I have an OpenAM installation configured for OpenID Connect using a HTTPS connector with a self-signed certificate.
In OpenIG, I set an OAuth2ClientFilter configured to use 2 providers:
- The local OpenAM, using the https endpoint
- The well known https endpoint for Google accounts
The configuration fails to load with different setup:
- if no trust manager is configured: fail to load OpenAM configuration with a PeerUnverifiedException (but works for google accounts since it's certificate is approved by the trusted certificate authorities)
- if a trust manager (using the local keystore) is configured: fail to load Google account with a PeerUnverifiedException (because we only trust the local certificate of my AM instance)