The error below comes up when we stage our Bluemix Liberty app, about 1 in every 10 times. If you try and authenticate, after redirection from the OpenID provider you get a popup asking you for a username and password, which seems to have no effect. Restarting the app fixes it.
CWWKS1707E: The OpenID Connect client [NTBhZGQ4MWMtN2Y5Ni00] was unable to create an SSL context due to [CWWKS1707E: The OpenID Connect client [NTBhZGQ4MWMtN2Y5Ni00] was unable to create an SSL context due to [Null ssl conext]. Ensure that your SSL feature is properly configured.]. Ensure that your SSL feature is properly configured.
This may be related to injecting the OpenID Client configuration from a user-provided service in our server.xml:
<openidConnectClient
httpsRequired="true" id="blueid" includeIdTokenInSubject="true"
authorizationEndpointUrl="https://${cloud.services.${env.openidservice}.connection.domain}/idaas/oidc/endpoint/default/authorize"
tokenEndpointUrl="https://${cloud.services.${env.openidservice}.connection.domain}/idaas/oidc/endpoint/default/token"
issuerIdentifier="https://${cloud.services.${env.openidservice}.connection.domain}"
clientId="${cloud.services.${env.openidservice}.connection.clientid}"
clientSecret="${cloud.services.${env.openidservice}.connection.clientsecret}"
mapIdentityToRegistryUser="false" scope="openid" signatureAlgorithm="RS256"
trustAliasName="${cloud.services.${env.openidservice}.connection.certificate}"
trustStoreRef="validationKeyStore"
userIdentityToCreateSubject="uniqueSecurityName">
</openidConnectClient>
The injection must be working because the clientId mentioned in the error message is correct. Not sure why the SSL context would be null. I have tried with and without an SSL element in the server.xml, but the problem still occurs.
Does anyone know what the cause might be?
