Stuck on an issue?
Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.
And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.
RH-SSO/keycloak cannot authenticate to Github due to unable to find valid certification path to requested target
See original GitHub issueI met an issue during APICurio integrating with Github account. The normal local integration between APICurio and RH-SSO is fine.
APICurio(10.72.44.127)
RH-SSO part (10.72.46.162):
IdP part:
The SSO server enabled trace and shows:
2022-02-27 01:50:09,905 INFO [io.undertow.request.dump] (default task-87)
----------------------------REQUEST---------------------------
URI=/auth/realms/apicurio/broker/github/login
characterEncoding=null
contentLength=-1
contentType=null
cookie=AUTH_SESSION_ID=4bdf13b9-8c38-4851-968d-48716569de30.sso
cookie=AUTH_SESSION_ID_LEGACY=4bdf13b9-8c38-4851-968d-48716569de30.sso
cookie=KC_RESTART=eyJhbGciOiJIUzI1NiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICI4YzAyZjcyMC1jNjIzLTRkZDgtYjQ1Ny1jYzE4NmEyNzJlN2YifQ.eyJjaWQiOiJhcGljdXJpby1zdHVkaW8iLCJwdHkiOiJvcGVuaWQtY29ubmVjdCIsInJ1cmkiOiJodHRwOi8vMTAuNzIuNDQuMTI3OjgxODAvc3R1ZGlvLyIsImFjdCI6IkFVVEhFTlRJQ0FURSIsIm5vdGVzIjp7InNjb3BlIjoib3BlbmlkIiwiaXNzIjoiaHR0cHM6Ly8xMC43Mi40Ni4xNjI6ODQ0My9hdXRoL3JlYWxtcy9hcGljdXJpbyIsInJlc3BvbnNlX3R5cGUiOiJjb2RlIiwicmVkaXJlY3RfdXJpIjoiaHR0cDovLzEwLjcyLjQ0LjEyNzo4MTgwL3N0dWRpby8iLCJzdGF0ZSI6IjJkMDJiZDc3LTY2NjctNDVlNS05ZWZiLThjZWZlNTU0ODA0OSIsImNsaWVudF9yZXF1ZXN0X3BhcmFtX2xvZ2luIjoidHJ1ZSJ9fQ.OFWzmw4aM_15Zf1KWTzEcUB2Fi4TytUKXKf5BLnG2_c
header=accept=text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
header=accept-language=en-US,en;q=0.5
header=accept-encoding=gzip, deflate, br
header=sec-fetch-mode=navigate
header=te=trailers
header=user-agent=Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:97.0) Gecko/20100101 Firefox/97.0
header=sec-fetch-user=?1
header=sec-fetch-dest=document
header=sec-fetch-site=same-origin
header=cookie=AUTH_SESSION_ID=4bdf13b9-8c38-4851-968d-48716569de30.sso
header=cookie=AUTH_SESSION_ID_LEGACY=4bdf13b9-8c38-4851-968d-48716569de30.sso
header=cookie=KC_RESTART=eyJhbGciOiJIUzI1NiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICI4YzAyZjcyMC1jNjIzLTRkZDgtYjQ1Ny1jYzE4NmEyNzJlN2YifQ.eyJjaWQiOiJhcGljdXJpby1zdHVkaW8iLCJwdHkiOiJvcGVuaWQtY29ubmVjdCIsInJ1cmkiOiJodHRwOi8vMTAuNzIuNDQuMTI3OjgxODAvc3R1ZGlvLyIsImFjdCI6IkFVVEhFTlRJQ0FURSIsIm5vdGVzIjp7InNjb3BlIjoib3BlbmlkIiwiaXNzIjoiaHR0cHM6Ly8xMC43Mi40Ni4xNjI6ODQ0My9hdXRoL3JlYWxtcy9hcGljdXJpbyIsInJlc3BvbnNlX3R5cGUiOiJjb2RlIiwicmVkaXJlY3RfdXJpIjoiaHR0cDovLzEwLjcyLjQ0LjEyNzo4MTgwL3N0dWRpby8iLCJzdGF0ZSI6IjJkMDJiZDc3LTY2NjctNDVlNS05ZWZiLThjZWZlNTU0ODA0OSIsImNsaWVudF9yZXF1ZXN0X3BhcmFtX2xvZ2luIjoidHJ1ZSJ9fQ.OFWzmw4aM_15Zf1KWTzEcUB2Fi4TytUKXKf5BLnG2_c
header=upgrade-insecure-requests=1
header=Host=10.72.46.162:8443
locale=[en_US, en]
method=GET
parameter=client_id=apicurio-studio
parameter=session_code=AlcEzUS_KAWMi9ciz-sQpS5zGxizKwJTba9d33ERK20
parameter=tab_id=UBfinaUhIHw
protocol=HTTP/2.0
queryString=client_id=apicurio-studio&tab_id=UBfinaUhIHw&session_code=AlcEzUS_KAWMi9ciz-sQpS5zGxizKwJTba9d33ERK20
remoteAddr=ovpn-12-86.pek2.redhat.com/10.72.12.86:59527
remoteHost=ovpn-12-86.pek2.redhat.com
scheme=https
host=10.72.46.162:8443
serverPort=8443
isSecure=true
--------------------------RESPONSE--------------------------
contentLength=0
contentType=null
header=X-XSS-Protection=1; mode=block
header=Strict-Transport-Security=max-age=31536000; includeSubDomains
header=X-Content-Type-Options=nosniff
header=Location=https://github.com/login/oauth/authorize?scope=read%3Aorg%2Crepo%2Cuser%3Aemail&state=wDy8Al9_dBYiFCVf1CnR80vLHmp3zfU3k4BPKvcM-ZU.UBfinaUhIHw.apicurio-studio&response_type=code&client_id=25d58345b3ede8e19058&redirect_uri=https%3A%2F%2F10.72.46.162%3A8443%2Fauth%2Frealms%2Fapicurio%2Fbroker%2Fgithub%2Fendpoint
header=Referrer-Policy=no-referrer
header=Content-Length=0
header=Date=Sat, 26 Feb 2022 17:50:09 GMT
header=:status=303
status=303
==============================================================
2022-02-27 01:50:10,392 DEBUG [org.keycloak.transaction.JtaTransactionWrapper] (default task-87) new JtaTransactionWrapper
2022-02-27 01:50:10,392 DEBUG [org.keycloak.transaction.JtaTransactionWrapper] (default task-87) was existing? false
2022-02-27 01:50:10,393 TRACE [org.keycloak.models.cache.infinispan.RealmCacheSession] (default task-87) realm by name cache hit: apicurio
2022-02-27 01:50:10,393 TRACE [org.keycloak.models.cache.infinispan.RealmCacheSession] (default task-87) by id cache hit: apicurio
2022-02-27 01:50:10,393 DEBUG [org.keycloak.services.resources.SessionCodeChecks] (default task-87) Will use client 'apicurio-studio' in back-to-application link
2022-02-27 01:50:10,393 TRACE [org.keycloak.models.cache.infinispan.RealmCacheSession] (default task-87) client by name cache hit: apicurio-studio
2022-02-27 01:50:10,393 TRACE [org.keycloak.models.cache.infinispan.RealmCacheSession] (default task-87) client by name cache: ClientListQuery{id='apicurio.client.query.by.clientId.apicurio-studio'realmName='apicurio'}
2022-02-27 01:50:10,393 TRACE [org.keycloak.models.cache.infinispan.RealmCacheSession] (default task-87) client by id cache hit: apicurio-studio
2022-02-27 01:50:10,393 DEBUG [org.keycloak.services.util.CookieHelper] (default task-87) AUTH_SESSION_ID cookie found in the requests header
2022-02-27 01:50:10,393 DEBUG [org.keycloak.services.util.CookieHelper] (default task-87) AUTH_SESSION_ID cookie found in the cookies field
2022-02-27 01:50:10,393 DEBUG [org.keycloak.services.managers.AuthenticationSessionManager] (default task-87) Found AUTH_SESSION_ID cookie with value 4bdf13b9-8c38-4851-968d-48716569de30.sso
2022-02-27 01:50:10,394 TRACE [org.keycloak.models.cache.infinispan.RealmCacheSession] (default task-87) client by id cache hit: apicurio-studio
2022-02-27 01:50:10,394 TRACE [org.keycloak.models.cache.infinispan.RealmCacheSession] (default task-87) client by id cache hit: apicurio-studio
2022-02-27 01:50:10,394 TRACE [org.keycloak.models.sessions.infinispan.InfinispanKeycloakTransaction] (default task-87) Adding cache operation: REPLACE on 4bdf13b9-8c38-4851-968d-48716569de30
2022-02-27 01:50:10,394 DEBUG [org.keycloak.services.resources.IdentityBrokerService] (default task-87) Authorization code is valid.
2022-02-27 01:50:10,925 ERROR [org.keycloak.broker.oidc.AbstractOAuth2IdentityProvider] (default task-87) Failed to make identity provider oauth callback: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.ssl.Alert.createSSLException(Alert.java:131)
at sun.security.ssl.TransportContext.fatal(TransportContext.java:324)
at sun.security.ssl.TransportContext.fatal(TransportContext.java:267)
at sun.security.ssl.TransportContext.fatal(TransportContext.java:262)
at sun.security.ssl.CertificateMessage$T12CertificateConsumer.checkServerCerts(CertificateMessage.java:654)
at sun.security.ssl.CertificateMessage$T12CertificateConsumer.onCertificate(CertificateMessage.java:473)
at sun.security.ssl.CertificateMessage$T12CertificateConsumer.consume(CertificateMessage.java:369)
at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:377)
at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:444)
at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:422)
at sun.security.ssl.TransportContext.dispatch(TransportContext.java:182)
at sun.security.ssl.SSLTransport.decode(SSLTransport.java:152)
at sun.security.ssl.SSLSocketImpl.decode(SSLSocketImpl.java:1392)
at sun.security.ssl.SSLSocketImpl.readHandshakeRecord(SSLSocketImpl.java:1300)
at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:435)
at org.apache.http.conn.ssl.SSLConnectionSocketFactory.createLayeredSocket(SSLConnectionSocketFactory.java:436)
at org.apache.http.conn.ssl.SSLConnectionSocketFactory.connectSocket(SSLConnectionSocketFactory.java:384)
at org.apache.http.impl.conn.DefaultHttpClientConnectionOperator.connect(DefaultHttpClientConnectionOperator.java:142)
at org.apache.http.impl.conn.PoolingHttpClientConnectionManager.connect(PoolingHttpClientConnectionManager.java:376)
at org.apache.http.impl.execchain.MainClientExec.establishRoute(MainClientExec.java:393)
at org.apache.http.impl.execchain.MainClientExec.execute(MainClientExec.java:236)
at org.apache.http.impl.execchain.ProtocolExec.execute(ProtocolExec.java:186)
at org.apache.http.impl.execchain.RetryExec.execute(RetryExec.java:89)
at org.apache.http.impl.execchain.RedirectExec.execute(RedirectExec.java:110)
at org.apache.http.impl.client.InternalHttpClient.doExecute(InternalHttpClient.java:185)
at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:83)
at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:108)
at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:56)
at org.keycloak.broker.provider.util.SimpleHttp.makeRequest(SimpleHttp.java:223)
at org.keycloak.broker.provider.util.SimpleHttp.asResponse(SimpleHttp.java:181)
at org.keycloak.broker.provider.util.SimpleHttp.asString(SimpleHttp.java:173)
at org.keycloak.broker.oidc.AbstractOAuth2IdentityProvider$Endpoint.authResponse(AbstractOAuth2IdentityProvider.java:475)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:498)
at org.jboss.resteasy.core.MethodInjectorImpl.invoke(MethodInjectorImpl.java:138)
at org.jboss.resteasy.core.ResourceMethodInvoker.internalInvokeOnTarget(ResourceMethodInvoker.java:535)
at org.jboss.resteasy.core.ResourceMethodInvoker.invokeOnTargetAfterFilter(ResourceMethodInvoker.java:424)
at org.jboss.resteasy.core.ResourceMethodInvoker.lambda$invokeOnTarget$0(ResourceMethodInvoker.java:385)
at org.jboss.resteasy.core.interception.PreMatchContainerRequestContext.filter(PreMatchContainerRequestContext.java:356)
at org.jboss.resteasy.core.ResourceMethodInvoker.invokeOnTarget(ResourceMethodInvoker.java:387)
at org.jboss.resteasy.core.ResourceMethodInvoker.invoke(ResourceMethodInvoker.java:356)
at org.jboss.resteasy.core.ResourceLocatorInvoker.invokeOnTargetObject(ResourceLocatorInvoker.java:150)
at org.jboss.resteasy.core.ResourceLocatorInvoker.invoke(ResourceLocatorInvoker.java:110)
at org.jboss.resteasy.core.ResourceLocatorInvoker.invokeOnTargetObject(ResourceLocatorInvoker.java:141)
at org.jboss.resteasy.core.ResourceLocatorInvoker.invoke(ResourceLocatorInvoker.java:104)
at org.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:440)
at org.jboss.resteasy.core.SynchronousDispatcher.lambda$invoke$4(SynchronousDispatcher.java:229)
at org.jboss.resteasy.core.SynchronousDispatcher.lambda$preprocess$0(SynchronousDispatcher.java:135)
at org.jboss.resteasy.core.interception.PreMatchContainerRequestContext.filter(PreMatchContainerRequestContext.java:356)
at org.jboss.resteasy.core.SynchronousDispatcher.preprocess(SynchronousDispatcher.java:138)
at org.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:215)
at org.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:227)
at org.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:56)
at org.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:51)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:590)
at io.undertow.servlet.handlers.ServletHandler.handleRequest(ServletHandler.java:74)
at io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:129)
at org.keycloak.services.filters.KeycloakSessionServletFilter.doFilter(KeycloakSessionServletFilter.java:91)
at io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:61)
at io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131)
at io.undertow.servlet.handlers.FilterHandler.handleRequest(FilterHandler.java:84)
at io.undertow.servlet.handlers.security.ServletSecurityRoleHandler.handleRequest(ServletSecurityRoleHandler.java:62)
at io.undertow.servlet.handlers.ServletChain$1.handleRequest(ServletChain.java:68)
at io.undertow.servlet.handlers.ServletDispatchingHandler.handleRequest(ServletDispatchingHandler.java:36)
at org.wildfly.extension.undertow.security.SecurityContextAssociationHandler.handleRequest(SecurityContextAssociationHandler.java:78)
at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
at io.undertow.servlet.handlers.RedirectDirHandler.handleRequest(RedirectDirHandler.java:68)
at io.undertow.servlet.handlers.security.SSLInformationAssociationHandler.handleRequest(SSLInformationAssociationHandler.java:111)
at io.undertow.servlet.handlers.security.ServletAuthenticationCallHandler.handleRequest(ServletAuthenticationCallHandler.java:57)
at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
at io.undertow.security.handlers.AbstractConfidentialityHandler.handleRequest(AbstractConfidentialityHandler.java:46)
at io.undertow.servlet.handlers.security.ServletConfidentialityConstraintHandler.handleRequest(ServletConfidentialityConstraintHandler.java:64)
at io.undertow.security.handlers.AuthenticationMechanismsHandler.handleRequest(AuthenticationMechanismsHandler.java:60)
at io.undertow.servlet.handlers.security.CachedAuthenticatedSessionHandler.handleRequest(CachedAuthenticatedSessionHandler.java:77)
at io.undertow.security.handlers.NotificationReceiverHandler.handleRequest(NotificationReceiverHandler.java:50)
at io.undertow.security.handlers.AbstractSecurityContextAssociationHandler.handleRequest(AbstractSecurityContextAssociationHandler.java:43)
at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
at org.wildfly.extension.undertow.security.jacc.JACCContextIdHandler.handleRequest(JACCContextIdHandler.java:61)
at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
at org.wildfly.extension.undertow.deployment.GlobalRequestControllerHandler.handleRequest(GlobalRequestControllerHandler.java:68)
at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
at io.undertow.servlet.handlers.ServletInitialHandler.handleFirstRequest(ServletInitialHandler.java:280)
at io.undertow.servlet.handlers.ServletInitialHandler.access$100(ServletInitialHandler.java:79)
at io.undertow.servlet.handlers.ServletInitialHandler$2.call(ServletInitialHandler.java:134)
at io.undertow.servlet.handlers.ServletInitialHandler$2.call(ServletInitialHandler.java:131)
at io.undertow.servlet.core.ServletRequestContextThreadSetupAction$1.call(ServletRequestContextThreadSetupAction.java:48)
at io.undertow.servlet.core.ContextClassLoaderSetupAction$1.call(ContextClassLoaderSetupAction.java:43)
at org.wildfly.extension.undertow.security.SecurityContextThreadSetupAction.lambda$create$0(SecurityContextThreadSetupAction.java:105)
at org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1530)
at org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1530)
at org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1530)
at org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1530)
at io.undertow.servlet.handlers.ServletInitialHandler.dispatchRequest(ServletInitialHandler.java:260)
at io.undertow.servlet.handlers.ServletInitialHandler.access$000(ServletInitialHandler.java:79)
at io.undertow.servlet.handlers.ServletInitialHandler$1.handleRequest(ServletInitialHandler.java:100)
at io.undertow.server.Connectors.executeRootHandler(Connectors.java:390)
at io.undertow.server.HttpServerExchange$1.run(HttpServerExchange.java:841)
at org.jboss.threads.ContextClassLoaderSavingRunnable.run(ContextClassLoaderSavingRunnable.java:35)
at org.jboss.threads.EnhancedQueueExecutor.safeRun(EnhancedQueueExecutor.java:1982)
at org.jboss.threads.EnhancedQueueExecutor$ThreadBody.doRunTask(EnhancedQueueExecutor.java:1486)
at org.jboss.threads.EnhancedQueueExecutor$ThreadBody.run(EnhancedQueueExecutor.java:1377)
at org.xnio.XnioWorker$WorkerThreadFactory$1$1.run(XnioWorker.java:1280)
at java.lang.Thread.run(Thread.java:748)
Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:456)
at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:323)
at sun.security.validator.Validator.validate(Validator.java:271)
at sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:315)
at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:223)
at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:129)
at sun.security.ssl.CertificateMessage$T12CertificateConsumer.checkServerCerts(CertificateMessage.java:638)
... 100 more
Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141)
at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126)
at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:280)
at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:451)
... 106 more
2022-02-27 01:50:10,929 TRACE [org.keycloak.events] (default task-87) type=IDENTITY_PROVIDER_LOGIN_ERROR, realmId=apicurio, clientId=apicurio-studio, userId=null, ipAddress=10.72.12.86, error=identity_provider_login_failure, code_id=4bdf13b9-8c38-4851-968d-48716569de30, authSessionParentId=4bdf13b9-8c38-4851-968d-48716569de30, authSessionTabId=UBfinaUhIHw, requestUri=https://10.72.46.162:8443/auth/realms/apicurio/broker/github/endpoint?code=c80c6535d317c574d00b&state=wDy8Al9_dBYiFCVf1CnR80vLHmp3zfU3k4BPKvcM-ZU.UBfinaUhIHw.apicurio-studio, cookies=[AUTH_SESSION_ID_LEGACY=4bdf13b9-8c38-4851-968d-48716569de30.sso, KC_RESTART=eyJhbGciOiJIUzI1NiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICI4YzAyZjcyMC1jNjIzLTRkZDgtYjQ1Ny1jYzE4NmEyNzJlN2YifQ.eyJjaWQiOiJhcGljdXJpby1zdHVkaW8iLCJwdHkiOiJvcGVuaWQtY29ubmVjdCIsInJ1cmkiOiJodHRwOi8vMTAuNzIuNDQuMTI3OjgxODAvc3R1ZGlvLyIsImFjdCI6IkFVVEhFTlRJQ0FURSIsIm5vdGVzIjp7InNjb3BlIjoib3BlbmlkIiwiaXNzIjoiaHR0cHM6Ly8xMC43Mi40Ni4xNjI6ODQ0My9hdXRoL3JlYWxtcy9hcGljdXJpbyIsInJlc3BvbnNlX3R5cGUiOiJjb2RlIiwicmVkaXJlY3RfdXJpIjoiaHR0cDovLzEwLjcyLjQ0LjEyNzo4MTgwL3N0dWRpby8iLCJzdGF0ZSI6IjJkMDJiZDc3LTY2NjctNDVlNS05ZWZiLThjZWZlNTU0ODA0OSIsImNsaWVudF9yZXF1ZXN0X3BhcmFtX2xvZ2luIjoidHJ1ZSJ9fQ.OFWzmw4aM_15Zf1KWTzEcUB2Fi4TytUKXKf5BLnG2_c, AUTH_SESSION_ID=4bdf13b9-8c38-4851-968d-48716569de30.sso], stackTrace=
org.keycloak.events.log.JBossLoggingEventListenerProvider.onEvent(JBossLoggingEventListenerProvider.java:101)
org.keycloak.events.EventBuilder.send(EventBuilder.java:192)
org.keycloak.events.EventBuilder.error(EventBuilder.java:169)
org.keycloak.broker.oidc.AbstractOAuth2IdentityProvider$Endpoint.errorIdentityProviderLogin(AbstractOAuth2IdentityProvider.java:501)
org.keycloak.broker.oidc.AbstractOAuth2IdentityProvider$Endpoint.authResponse(AbstractOAuth2IdentityProvider.java:496)
2022-02-27 01:50:10,932 DEBUG [org.keycloak.transaction.JtaTransactionWrapper] (default task-87) JtaTransactionWrapper commit
2022-02-27 01:50:10,932 DEBUG [org.keycloak.transaction.JtaTransactionWrapper] (default task-87) JtaTransactionWrapper end
2022-02-27 01:50:10,934 INFO [io.undertow.request.dump] (default task-87)
----------------------------REQUEST---------------------------
URI=/auth/realms/apicurio/broker/github/endpoint
characterEncoding=null
contentLength=-1
contentType=null
cookie=AUTH_SESSION_ID=4bdf13b9-8c38-4851-968d-48716569de30.sso
cookie=AUTH_SESSION_ID_LEGACY=4bdf13b9-8c38-4851-968d-48716569de30.sso
cookie=KC_RESTART=eyJhbGciOiJIUzI1NiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICI4YzAyZjcyMC1jNjIzLTRkZDgtYjQ1Ny1jYzE4NmEyNzJlN2YifQ.eyJjaWQiOiJhcGljdXJpby1zdHVkaW8iLCJwdHkiOiJvcGVuaWQtY29ubmVjdCIsInJ1cmkiOiJodHRwOi8vMTAuNzIuNDQuMTI3OjgxODAvc3R1ZGlvLyIsImFjdCI6IkFVVEhFTlRJQ0FURSIsIm5vdGVzIjp7InNjb3BlIjoib3BlbmlkIiwiaXNzIjoiaHR0cHM6Ly8xMC43Mi40Ni4xNjI6ODQ0My9hdXRoL3JlYWxtcy9hcGljdXJpbyIsInJlc3BvbnNlX3R5cGUiOiJjb2RlIiwicmVkaXJlY3RfdXJpIjoiaHR0cDovLzEwLjcyLjQ0LjEyNzo4MTgwL3N0dWRpby8iLCJzdGF0ZSI6IjJkMDJiZDc3LTY2NjctNDVlNS05ZWZiLThjZWZlNTU0ODA0OSIsImNsaWVudF9yZXF1ZXN0X3BhcmFtX2xvZ2luIjoidHJ1ZSJ9fQ.OFWzmw4aM_15Zf1KWTzEcUB2Fi4TytUKXKf5BLnG2_c
header=accept=text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
header=accept-language=en-US,en;q=0.5
header=accept-encoding=gzip, deflate, br
header=sec-fetch-mode=navigate
header=te=trailers
header=user-agent=Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:97.0) Gecko/20100101 Firefox/97.0
header=sec-fetch-user=?1
header=sec-fetch-dest=document
header=sec-fetch-site=none
header=cookie=AUTH_SESSION_ID=4bdf13b9-8c38-4851-968d-48716569de30.sso
header=cookie=AUTH_SESSION_ID_LEGACY=4bdf13b9-8c38-4851-968d-48716569de30.sso
header=cookie=KC_RESTART=eyJhbGciOiJIUzI1NiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICI4YzAyZjcyMC1jNjIzLTRkZDgtYjQ1Ny1jYzE4NmEyNzJlN2YifQ.eyJjaWQiOiJhcGljdXJpby1zdHVkaW8iLCJwdHkiOiJvcGVuaWQtY29ubmVjdCIsInJ1cmkiOiJodHRwOi8vMTAuNzIuNDQuMTI3OjgxODAvc3R1ZGlvLyIsImFjdCI6IkFVVEhFTlRJQ0FURSIsIm5vdGVzIjp7InNjb3BlIjoib3BlbmlkIiwiaXNzIjoiaHR0cHM6Ly8xMC43Mi40Ni4xNjI6ODQ0My9hdXRoL3JlYWxtcy9hcGljdXJpbyIsInJlc3BvbnNlX3R5cGUiOiJjb2RlIiwicmVkaXJlY3RfdXJpIjoiaHR0cDovLzEwLjcyLjQ0LjEyNzo4MTgwL3N0dWRpby8iLCJzdGF0ZSI6IjJkMDJiZDc3LTY2NjctNDVlNS05ZWZiLThjZWZlNTU0ODA0OSIsImNsaWVudF9yZXF1ZXN0X3BhcmFtX2xvZ2luIjoidHJ1ZSJ9fQ.OFWzmw4aM_15Zf1KWTzEcUB2Fi4TytUKXKf5BLnG2_c
header=upgrade-insecure-requests=1
header=Host=10.72.46.162:8443
locale=[en_US, en]
method=GET
parameter=code=c80c6535d317c574d00b
parameter=state=wDy8Al9_dBYiFCVf1CnR80vLHmp3zfU3k4BPKvcM-ZU.UBfinaUhIHw.apicurio-studio
protocol=HTTP/2.0
queryString=code=c80c6535d317c574d00b&state=wDy8Al9_dBYiFCVf1CnR80vLHmp3zfU3k4BPKvcM-ZU.UBfinaUhIHw.apicurio-studio
remoteAddr=ovpn-12-86.pek2.redhat.com/10.72.12.86:59527
remoteHost=ovpn-12-86.pek2.redhat.com
scheme=https
host=10.72.46.162:8443
serverPort=8443
isSecure=true
--------------------------RESPONSE--------------------------
contentLength=1750
contentType=text/html;charset=utf-8
header=X-XSS-Protection=1; mode=block
header=X-Frame-Options=SAMEORIGIN
header=Referrer-Policy=no-referrer
header=Content-Security-Policy=frame-src 'self'; frame-ancestors 'self'; object-src 'none';
header=Date=Sat, 26 Feb 2022 17:50:10 GMT
header=:status=502
header=X-Robots-Tag=none
header=Strict-Transport-Security=max-age=31536000; includeSubDomains
header=X-Content-Type-Options=nosniff
header=Content-Type=text/html;charset=utf-8
header=Content-Length=1750
header=Content-Language=en
status=502
==============================================================
I don’t know why it throw the unable to find valid certification path to requested target part from RH-SSO server. In my APICurio EAP server, I already imported the RH-SSO server’s truststore into EAP server’s standalone.conf and <system-properties> tag in the standalone-apirurio.xml file and the issue seems occur from SSO server --> Github which I don’t understand.
So should I import the Github’s certificate into my RH-SSO’s truststore?? Where is it???
Issue Analytics
- State:
- Created 2 years ago
- Comments:10 (5 by maintainers)
Top Results From Across the Web
OpenID Auth: unable to find valid certification path to ... - GitHub
Still on trying to authenticate with Kibana, it throws an unable to find valid certification path to requested target exception:.
Read more >unable to find valid certification path to requested target when ...
hello, I use dex as oidc provider, but I meet some error, but I have no idea how to resolve that. this is...
Read more >unable to find valid certification path to requested target with ...
I'm getting the following error after setting up Azure AD authentication on WSO2. "ERROR {org.wso2.carbon.identity.application.authentication.
Read more >Authenticating to GitHub - GitHub Docs
This error means that GitHub Desktop is unable to find the access token that it created in the system keychain. To troubleshoot, sign...
Read more >PKIX path building failed. Unable to find valid certification path ...
Expected behaviour javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath ...
Read more >
Top Related Medium Post
No results found
Top Related StackOverflow Question
No results found
Troubleshoot Live Code
Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free
Top Related Reddit Thread
No results found
Top Related Hackernoon Post
No results found
Top Related Tweet
No results found
Top Related Dev.to Post
No results found
Top Related Hashnode Post
No results found
I’m sorry that maybe I put the issue into a wrong repository. It should be apicurio-studio not apicurio-registry. Let me know if there is any way to move it or I will close it and open it at the correct place.
Thanks, I have received the document, I’ll check it.