[midPoint] Error Office 365/ Azure connector

Fabio Medeiro fabio.medeiro at worldnettps.com
Wed Nov 28 10:55:04 CET 2018 

Thanks Jason and Nicola.

It was missing he proper chain in your midpoint key store for graph api.

On Tue, 27 Nov 2018 at 14:33, Jason Everling <jeverling at bshp.edu> wrote:

> I think he is having the issue because of the updated certificate for
> Microsoft's graph api.
>
> Check to see if you have the proper chain in your midpoint key store for
> graph api, Not in java cacerts
>
> https://graph.windows.net
>
> ------------------------------
> *From:* midPoint <midpoint-bounces at lists.evolveum.com> on behalf of
> Nicolas Rossi <nrossi at identicum.com>
> *Sent:* Tuesday, November 27, 2018 8:09:03 AM
> *To:* midPoint General Discussion
> *Subject:* Re: [midPoint] Error Office 365/ Azure connector
>
> Check the subject alternative names on the certificate and add an entry to
> the /etc/hosts to access the server with the FQDN specified in the
> certificate.
>
>
>
>
> Ing Nicolás Rossi
> Identicum S.A.
> Jorge Newbery 3226
> Oficina: +54 (11) 4552-3050
> Móvil: +54 (911) 6041-3920
> www.identicum.com
>
>
> On Tue, Nov 27, 2018 at 9:54 AM Fabio Medeiro <
> fabio.medeiro at worldnettps.com> wrote:
>
>> I don't use valid certificate, I access it by IP.
>>
>> On Tue, 27 Nov 2018 at 12:10, Nicolas Rossi <nrossi at identicum.com> wrote:
>>
>>> And how are you accessing the server ? Check the certificate subject and
>>> alternative names. You should use the same hostname.
>>>
>>> Regards,
>>>
>>>
>>> Ing Nicolás Rossi
>>> Identicum S.A.
>>> Jorge Newbery 3226
>>> Oficina: +54 (11) 4552-3050
>>> Móvil: +54 (911) 6041-3920
>>> www.identicum.com
>>>
>>>
>>> On Tue, Nov 27, 2018 at 6:51 AM Fabio Medeiro <
>>> fabio.medeiro at worldnettps.com> wrote:
>>>
>>>> Hi Nicolas,
>>>>
>>>> Thanks for your reply.
>>>>
>>>> I have already add it on keystore.jceks of midpoint
>>>> (/opt/midpoint-3.7.2/var) and cacerts of
>>>> java(/usr/lib/jvm/java-8-openjdk-amd64/jre/lib/security), but it has not
>>>> work
>>>>
>>>> On Mon, 22 Oct 2018 at 15:52, Fabio Medeiro <
>>>> fabio.medeiro at worldnettps.com> wrote:
>>>>
>>>>> Hi Nicolas,
>>>>>
>>>>> Thanks for your reply.
>>>>>
>>>>> I have already add it on keystore.jceks of midpoint
>>>>> (/opt/midpoint-3.7.2/var) and cacerts of
>>>>> java(/usr/lib/jvm/java-8-openjdk-amd64/jre/lib/security), but it does work
>>>>>
>>>>> On Mon, 22 Oct 2018 at 13:39, Nicolas Rossi <nrossi at identicum.com>
>>>>> wrote:
>>>>>
>>>>>> It seems that you have to import the CA certificate to the midPoint
>>>>>> keystore:
>>>>>>
>>>>>> javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException:
>>>>>> PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException:
>>>>>> unable to find valid certification path to requested target
>>>>>>
>>>>>> It's the same error you have reported on June
>>>>>> <http://lists.evolveum.com/pipermail/midpoint/2018-June/004738.html>
>>>>>> with the Office365.
>>>>>>
>>>>>> Regards,
>>>>>>
>>>>>>
>>>>>> Ing Nicolás Rossi
>>>>>> Identicum S.A.
>>>>>> Jorge Newbery 3226
>>>>>> Oficina: +54 (11) 4552-3050
>>>>>> Móvil: +54 (911) 6041-3920
>>>>>> www.identicum.com
>>>>>>
>>>>>>
>>>>>> On Mon, Oct 22, 2018 at 9:18 AM Fabio Medeiro <
>>>>>> fabio.medeiro at worldnettps.com> wrote:
>>>>>>
>>>>>>> Hi all,
>>>>>>>
>>>>>>> I have been trying use office connector on midpoint, but I always
>>>>>>> get the same error message bellow. I have already imported the certificate.
>>>>>>>
>>>>>>> 2018-10-22 13:06:55,316 [] [http-nio-8080-exec-9] INFO
>>>>>>> (com.evolveum.midpoint.provisioning.impl.ConnectorManager): Created new
>>>>>>> connector instance for
>>>>>>> ConnectorSpec(resource:fdb1aac3-b520-4773-948f-6835a9232478(Office 365
>>>>>>> Connector), name=null, oid=8c78406d-f7fb-431e-8522-3909e0556c68):
>>>>>>> org.identityconnectors.office365.Office365Connector v1.2.0.0-SNAPSHOT
>>>>>>> 2018-10-22 13:06:56,139 [] [http-nio-8080-exec-9] ERROR
>>>>>>> (org.identityconnectors.office365.Office365Connection): method: null
>>>>>>> msg:Error creating token, error javax.net.ssl.SSLHandshakeException:
>>>>>>> sun.security.validator.ValidatorException: PKIX path building failed:
>>>>>>> sun.security.provider.certpath.SunCertPathBuilderException: unable to find
>>>>>>> valid certification path to requested target
>>>>>>> 2018-10-22 13:06:56,459 [] [http-nio-8080-exec-9] ERROR
>>>>>>> (org.identityconnectors.office365.Office365Connection): method: null
>>>>>>> msg:Error creating token, error javax.net.ssl.SSLHandshakeException:
>>>>>>> sun.security.validator.ValidatorException: PKIX path building failed:
>>>>>>> sun.security.provider.certpath.SunCertPathBuilderException: unable to find
>>>>>>> valid certification path to requested target
>>>>>>> 2018-10-22 13:06:56,776 [] [http-nio-8080-exec-9] ERROR
>>>>>>> (org.identityconnectors.office365.Office365Connection): method: null
>>>>>>> msg:Error creating token, error javax.net.ssl.SSLHandshakeException:
>>>>>>> sun.security.validator.ValidatorException: PKIX path building failed:
>>>>>>> sun.security.provider.certpath.SunCertPathBuilderException: unable to find
>>>>>>> valid certification path to requested target
>>>>>>> 2018-10-22 13:06:57,081 [] [http-nio-8080-exec-9] ERROR
>>>>>>> (org.identityconnectors.office365.Office365Connection): method: null
>>>>>>> msg:Error creating token, error javax.net.ssl.SSLHandshakeException:
>>>>>>> sun.security.validator.ValidatorException: PKIX path building failed:
>>>>>>> sun.security.provider.certpath.SunCertPathBuilderException: unable to find
>>>>>>> valid certification path to requested target
>>>>>>> 2018-10-22 13:06:57,564 [] [http-nio-8080-exec-9] ERROR
>>>>>>> (org.identityconnectors.office365.Office365Connection): method: [null, IOE
>>>>>>> Error doing getRequest to path /tenantDetails?api-version=2013-11-08] msg:{}
>>>>>>> javax.net.ssl.SSLHandshakeException:
>>>>>>> sun.security.validator.ValidatorException: PKIX path building failed:
>>>>>>> sun.security.provider.certpath.SunCertPathBuilderException: unable to find
>>>>>>> valid certification path to requested target
>>>>>>>
>>>>>>> Has anyone got this error???
>>>>>>> Thanks
>>>>>>> --
>>>>>>>
>>>>>>> Kind Regards
>>>>>>>
>>>>>>> Fabio Medeiro
>>>>>>>
>>>>>>>  IT Helpdesk
>>>>>>>
>>>>>>> [image:
>>>>>>> /Users/dmcsharry/Library/Containers/com.microsoft.Outlook/Data/Library/Caches/Signatures/signature_464034326]
>>>>>>>
>>>>>>> Hibernia House,
>>>>>>>
>>>>>>> Cherrywood Business Park,
>>>>>>>
>>>>>>> Loughlinstown, Co. Dublin D18 E440
>>>>>>>
>>>>>>> Office: +353 (1) 531 0901 <+353%201%20531%200901>
>>>>>>>
>>>>>>> Website: www.worldnettps.com
>>>>>>> _______________________________________________
>>>>>>> midPoint mailing list
>>>>>>> midPoint at lists.evolveum.com
>>>>>>> http://lists.evolveum.com/mailman/listinfo/midpoint
>>>>>>>
>>>>>> _______________________________________________
>>>>>> midPoint mailing list
>>>>>> midPoint at lists.evolveum.com
>>>>>> http://lists.evolveum.com/mailman/listinfo/midpoint
>>>>>>
>>>>>
>>>>>
>>>>> --
>>>>>
>>>>> Kind Regards
>>>>>
>>>>> Fabio Medeiro
>>>>>
>>>>>  IT Helpdesk
>>>>>
>>>>> [image:
>>>>> /Users/dmcsharry/Library/Containers/com.microsoft.Outlook/Data/Library/Caches/Signatures/signature_464034326]
>>>>>
>>>>> Hibernia House,
>>>>>
>>>>> Cherrywood Business Park,
>>>>>
>>>>> Loughlinstown, Co. Dublin D18 E440
>>>>>
>>>>> Office: +353 (1) 531 0901 <+353%201%20531%200901>
>>>>>
>>>>> Website: www.worldnettps.com
>>>>>
>>>>
>>>>
>>>> --
>>>>
>>>> Kind Regards
>>>>
>>>> Fabio Medeiro
>>>>
>>>> IT Helpdesk
>>>>
>>>>
>>>> Hibernia House,
>>>>
>>>> Cherrywood Business Park,
>>>>
>>>> Loughlinstown, Co. Dublin D18 E440
>>>>
>>>> Office: +353 (1) 531 0901 <+353%201%20531%200901>
>>>>
>>>> Website: www.worldnettps.com
>>>> _______________________________________________
>>>> midPoint mailing list
>>>> midPoint at lists.evolveum.com
>>>> http://lists.evolveum.com/mailman/listinfo/midpoint
>>>>
>>> _______________________________________________
>>> midPoint mailing list
>>> midPoint at lists.evolveum.com
>>> http://lists.evolveum.com/mailman/listinfo/midpoint
>>>
>>
>>
>> --
>>
>> Kind Regards
>>
>> Fabio Medeiro
>>
>> IT Helpdesk
>>
>>
>> Hibernia House,
>>
>> Cherrywood Business Park,
>>
>> Loughlinstown, Co. Dublin D18 E440
>>
>> Office: +353 (1) 531 0901 <+353%201%20531%200901>
>>
>> Website: www.worldnettps.com
>> _______________________________________________
>> midPoint mailing list
>> midPoint at lists.evolveum.com
>> http://lists.evolveum.com/mailman/listinfo/midpoint
>>
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com
> http://lists.evolveum.com/mailman/listinfo/midpoint
>


-- 

Kind Regards

Fabio Medeiro

IT Helpdesk


Hibernia House,

Cherrywood Business Park,

Loughlinstown, Co. Dublin D18 E440

Office: +353 (1) 531 0901 <+353%201%20531%200901>

Website: www.worldnettps.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20181128/fea9902e/attachment.htm>

More information about the midPoint mailing list