Use OpenID Connect Gluu authentication provider to secure Spring Boot Web App client

Question

I have followed this guide http://spring.io/guides/tutorials/spring-boot-oauth2 and can get it to work with Facebook and Github but I want to use GLuu as my in house authentication provider to do OpenID Connect with my spring boot web app. I have Gluu configured to return two response types both Authorization Code Grant Type and ID Token and I have the authentication method set to client_secret_basic. I'm not sure what additional configuration I have to do on the spring client web app side but I would think based on the guide I could do a minimal configuration and just set

security.oauth2.client.client-id=

security.oauth2.client.client-secret=

security.oauth2.client.access-token-uri=https://mygluuServer/oxauth/seam/resource/restv1/oxauth/token

security.oauth2.client.user-authorization-uri=https://mygluuServer/oxauth/seam/resource/restv1/oxauth/authorize

security.oauth2.resource.user-info-uri=https://mygluuServer/oxauth/seam/resource/restv1/oxauth/userinfo

security.oauth2.client.scope=openid

When I navigate to my spring boot web app i get redirected to gluu for authentication but after I authenticate it doesn't prompt me to approve the sharing of my openid info it just redirects me back to the spring boot app and give me the error.. Authentication Failed: Could not obtain access token

Has anyone had any success using Gluu to secure a spring boot web app using OpenID Connect?

Answer 1

Ok I finally figured out what my problem was. For some reason the BadCredentialsException was masking the real error which was that Java didn't want to talk to Gluu over a secure connection to the token endpoint because java didn't trust the Gluu certificate. With Gluu in client_secret_post authentication mode and my spring boot client using the properties

security.oauth2.client.authentication-scheme=form

security.oauth2.client.client-authentication-scheme=form

everything works great now that I have imported the Gluu certificate into my jvm's cacerts java keystore. I'd like to just import it into a truststore and point to it with my application.properties but am currently having issues with that.