search

microsoft / azure-spring-boot

Spring Boot Starters for Azure services
MIT License
374 stars 460 forks source link

Custom JWKSet Url property is ignored #818

Closed sidyes closed 4 years ago

sidyes commented 4 years ago

Environment

Summary

I want to use the AAD spring boot starter to secure REST calls by validating the provided Bearer Token. I needed to adapt the jwk set uri. Thusi, I added the following to my application.yaml:

security:
    oauth2:
      client:
        provider:
          azure-oauth-provider:
            jwk-set-uri: https://login.microsoftonline.com/<tenant-id>/discovery/v2.0/keys

Unfortunately, I am always getting the following error when sending requests to the server with a authorization header: Couldn't retrieve remote JWK set: connect timed out

I debugged the application and realized that the wrong URL is taken there: In the RemoteJWKSet class from nimbusds jwkSetURL is set to:
https://login.microsoftonline.com/common/discovery/keys/ It seems that my configuration is just ignored here. Do you have a tip for me?

Reproduce steps

Use the azure-active-directory-spring-boot-starter (v. 2.2.2) and try to change the jwk set uri property.

Expected Results

It should use the correct URI.

Actual Results

it uses the default common configuration.

beowulf79 commented 4 years ago

use this azure.service.endpoints.global.aadKeyDiscoveryUri=i=https://login.microsoftonline.com//discovery/keys

sidyes commented 4 years ago

Now it is using the correct jwk set uri but I still receive:
Couldn't retrieve remote JWK set: connect timed out

Any ideas how to fix this?

// Edit: Or is the problem that I am using v2 ? My jwt link is https://login.microsoftonline.com/<tenant id>/discovery/v2.0/keys

beowulf79 commented 4 years ago

The default timeout is really low, increase using these settings azure.activedirectory.jwt-connect-timeout=2000 azure.activedirectory.jwt-read-timeout=2000

sidyes commented 4 years ago

Ok I am getting closer! The error has now changed to AADAppRoleStatelessAuthenticationFilter : Failed to initialize UserPrincipal -> Couldn't retrieve remote JWK set: Connection refused: connect

Any thoughts on that?

sidyes commented 4 years ago

Issue can be closed. The problem was my proxy configuration. Adding System.setProperty("java.net.useSystemProxies", "true"); solved the problem.