It's all about the answers!

Ask a question
QuestionsTagsUsersBadges
Guidelines | FAQ
Follow this question
Question details

×7,447
×4,710
×1,276
×50
×27
×1

question asked: Jan 24, 4:31 a.m.
question was seen: 672 times
last updated: Jan 29, 1:16 a.m.

Related questions

Google Authentication for Jazz Authentication Server.

0
Krishna Koppera (1111) | asked Jan 24, 4:31 a.m.

 Hi,


I am trying to connect Jazz Authorization Server(JAS) to Google for authentication.

I followed all the steps mentioned in the link below.


After step 4, when I am trying to access https://servername:9643/oidc/endpoint/jazzop/authorise it is redirecting to google but after that it is giving the error 401 : Unauthorized.

Please let me know if there are any other things I need to follow to make this work.

Regards,
Krishna K.


One answer

Most liked answers ↑|Newest answers|Oldest answers

0
permanent link
Davyd Norris (2.5k217) | answered Jan 24, 5:50 p.m.
There is way too little information in this to diagnose - there could be at least a dozen reasons this is happening. 

I would open a case with IBM Support, or at very least have a look in the server logs to see if there are any error messages and give us more detail
Comments
Krishna Koppera commented Jan 29, 1:01 a.m.

Hi Davyd,


I have checked the logs and it has the following error.

[ERROR   ] CWPKI0823E: SSL HANDSHAKE FAILURE:  A signer with SubjectDN [CN=upload.video.google.com] was sent from the host [oauth2.googleapis.com:443].  The signer might need to be added to local trust store [ibm-team.keystore], located in SSL configuration alias [defaultSSLConfig].  The extended error message from the SSL handshake exception is: [unable to find valid certification path to requested target].
[ERROR   ] CWWKS1708E: The OpenID Connect client [750903717552-o87qv30mnkseq2nldhb014a3socrcb02.apps.googleusercontent.com] is unable to contact the OpenID Connect provider at [https://oauth2.googleapis.com/token] to receive an ID token due to [java.security.cert.CertificateException: unable to find valid certification path to requested target].

I understand that it is regarding certificate. Can you help me with generating that ??

Regards,
Krishna K.

Davyd Norris commented Jan 29, 1:16 a.m.
Hi Krishna,

This is a user support forum, not IBM Support. But the log entry is telling you what you need to know "unable to find valid certification path to requested target" - this is saying that the ELM server local trust store (and it even names it) is missing the CA certs to be able to validate that oauth2.googleapis.com is a trusted server.

I would go to Google and look in their documentation - they will tell you where to find the correct CA certs to load up.

Your answer

Register or to post your answer.


Dashboards and work items are no longer publicly available, so some links may be invalid. We now provide similar information through other means. Learn more here.