Uploaded image for project: 'PUBLIC - Liferay Portal Community Edition'
  1. PUBLIC - Liferay Portal Community Edition
  2. LPS-132369

Cannot login using OpenID Connect: Timeout error

    Details

      Description

      Description

      In some cases, users are having problems with the integration with OpenID Connect, and they are unable to log in.

      The Liferay log returns the following error:

      ERROR [http-nio-8080-exec-16][OpenIdConnectFilter:132] Unable to process OpenID Connect authentication response: Unable to validate tokens: Couldn't retrieve remote JWK set: Read timed out
      com.liferay.portal.security.sso.openid.connect.OpenIdConnectServiceException$TokenException: Unable to validate tokens: Couldn't retrieve remote JWK set: Read timed out.

      The timeout value is not enough depending on several factors in the environment. It is necessary to review the OpenID infrastructure and service so that it responds in time.

      This timeout value is not configurable by Liferay but explicitly coded in the third-party library that Liferay uses:

      https://bitbucket.org/connect2id/nimbus-jose-jwt/commits/758583fb4fef2598b716282147f5d257f7d4d552

      The default library timeout until Liferay DXP 7.2 fix pack dxp-3 is 250ms. The default library timeout since Liferay DXP 7.2 fix pack dxp-4 is 500ms.

      Use Case:

      The customer would like to be able to set/configure the default timeout value to whatever they want instead of having it capped at 500ms. 

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              tibor.lipusz Tibor Lipusz
              Reporter:
              ryan.snuggs Ryan Snuggs
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved:

                  Packages

                  Version Package
                  7.2.X
                  7.3.10 DXP FP1
                  7.4.1 CE GA2 DXP 7,4
                  7.4.13 DXP GA1
                  Master