ib1za (ib1za) asked a question.
Getting the below error while trying to login using SSO (Okta); both sp & idp certs are valid and looks good.
Any help / direction is appreciated.
java.security.cert.CertificateException: Unable to decode X.509 certificates\n\tat org.opensaml.xml.security.x509.X509Util.decodeCertificate
Caused by: java.security.KeyStoreException: failed to extract any certificates or private keys - maybe bad password?\n\tat org.apache.commons.ssl.KeyStoreBuilder.parse(KeyStoreBuilder.java:436)\n\tat org.apache.commons.ssl.TrustMaterial.<init>(TrustMaterial.java:207)\n\tat org.apache.commons.ssl.TrustMaterial.<init>(TrustMaterial.java:160)\n\tat org.opensaml.xml.security.x509.X509Util.decodeCertificate(X509Util.java:319)\n\t... 28 more
2021-12-08 00:14:35,915 [http-nio-8080-exec-1] ERROR provider.BaseTrustEngineRule - There was an error evaluating the request's token using the trust engine
org.opensaml.xml.security.SecurityException: Error extracting certificates from X509Data\n\tat org.opensaml.xml.security.keyinfo.provider.InlineX509DataProvider.extractCertificates
THANKS!
Hello @ib1za (ib1za),
Messages such as Error extracting certificates from X509 Data or Unable to decode X.509 certificates can also appear in the log file. It means that the SAML response could not be authenticated by the Service Provider. Ensure that the public Identity Provider certificate is right in the Identity Provider metadata file.
You may need to reach our Helpdesk in order to get further assistance with this troubleshooting scenario, you can use the link below as a reference to reach our helpdesk team:
https://help.okta.com/en/prod/Content/Topics/Directory/get-support.htm
Have a great day ahead.
Regards,
Natalia
Okta Inc.