FYI - since we are officially dropping Java 7 support in 0.14.0/1.0.0 we can upgrade our pac4j library. If you are playing around with that then it may be interesting to drop in the new version.
I do suspect it will require some changes though. On Wed, Sep 27, 2017 at 8:11 AM, Colm O hEigeartaigh <[email protected]> wrote: > Nevermind on this one, I can just use the http URL instead for the > discovery doc and it works fine. > > Colm. > > On Wed, Sep 27, 2017 at 12:57 PM, Colm O hEigeartaigh <[email protected] > > > wrote: > > > Hi all, > > > > I'm playing around with using PAC4J to secure KnoxSSO, talking to an OIDC > > IdP. I'm getting a TLS handshake error when trying to retrieve the OIDC > > configuration as specified by the "oidc.discoveryUri" parameter: > > > > Caused by: org.pac4j.core.exception.TechnicalException: javax.net.ssl. > SSLHandshakeException: > > sun.security.validator.ValidatorException: PKIX path building failed: > > sun.security.provider.certpath.SunCertPathBuilderException: unable to > > find valid certification path to requested target > > at org.pac4j.oidc.client.OidcClient.internalInit( > OidcClient.java:297) > > > > How can I add the cert of the IdP to Knox/Pac4J so that the TLS handshake > > works correctly? I tried adding it to gateway.jks but it doesn't work. Is > > there a separate way to specify a TLS truststore? > > > > Colm. > > > > > > -- > > Colm O hEigeartaigh > > > > Talend Community Coder > > http://coders.talend.com > > > > > > -- > Colm O hEigeartaigh > > Talend Community Coder > http://coders.talend.com >
