I am using Nimbus-JOSE-JWT library library (version 4.39). Using this library, I am trying to do local JWT token validation which pulls down JWK set from the OAuth authorization server.

My code works perfectly fine when I run it within a JSE application, however, when I run the exact same code (as part of a JEE application) within WebLogic 12.1.3, it fails to run with the following exception:

com.nimbusds.jose.RemoteKeySourceException: Couldn't retrieve remote JWK set: Hostname verification failed: HostnameVerifier=weblogic.security.utils.SSLWLSHostnameVerifier, hostname=corpZ.oktapreview.com.
    at com.nimbusds.jose.jwk.source.RemoteJWKSet.updateJWKSetFromURL(RemoteJWKSet.java:141)
    at com.nimbusds.jose.jwk.source.RemoteJWKSet.get(RemoteJWKSet.java:219)
    at com.nimbusds.jose.proc.JWSVerificationKeySelector.selectJWSKeys(JWSVerificationKeySelector.java:129)
    at com.nimbusds.jwt.proc.DefaultJWTProcessor.process(DefaultJWTProcessor.java:323)
    at com.nimbusds.jwt.proc.DefaultJWTProcessor.process(DefaultJWTProcessor.java:284)
    at com.nimbusds.jwt.proc.DefaultJWTProcessor.process(DefaultJWTProcessor.java:275)
    at org.corpZ.sec.okta.OktaClient.getAccessTokenInfoLocally(Unknown Source)
    at org.corpZ.sec.okta.OktaClient.validateAccessTokenLocally(Unknown Source)
    at org.corpZ.sec.okta.TokenValidator.isTokenValid(Unknown Source)
    at org.corpZ.eis.ws.interceptor.WSInterceptor.handleRequest(WSInterceptor.java:126)
    at org.springframework.ws.server.endpoint.interceptor.DelegatingSmartEndpointInterceptor.handleRequest(DelegatingSmartEndpointInterceptor.java:78)
    at org.springframework.ws.server.MessageDispatcher.dispatch(MessageDispatcher.java:224)
    at org.springframework.ws.server.MessageDispatcher.receive(MessageDispatcher.java:173)
    at org.springframework.ws.transport.support.WebServiceMessageReceiverObjectSupport.handleConnection(WebServiceMessageReceiverObjectSupport.java:88)
    at org.springframework.ws.transport.http.WebServiceMessageReceiverHandlerAdapter.handle(WebServiceMessageReceiverHandlerAdapter.java:59)
    at org.springframework.ws.transport.http.MessageDispatcherServlet.doService(MessageDispatcherServlet.java:292)
    at org.springframework.web.servlet.FrameworkServlet.processRequest(FrameworkServlet.java:970)
    at org.springframework.web.servlet.FrameworkServlet.doPost(FrameworkServlet.java:872)
    at javax.servlet.http.HttpServlet.service(HttpServ

Below is the Maven dependency that I have in my code:

<dependency>
  <groupId>com.nimbusds</groupId>
  <artifactId>nimbus-jose-jwt</artifactId>
  <version>4.39</version>
</dependency>

Any help will be much appreciated.

Thanks.

Better late than never, this is due to WebLogic server configuration. You have to enter into SSL properties tab, and change the "Hostname Verification" to "none".