Submit Feedback
Legacy Knowledge Base
Published Jul. 2, 2025

Cannot login using OpenID Connect: Timeout error

Written By

Rafael Regner

How To articles are not official guidelines or officially supporteddocumentation. They are community-contributed content and may not alwaysreflect the latest updates to Liferay DXP. We welcome your feedback toimprove How to articles!

While we make every effort to ensure this Knowledge Base is accurate, itmay not always reflect the most recent updates or official guidelines.We appreciate your understanding and encourage you to reach out with anyfeedback or concerns.

Legacy Article

You are viewing an article from our legacy "FastTrack"publication program, made available for informational purposes. Articlesin this program were published without a requirement for independentediting or verification and are provided "as is" withoutguarantee.

Before using any information from this article, independently verify itssuitability for your situation and project.

Issue

  • In some cases, users are having problems with the integration with OpenID Connect, and they are unable to log in.
  • The Liferay log returns the following error:
ERROR [http-nio-8080-exec-16][OpenIdConnectFilter:132] Unable to process OpenID Connect authentication response: Unable to validate tokens: Couldn't retrieve remote JWK set: Read timed out
com.liferay.portal.security.sso.openid.connect.OpenIdConnectServiceException$TokenException: Unable to validate tokens: Couldn't retrieve remote JWK set: Read timed out.


Environment

  • Liferay DXP 7.1
  • Liferay DXP 7.2

Resolution

  • The timeout value is not enough depending on several factors in the environment. It is necessary to review the OpenID infrastructure and service so that it responds in time.
  • This timeout value is not configurable by Liferay at the moment, but explicitly coded in the third party library that Liferay uses.

Additional Information

  • The default library timeout until Liferay DXP 7.2 fix pack dxp-3 is 250ms. The default library timeout since Liferay DXP 7.2 fix pack dxp-4 is 500ms.
  • This is the commit that changed the default value of the Nimbus-JOSE-JWT library that Liferay uses to implement OpenID Connect, and it is related to the following LPS-103214.
  • It is possible to deliver a Hotfix for certain DXP 7.x baselines, to increase the timeout from 250ms to 500ms.
  • LPS-127509 - Default timeout to validate OpenIdConnect token may not be long enough adds the ability to set this value in the UI.
Did this article resolve your issue ?
Legacy Knowledge Base
Did this article resolve your issue ?