[midPoint] Error Office 365/ Azure connector

Jason Everling jeverling at bshp.edu
Tue Nov 27 15:29:32 CET 2018


I think he is having the issue because of the updated certificate for Microsoft's graph api.

Check to see if you have the proper chain in your midpoint key store for graph api, Not in java cacerts

https://graph.windows.net

________________________________
From: midPoint <midpoint-bounces at lists.evolveum.com> on behalf of Nicolas Rossi <nrossi at identicum.com>
Sent: Tuesday, November 27, 2018 8:09:03 AM
To: midPoint General Discussion
Subject: Re: [midPoint] Error Office 365/ Azure connector

Check the subject alternative names on the certificate and add an entry to the /etc/hosts to access the server with the FQDN specified in the certificate.




Ing Nicolás Rossi
Identicum S.A.
Jorge Newbery 3226
Oficina: +54 (11) 4552-3050
Móvil: +54 (911) 6041-3920
www.identicum.com<http://www.identicum.com>


On Tue, Nov 27, 2018 at 9:54 AM Fabio Medeiro <fabio.medeiro at worldnettps.com<mailto:fabio.medeiro at worldnettps.com>> wrote:
I don't use valid certificate, I access it by IP.

On Tue, 27 Nov 2018 at 12:10, Nicolas Rossi <nrossi at identicum.com<mailto:nrossi at identicum.com>> wrote:
And how are you accessing the server ? Check the certificate subject and alternative names. You should use the same hostname.

Regards,


Ing Nicolás Rossi
Identicum S.A.
Jorge Newbery 3226
Oficina: +54 (11) 4552-3050
Móvil: +54 (911) 6041-3920
www.identicum.com<http://www.identicum.com>


On Tue, Nov 27, 2018 at 6:51 AM Fabio Medeiro <fabio.medeiro at worldnettps.com<mailto:fabio.medeiro at worldnettps.com>> wrote:
Hi Nicolas,

Thanks for your reply.

I have already add it on keystore.jceks of midpoint (/opt/midpoint-3.7.2/var) and cacerts of java(/usr/lib/jvm/java-8-openjdk-amd64/jre/lib/security), but it has not work

On Mon, 22 Oct 2018 at 15:52, Fabio Medeiro <fabio.medeiro at worldnettps.com<mailto:fabio.medeiro at worldnettps.com>> wrote:
Hi Nicolas,

Thanks for your reply.

I have already add it on keystore.jceks of midpoint (/opt/midpoint-3.7.2/var) and cacerts of java(/usr/lib/jvm/java-8-openjdk-amd64/jre/lib/security), but it does work

On Mon, 22 Oct 2018 at 13:39, Nicolas Rossi <nrossi at identicum.com<mailto:nrossi at identicum.com>> wrote:
It seems that you have to import the CA certificate to the midPoint keystore:

javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

It's the same error you have reported on June<http://lists.evolveum.com/pipermail/midpoint/2018-June/004738.html> with the Office365.

Regards,


Ing Nicolás Rossi
Identicum S.A.
Jorge Newbery 3226
Oficina: +54 (11) 4552-3050
Móvil: +54 (911) 6041-3920
www.identicum.com<http://www.identicum.com>


On Mon, Oct 22, 2018 at 9:18 AM Fabio Medeiro <fabio.medeiro at worldnettps.com<mailto:fabio.medeiro at worldnettps.com>> wrote:
Hi all,

I have been trying use office connector on midpoint, but I always get the same error message bellow. I have already imported the certificate.

2018-10-22 13:06:55,316 [] [http-nio-8080-exec-9] INFO (com.evolveum.midpoint.provisioning.impl.ConnectorManager): Created new connector instance for ConnectorSpec(resource:fdb1aac3-b520-4773-948f-6835a9232478(Office 365 Connector), name=null, oid=8c78406d-f7fb-431e-8522-3909e0556c68): org.identityconnectors.office365.Office365Connector v1.2.0.0-SNAPSHOT
2018-10-22 13:06:56,139 [] [http-nio-8080-exec-9] ERROR (org.identityconnectors.office365.Office365Connection): method: null msg:Error creating token, error javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
2018-10-22 13:06:56,459 [] [http-nio-8080-exec-9] ERROR (org.identityconnectors.office365.Office365Connection): method: null msg:Error creating token, error javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
2018-10-22 13:06:56,776 [] [http-nio-8080-exec-9] ERROR (org.identityconnectors.office365.Office365Connection): method: null msg:Error creating token, error javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
2018-10-22 13:06:57,081 [] [http-nio-8080-exec-9] ERROR (org.identityconnectors.office365.Office365Connection): method: null msg:Error creating token, error javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
2018-10-22 13:06:57,564 [] [http-nio-8080-exec-9] ERROR (org.identityconnectors.office365.Office365Connection): method: [null, IOE Error doing getRequest to path /tenantDetails?api-version=2013-11-08] msg:{}
javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

Has anyone got this error???
Thanks
--


Kind Regards

Fabio Medeiro

 IT Helpdesk

[/Users/dmcsharry/Library/Containers/com.microsoft.Outlook/Data/Library/Caches/Signatures/signature_464034326]

Hibernia House,

Cherrywood Business Park,

Loughlinstown, Co. Dublin D18 E440

Office: +353 (1) 531 0901<tel:+353%201%20531%200901>

Website: www.worldnettps.com<http://www.worldnettps.com/>

_______________________________________________
midPoint mailing list
midPoint at lists.evolveum.com<mailto:midPoint at lists.evolveum.com>
http://lists.evolveum.com/mailman/listinfo/midpoint
_______________________________________________
midPoint mailing list
midPoint at lists.evolveum.com<mailto:midPoint at lists.evolveum.com>
http://lists.evolveum.com/mailman/listinfo/midpoint


--


Kind Regards

Fabio Medeiro

 IT Helpdesk

[/Users/dmcsharry/Library/Containers/com.microsoft.Outlook/Data/Library/Caches/Signatures/signature_464034326]

Hibernia House,

Cherrywood Business Park,

Loughlinstown, Co. Dublin D18 E440

Office: +353 (1) 531 0901<tel:+353%201%20531%200901>

Website: www.worldnettps.com<http://www.worldnettps.com/>


--


Kind Regards

Fabio Medeiro

IT Helpdesk

[https://drive.google.com/a/worldnettps.com/uc?id=0B_KMxuqo4y1CRVdsUG9HNjZRakRQWGtBdk5uNXBjMWM4NmF3&export=download]

Hibernia House,

Cherrywood Business Park,

Loughlinstown, Co. Dublin D18 E440

Office: +353 (1) 531 0901<tel:+353%201%20531%200901>

Website: www.worldnettps.com<http://www.worldnettps.com/>

_______________________________________________
midPoint mailing list
midPoint at lists.evolveum.com<mailto:midPoint at lists.evolveum.com>
http://lists.evolveum.com/mailman/listinfo/midpoint
_______________________________________________
midPoint mailing list
midPoint at lists.evolveum.com<mailto:midPoint at lists.evolveum.com>
http://lists.evolveum.com/mailman/listinfo/midpoint


--


Kind Regards

Fabio Medeiro

IT Helpdesk

[https://drive.google.com/a/worldnettps.com/uc?id=0B_KMxuqo4y1CRVdsUG9HNjZRakRQWGtBdk5uNXBjMWM4NmF3&export=download]

Hibernia House,

Cherrywood Business Park,

Loughlinstown, Co. Dublin D18 E440

Office: +353 (1) 531 0901<tel:+353%201%20531%200901>

Website: www.worldnettps.com<http://www.worldnettps.com/>

_______________________________________________
midPoint mailing list
midPoint at lists.evolveum.com<mailto:midPoint at lists.evolveum.com>
http://lists.evolveum.com/mailman/listinfo/midpoint
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20181127/4a827131/attachment.htm>


More information about the midPoint mailing list