Turn hostname verification off when disabling SSL certificate validation

VonDerBeck · Apr 30, 2019 · 1d71ad1 · 1d71ad1
1 parent 49f7d44
commit 1d71ad1
Show file tree

Hide file tree

Showing 3 changed files with 7 additions and 4 deletions.
diff --git a/README.md b/README.md
@@ -20,7 +20,7 @@ Features:
 *   Broad support for user and group queries
 *   Compatible with Spring Boot OAuth2 SSO
 
-Current version: `0.6.0-SNAPSHOT`<br >
+Current version: `0.6.1-SNAPSHOT`<br >
 Tested with: Keycloak `4.8.3.Final`, Camunda `7.10.0` and Camunda `7.10.3-ee`
 
 Known limitations:
@@ -51,7 +51,7 @@ Maven Dependencies:
 		<dependency>
 			<groupId>de.vonderbeck.bpm.identity</groupId>
 			<artifactId>camunda-identity-keycloak</artifactId>
-			<version>0.6.0-SNAPSHOT</version>
+			<version>0.6.1-SNAPSHOT</version>
 		</dependency>
 
 

diff --git a/pom.xml b/pom.xml
@@ -5,7 +5,7 @@
 
 	<groupId>de.vonderbeck.bpm.identity</groupId>
 	<artifactId>camunda-identity-keycloak</artifactId>
-	<version>0.6.0-SNAPSHOT</version>
+	<version>0.6.1-SNAPSHOT</version>
 
 	<packaging>jar</packaging>
 	<name>camunda BPM - engine plugins - identity - keycloak</name>

diff --git a/src/main/java/de/vonderbeck/bpm/identity/keycloak/KeycloakIdentityProviderFactory.java b/src/main/java/de/vonderbeck/bpm/identity/keycloak/KeycloakIdentityProviderFactory.java
@@ -3,11 +3,13 @@
 import java.security.GeneralSecurityException;
 import java.security.cert.X509Certificate;
 
+import javax.net.ssl.HostnameVerifier;
 import javax.net.ssl.SSLContext;
 
 import org.apache.http.config.Registry;
 import org.apache.http.config.RegistryBuilder;
 import org.apache.http.conn.socket.ConnectionSocketFactory;
+import org.apache.http.conn.ssl.NoopHostnameVerifier;
 import org.apache.http.conn.ssl.SSLConnectionSocketFactory;
 import org.apache.http.impl.client.HttpClientBuilder;
 import org.apache.http.impl.client.LaxRedirectStrategy;
@@ -48,8 +50,9 @@ public KeycloakIdentityProviderFactory(KeycloakConfiguration keycloakConfigurati
 				SSLContext sslContext = org.apache.http.ssl.SSLContexts.custom()
 				        .loadTrustMaterial(null, acceptingTrustStrategy)
 				        .build();
+				HostnameVerifier allowAllHosts = new NoopHostnameVerifier();
 				Registry<ConnectionSocketFactory> socketFactoryRegistry = RegistryBuilder
-				        .<ConnectionSocketFactory> create().register("https", new SSLConnectionSocketFactory(sslContext))
+				        .<ConnectionSocketFactory> create().register("https", new SSLConnectionSocketFactory(sslContext, allowAllHosts))
 				        .build();
 				final PoolingHttpClientConnectionManager connectionManager = new PoolingHttpClientConnectionManager(socketFactoryRegistry);
 				connectionManager.setMaxTotal(keycloakConfiguration.getMaxHttpConnections());