Custom Authenticator fails to authenticate the user with error "sun.security.validator.ValidatorException: PKIX path building failed"
Article ID: KB0079055
Updated On:
| Products | Versions |
|---|---|
| Spotfire Server | All Versions |
Description
There may be scenarios where you would be making a HTTPS request from a Custom Authenticator to an external service in order to establish the user identity and this request may fail with the below error
WARN 2019-02-13T13:53:50,235-0500 [unknown, #126, #434902] server.security.ExternalAuthenticator: The call to the CustomAuthenticator failed, the user will not be authenticated org.springframework.web.client.ResourceAccessException: I/O error on GET request for "https://myserver/userinfo": sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target; nested exception is javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
Issue/Introduction
This article explains why a custom authenticator fails to authenticate the user with error "sun.security.validator.ValidatorException: PKIX path building failed" and steps to be performed in order to resolve it
Resolution
This issue may occur if the issuer of the HTTPS certificate is not trusted on the TIBCO Spotfire Server. To resolve this issue, add the CA certificate to the 'cacerts' keystore on TIBCO Spotfire Server which could be located at:<Server installation directory>\jdk\jre\lib\security. See the keytool - Key and Certificate Management Tool reference for more details.
Additional Information
Doc: TIBCO Spotfire® Server API for Custom Authentication
External: keytool - Key and Certificate Management Tool > Import Certificate
Feedback
Yes
No
Powered by
