[keycloak-user] LinkedIn identity provider fail

Tim Dudgeon tdudgeon.ml at gmail.com
Sat Dec 9 11:46:27 EST 2017 

I'm trying to use the LinkedIn social identity provider with Keycloak 2.5.5.
I set it up according to the docs and I get the Linked in authentication 
prompt, but after accepting this I get an error: Unexpected error when 
authenticating with identity provider.

The Keycloak logs show this:

16:26:26,257 ERROR 
[org.keycloak.broker.oidc.AbstractOAuth2IdentityProvider] (default 
task-60) Failed to make identity provider oauth callback: 
javax.net.ssl.SSLHandshakeException: 
sun.security.validator.ValidatorException: PKIX path building failed: 
sun.security.provider.certpath.SunCertPathBuilderException: unable to 
find valid certification path to requested target
     at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)
     at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1959)
     at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:302)
     at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:296)
     at 
sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1514)
     at 
sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:216)
     at sun.security.ssl.Handshaker.processLoop(Handshaker.java:1026)
     at sun.security.ssl.Handshaker.process_record(Handshaker.java:961)
     at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1072)
     at 
sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1385)
     at 
sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1413)
     at 
sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1397)
     at 
sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:559)
     at 
sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:185)
     at 
sun.net.www.protocol.http.HttpURLConnection.getOutputStream0(HttpURLConnection.java:1334)
     at 
sun.net.www.protocol.http.HttpURLConnection.getOutputStream(HttpURLConnection.java:1309)
     at 
sun.net.www.protocol.https.HttpsURLConnectionImpl.getOutputStream(HttpsURLConnectionImpl.java:259)
     at 
org.keycloak.broker.provider.util.SimpleHttp.asString(SimpleHttp.java:141)
     at 
org.keycloak.broker.oidc.AbstractOAuth2IdentityProvider$Endpoint.authResponse(AbstractOAuth2IdentityProvider.java:228)


Keycloak is using self-signed certificates at present, but not sure if 
that is relevant.

Any iddeas what's wrong?

More information about the keycloak-user mailing list