I have set up an external OIDC provider as an IDP in Okta.
I validated that the OIDC provider in question works when I integrate applications directly with it.
However, Okta fails to get an access/ID token after successfully redirecting with an authorization code.
Looking at the error log I see this:
failure : Unable to retrieve an access token for the Identity Provider
More detailed error:
com.sun.jersey.api.client.ClientHandlerException: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
I presume this error is internally from Okta connecting to the OIDC token endpoint.
I’m confused why this is a problem since the domain in question for the token endpoint has a valid cert and doesn’t create problems when used with curl or from my browser.