Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Products
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

Unable to login to Confluence through Okta (SSLHandshakeException error)

iplatitsa
iplatitsa July 23, 2017

Hi, 

 

I am trying to setup Confluence behind load balancer in AWS and Okta. When I am trying to login via Okta, I am unable to do so. To be more specific, I am being stuck on refirect page from Okta to Confluence (image is attached). When I looked at logs in  /var/atlassian/application-data/confluence/logs/atlassian-confluence.log 

2017-07-24 02:44:12,709 WARN [http-nio-8090-exec-2] [internal.integration.jira.DefaultJiraService] communicateWithJira Problem communicating with JIRA: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
-- referer: https://wiki-stage.mydomain.com/ | url: /rest/highlighting/1.0/panel-items | traceId: f2da7474efe3185d | userName: user.name

 

We are running Active Directory and I imported its certificate into keystore. The only missing piece I could think of is try to point confluence to correct keystore in setenv.sh ( -Djavax.net.ssl.trustStore=<path_to_keystore> ).Did anyone have similar problems configuring Confluence with Okta?

Any help is appreciated. 

Answer
Watch
Like Be the first to like this
1237 views

3 answers

0 votes
Peter D.
Peter D. September 12, 2019

where you able to resolve this? experiencing the same issue.

Reply
0 votes
Lars Olav Velle
Lars Olav Velle
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
July 24, 2017

Your cert needs to be imported to the java used by your application:

JAVA_HOME/jre/lib/security/cacaerts

-Lars

View More Comments
iplatitsa
iplatitsa July 24, 2017

I have configured CATALINA_OPTS="-Djavax.net.ssl.trustStore=/opt/atlassian/confluence/jre/lib/security/cacerts" argument in setenv.sh 

What I am surpsised about is seeing an error related to Jira while I am configuring Confluence. 

Like
Lars Olav Velle
Lars Olav Velle
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
July 24, 2017

If you are using self signed ssl certificates on both JIRA, and Confluence with application links, then you`ll need to import certificates to both applications.

 

-Lars

Like
Reply
0 votes
Lars Olav Velle
Lars Olav Velle
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
July 24, 2017

Not sure what SSL problems has to do with Okta integration?

 

-Lars

View More Comments
iplatitsa
iplatitsa July 24, 2017

Is does affect Okta. AD only allows port 636 which is encrypted, so this is where SSL cert from domain controller becomes crititcal.

Like
Reply

Suggest an answer

Log in or Sign up to answer
Confluence
Confluence
TAGS
AUG Leaders

Atlassian Community Events

    See all events