Id token encryption problem with OpenID Connect identity providerId token encryption problem with OpenID Connect identity providerhttps://liferay.dev/c/message_boards/find_thread?p_l_id=119785294&threadId=1115507912026-04-06T16:41:36Z2026-04-06T16:41:36ZRE: Id token encryption problem with OpenID Connect identity providerTomáš Polešovskýhttps://liferay.dev/c/message_boards/find_message?p_l_id=119785294&messageId=1183812082020-01-30T11:44:38Z2020-01-30T11:44:38ZI believe JWE is not supported on Liferay side yet. Only JWS.Tomáš Polešovský2020-01-30T11:44:38ZRE: Id token encryption problem with OpenID Connect identity providerJack Bakkerhttps://liferay.dev/c/message_boards/find_message?p_l_id=119785294&messageId=1183399542020-01-25T13:21:24Z2020-01-25T13:21:24ZI am also seeing this issue when trying to configure Liferay v7.2.1 as OIDC client to Apereo CAS v6.1 as OIDC provider. "Unable to instantiate token validator: Missing required ID token JWE encryption method for RSA1_5". In Apereo CAS, there is a service config for "encryptIdToken": false, but this doesn't make a difference to Liferay. Jack Bakker2020-01-25T13:21:24ZRE: Id token encryption problem with OpenID Connect identity providerDavid Bougearelhttps://liferay.dev/c/message_boards/find_message?p_l_id=119785294&messageId=1117864512018-12-12T14:37:02Z2018-12-12T14:37:02Z<p>Hi Teddy,</p>
<p> </p>
<p>The message given came from the nimbusds library where the
OIDCClientInformation given by liferay do not provide the
IDTokenJWEEnc expected.</p>
<p>In order to be able to make it working, you need to address two
points : override the OpenIdConnectMetadataFactory to add the
IDTokenJWEEnc when the OIDCClientMetadata is build and second point,
you need to override the OpenIDConnect configuration to be able to add
this new parameter from the UI.</p>
<p> </p>
<p>Best regards,</p>
<p>David.</p>David Bougearel2018-12-12T14:37:02ZRE: Id token encryption problem with OpenID Connect identity providerTeddy Kossokohttps://liferay.dev/c/message_boards/find_message?p_l_id=119785294&messageId=1116527362018-11-23T13:49:28Z2018-11-23T13:49:28ZPlease, could you help me ?Teddy Kossoko2018-11-23T13:49:28ZId token encryption problem with OpenID Connect identity providerTeddy Kossokohttps://liferay.dev/c/message_boards/find_message?p_l_id=119785294&messageId=1115507902018-11-14T16:04:38Z2018-11-14T16:04:38Z<p>Hello,</p>
<p>I'm trying to use Gluu as a OpenID Connect identity provider for
Liferay. I ran into the following error: "Caused by:
com.nimbusds.oauth2.sdk.GeneralException: Missing required ID token
JWE encryption method for RSA1_5". It leads me to believe that
Liferay is expecting the id token to be encrypted although it's not
required by the OpenID Connect standard. I tried different encryption
algorithms settings inside of Gluu. But it seems like I need a Liferay
plublic encryption key (JWKS) or the URI where those keys can be
accessed (JWKS URI) because without it I'm getting another error
"NullPointerException: null".</p>
<p>Thanks for the help.</p>Teddy Kossoko2018-11-14T16:04:38Z