SSL handshake error with external OIDC provider

wrschneider · October 15, 2020, 1:26pm

I have set up an external OIDC provider as an IDP in Okta.

I validated that the OIDC provider in question works when I integrate applications directly with it.

However, Okta fails to get an access/ID token after successfully redirecting with an authorization code.

Looking at the error log I see this:

failure : Unable to retrieve an access token for the Identity Provider

More detailed error:

com.sun.jersey.api.client.ClientHandlerException: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

I presume this error is internally from Okta connecting to the OIDC token endpoint.
I’m confused why this is a problem since the domain in question for the token endpoint has a valid cert and doesn’t create problems when used with curl or from my browser.

Lijia · October 21, 2020, 8:54pm

@wrschneider Hi Bill, since you have been open a support ticket to support@okta.com with this issue. We will continue working on the issue in the ticket.
Thanks