Jazz Forum Welcome to the Jazz Community Forum Connect and collaborate with IBM Engineering experts and users

Google Authentication for Jazz Authentication Server.

Questions
Tags
Users
Badges
Krishna Koppera
(11212) Jan 24 '24, 4:31 a.m.

 Hi,


I am trying to connect Jazz Authorization Server(JAS) to Google for authentication.

I followed all the steps mentioned in the link below.


After step 4, when I am trying to access https://servername:9643/oidc/endpoint/jazzop/authorise it is redirecting to google but after that it is giving the error 401 : Unauthorized.

Please let me know if there are any other things I need to follow to make this work.

Regards,
Krishna K.


0 votes

1 answer
966 views
0 votes

One answer

Permanent link
Davyd Norris
(3.0k217) Jan 24 '24, 5:50 p.m.
There is way too little information in this to diagnose - there could be at least a dozen reasons this is happening. 

I would open a case with IBM Support, or at very least have a look in the server logs to see if there are any error messages and give us more detail

0 votes

Comments
Krishna Koppera
Jan 29 '24, 1:01 a.m.

Hi Davyd,


I have checked the logs and it has the following error.

[ERROR   ] CWPKI0823E: SSL HANDSHAKE FAILURE:  A signer with SubjectDN [CN=upload.video.google.com] was sent from the host [oauth2.googleapis.com:443].  The signer might need to be added to local trust store [ibm-team.keystore], located in SSL configuration alias [defaultSSLConfig].  The extended error message from the SSL handshake exception is: [unable to find valid certification path to requested target].
[ERROR   ] CWWKS1708E: The OpenID Connect client [750903717552-o87qv30mnkseq2nldhb014a3socrcb02.apps.googleusercontent.com] is unable to contact the OpenID Connect provider at [https://oauth2.googleapis.com/token] to receive an ID token due to [java.security.cert.CertificateException: unable to find valid certification path to requested target].

I understand that it is regarding certificate. Can you help me with generating that ??

Regards,
Krishna K.

Davyd Norris
Jan 29 '24, 1:16 a.m.
Hi Krishna,

This is a user support forum, not IBM Support. But the log entry is telling you what you need to know "unable to find valid certification path to requested target" - this is saying that the ELM server local trust store (and it even names it) is missing the CA certs to be able to validate that oauth2.googleapis.com is a trusted server.

I would go to Google and look in their documentation - they will tell you where to find the correct CA certs to load up.

Your answer

Register or log in to post your answer.

Dashboards and work items are no longer publicly available, so some links may be invalid. We now provide similar information through other means. Learn more here.

Ask a question
Guidelines
FAQ
Search context
Follow this question

By Email: 

Once you sign in you will be able to subscribe for any updates here.

By RSS:

Answers
Answers and Comments
Question details
× 7,497
× 1,327
× 29

Question asked: Jan 24 '24, 4:31 a.m.

Question was seen: 966 times

Last updated: Jan 29 '24, 1:16 a.m.

Confirmation Cancel Confirm