Details
-
Bug
-
Resolution: Not a Bug
-
Major
-
2.2.0.GA
-
None
Description
When we deploy crw2.2 on PSI cluser with Openshift Oath set to true, an authentication issue occurs saying can't send authentication request to identity provider. Below I attach the detailed information on this issue.
Checking the logs in keycloak pods:
[0m[31m15:38:50,081 ERROR [org.keycloak.services.resources.IdentityBrokerService] (default task-1) couldNotSendAuthenticationRequestMessage: org.keycloak.broker.provider.IdentityBrokerException: Could not initialize oAuth metadata at ........
Caused by: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at ........
Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at .......
Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at ........
FYI, if i set the Openshift Oauth to false, can release the crw web console successfully.