By: Julien Bastin user 11 Feb 2020 at 7:53 a.m. CST

2 Responses
Julien Bastin gravatar
Hello, I have a problem with setting up Gluu as an IdP with an ADFS acting as a SP. When I want to add a trust relationship in SAML, I put the URL of the server : https://xxx.xxx.xxx/FederationMetadata/2007-06/FederationMetadata.xml But it doesn't work, and in the logs I have this: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target. I've seen a lot about cacerts, but I don't understand how to add the key in. Thank you.

By Michael Schwartz staff 11 Feb 2020 at 9:20 a.m. CST

Michael Schwartz gravatar
Login to the chroot and run this command: ``` # /etc/init.d/idp check ``` That will dump the environment variables, and you'll see the JRE that is used by the Shib IDP, which is `/opt/jre/bin/java` So I would start by importing the https certificate for ADFS into `/opt/jre/jre/lib/security/cacerts` I really like [KeyStore Explorer](https://keystore-explorer.org/) to manage java keystores. But there are also CLI ways to import the cert, which you can find by Googling.

By Julien Bastin user 11 Feb 2020 at 10:08 a.m. CST

Julien Bastin gravatar
Ok thank you ! I will try this tomorrow.