2 Replies Latest reply on Sep 19, 2017 9:12 AM by Toby Erkson

    OpenID cannot connect to Identity provider

    David Bywaters

      Hi there,

       

      I have configured my Tableau Server to connect using OpenID.  However, when I try and login via the front end, I just get the message "Unable to Sign In - The identity provider configured for OpenID Connect could not be reached."  Looking in the log file, I can see the following:

       

      ERROR com.tableausoftware.api.webclient.WebClientGetAuthenticationController - WebClientGetAuthenticationController failed during OpenID login attempt

      com.tableausoftware.domain.exceptions.AuthenticationException: retrieving identity provider metadata from https://my-identity-provider.ac.uk/.well-known/openid-configuration failed (errorCode=10060)

      at com.tableausoftware.domain.user.openid.OpenIDMetadataHandler.requestOIDCMetadata(OpenIDMetadataHandler.java:150)

      ... more stack trace lines here...

      at java.lang.Thread.run(Thread.java:745)

      Caused by: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

       

      The identity provider URL here is correct and accessible from the server. 

       

      From the "PKIX path building failed... " part of the error above, I'm guessing the problem could be that the SSL certificate is self-signed?  I can't see any problems with the certificate when I browse the identity server in Chrome (the padlock is green, and no SSL certificate errors are shown)

       

      My identity provider website is running under https, but the web portal is not (it's running under http)

       

      Any ideas?