Nevermind on this one, I can just use the http URL instead for the discovery doc and it works fine.
Colm. On Wed, Sep 27, 2017 at 12:57 PM, Colm O hEigeartaigh <[email protected]> wrote: > Hi all, > > I'm playing around with using PAC4J to secure KnoxSSO, talking to an OIDC > IdP. I'm getting a TLS handshake error when trying to retrieve the OIDC > configuration as specified by the "oidc.discoveryUri" parameter: > > Caused by: org.pac4j.core.exception.TechnicalException: > javax.net.ssl.SSLHandshakeException: > sun.security.validator.ValidatorException: PKIX path building failed: > sun.security.provider.certpath.SunCertPathBuilderException: unable to > find valid certification path to requested target > at org.pac4j.oidc.client.OidcClient.internalInit(OidcClient.java:297) > > How can I add the cert of the IdP to Knox/Pac4J so that the TLS handshake > works correctly? I tried adding it to gateway.jks but it doesn't work. Is > there a separate way to specify a TLS truststore? > > Colm. > > > -- > Colm O hEigeartaigh > > Talend Community Coder > http://coders.talend.com > -- Colm O hEigeartaigh Talend Community Coder http://coders.talend.com
