[keycloak-user] LinkedIn identity provider fail

Stian Thorgersen sthorger at redhat.com
Mon Dec 18 00:55:06 EST 2017 

Looks more like you don't have valid cert configured for LinkedIn. Old JVM?
KCs truststore not correct?

On 15 December 2017 at 17:36, Tim Dudgeon <tdudgeon.ml at gmail.com> wrote:

> Any ideas on this?
> Is anyone successfully using the LinkedIn social identity provider with
> Keycloak?
>
>
> On 09/12/17 16:46, Tim Dudgeon wrote:
> > I'm trying to use the LinkedIn social identity provider with Keycloak
> > 2.5.5.
> > I set it up according to the docs and I get the Linked in
> > authentication prompt, but after accepting this I get an error:
> > Unexpected error when authenticating with identity provider.
> >
> > The Keycloak logs show this:
> >
> > 16:26:26,257 ERROR
> > [org.keycloak.broker.oidc.AbstractOAuth2IdentityProvider] (default
> > task-60) Failed to make identity provider oauth callback:
> > javax.net.ssl.SSLHandshakeException:
> > sun.security.validator.ValidatorException: PKIX path building failed:
> > sun.security.provider.certpath.SunCertPathBuilderException: unable to
> > find valid certification path to requested target
> >     at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)
> >     at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1959)
> >     at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:302)
> >     at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:296)
> >     at
> > sun.security.ssl.ClientHandshaker.serverCertificate(
> ClientHandshaker.java:1514)
> >     at
> > sun.security.ssl.ClientHandshaker.processMessage(
> ClientHandshaker.java:216)
> >     at sun.security.ssl.Handshaker.processLoop(Handshaker.java:1026)
> >     at sun.security.ssl.Handshaker.process_record(Handshaker.java:961)
> >     at sun.security.ssl.SSLSocketImpl.readRecord(
> SSLSocketImpl.java:1072)
> >     at
> > sun.security.ssl.SSLSocketImpl.performInitialHandshake(
> SSLSocketImpl.java:1385)
> >     at
> > sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1413)
> >     at
> > sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1397)
> >     at
> > sun.net.www.protocol.https.HttpsClient.afterConnect(
> HttpsClient.java:559)
> >     at
> > sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(
> AbstractDelegateHttpsURLConnection.java:185)
> >     at
> > sun.net.www.protocol.http.HttpURLConnection.getOutputStream0(
> HttpURLConnection.java:1334)
> >     at
> > sun.net.www.protocol.http.HttpURLConnection.getOutputStream(
> HttpURLConnection.java:1309)
> >     at
> > sun.net.www.protocol.https.HttpsURLConnectionImpl.getOutputStream(
> HttpsURLConnectionImpl.java:259)
> >     at
> > org.keycloak.broker.provider.util.SimpleHttp.asString(
> SimpleHttp.java:141)
> >     at
> > org.keycloak.broker.oidc.AbstractOAuth2IdentityProvider
> $Endpoint.authResponse(AbstractOAuth2IdentityProvider.java:228)
> >
> >
> > Keycloak is using self-signed certificates at present, but not sure if
> > that is relevant.
> >
> > Any iddeas what's wrong?
> >
> >
> >
> >
>
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
>

More information about the keycloak-user mailing list