<iframe src="https://www.googletagmanager.com/ns.html?id=GTM-M74D8PB" height="0" width="0" style="display:none;visibility:hidden">
Loading
Skip to NavigationSkip to Main Content
System Status
Announcements
Announcements
Search
Search
Select Language
Knowledge Base
Knowledge Articles
Support Videos ↗
Documentation
Product Documentation ↗
Developer Documentation ↗
Product Release Notes ↗
Community
Events & Webinars
Okta Ideas ↗
Resources
Product Hub
Customer Success Hub
Product Release Update
Learning
Okta Learning ↗
Get Support
Open a Case
HomeCommunityForum
0D54z000078echdCAAOkta Classic EngineAuthenticationAnswered2021-08-30T17:10:25.000Z2021-08-30T14:52:04.000Z2021-08-30T17:10:25.000Z

JoeyL.24400 (Customer) asked a question.

August 30, 2021 at 2:52 PM
Okta Radius client Internal Server Error

We have the Okta Radius client with two apps attached. GlobalProtect and Citrix Workspace.

 

Intermittently, we get

 

2021-08-04 21:57:10 UTC [ pool-2-thread-13, radiusRequestId=USfijnblTa, user=, requestType=primary] : WARN - Authentication failed for user , reason --- Access-Request failed, error: Internal Server Error (sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target)

 

and the user cannot login with valid credentials.

 

We have contacted support but they are asking for a wireshark which is hard to provide due to the intermittent nature of the problem.

 

So far, we have established:

 

-different users

-different times

 

We checked the logs in our Okta tenant for the user and nothing even shows up there so the authentication isnt making it past the Radius client. This typically happens maybe once a day and sometimes not even that often.

 

Just curious if anyone else has seen this behavior and may have a fix.

 

  • 2 answers
  • 691 views

  • User16254393570754125507 (Okta)

    Hello @JoeyL.24400 (Customer)​,

     

    I hope you are doing fine.

     

    PKIX path building errors are the most common SSL errors.

     

    You need to verify that the certificate presented from the Client to the Server is trusted by the Server and vice-versa.

     

    Most often this occurs because of using a self-signed certificate on the Server. To resolve this error, import the Certificate Authority server certificate into the system truststore of the client. If the certificate is issued by your own PKI, it is better to import the root certificate of your PKI into the client truststore.

     

    Regards,

     

    Natalia

    Okta Inc.

    Expand Post

  • JoeyL.24400 (Customer)

    Hi Natalia,

     

    Firstly, thank you for responding to my question.

     

    Are you referring to the certificate we use for the gateway for our globalprotect and citrix gateways?

     

    That is a GoDaddy wildcard certificate. Ill dig a little deeper into that.

     

    I assume that is what you are referring to because I don't know of any certificate authentication between the Radius client and our Okta tenant.

     

    As a side note though, users that fail authentication will also be able to authenticate successfully at different periods on the same machine that failed previously.

     

    My first guess was bad credentials until it happened to me. That's was got me digging into the logs.

    Expand Post
This question is closed.
Loading
Okta Radius client Internal Server Error