Mohan,

On 6/27/22 02:17, Mohan T wrote:
> Dear All,
> 
> We have deployed a application in tomcat 8.5  and  while accessing
> 
> http://sebswarcnv08.ramco:8081/samldemo-0.0.1-SNAPSHOT/hello
> 
> Error retrieving metadata from https://dev-67198606.okta.com/app/exk5htsyx3S4UcaHA5d7/sso/saml/metadata
> javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

A stack trace will help, here.

The URL you have above has a TLS Certificate signed by DigiCert, which 
is a well-trusted Certificate Authority so, unless you have done 
something specific with your trust store for that connection, it's not 
likely the problem.

Because you are using SAML, I suspect that the error occurs when 
validating the SAML response itself, and your trust store does not 
contain the certificate required to validate the signed SAML response.

-chris

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org