From tomcat-user Mon Jun 27 12:45:28 2022 From: Christopher Schultz Date: Mon, 27 Jun 2022 12:45:28 +0000 To: tomcat-user Subject: Re: Help Needed Message-Id: X-MARC-Message: https://marc.info/?l=tomcat-user&m=165633383726235 Mohan, On 6/27/22 02:17, Mohan T wrote: > Dear All, > > We have deployed a application in tomcat 8.5 and while accessing > > http://sebswarcnv08.ramco:8081/samldemo-0.0.1-SNAPSHOT/hello > > Error retrieving metadata from https://dev-67198606.okta.com/app/exk5htsyx3S4UcaHA5d7/sso/saml/metadata > javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target A stack trace will help, here. The URL you have above has a TLS Certificate signed by DigiCert, which is a well-trusted Certificate Authority so, unless you have done something specific with your trust store for that connection, it's not likely the problem. Because you are using SAML, I suspect that the error occurs when validating the SAML response itself, and your trust store does not contain the certificate required to validate the signed SAML response. -chris --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org For additional commands, e-mail: users-help@tomcat.apache.org