You need to configure a truststore for the adapter. See

On 29 February 2016 at 13:57, Mark Hayen <> wrote:

We're running our application on Openshift Online.
Of course it is secured by keycloak running in the same gear.

The openshift webconsole offers the possibility to import the
certificate etc.
but when trying to access the application it throws the following error.

ERROR [org.keycloak.adapters.OAuthRequestAuthenticator] (default
task-48) failed to turn code into token: PKIX path building failed: unable to
find valid certification path to requested target

What do I have to do to enable keycloak to find the stuf it needs?

Thank you
Mark Hayen

keycloak-user mailing list