/doc/com.nimbusds/nimbus-jose-jwt/latest/com/nimbusds/jose/jwk/source/RemoteJWKSet.html

   • 2022-05-18T15:24:32+00:00
9. Log in to comment