323 views

Description

OAuth client is not utilizing the certificate trust store or allowing connection to OAuth endpoints that incorporate a self-signed certificate.
After the exception occurs, the REST Message call is unable to retrieve the OAuth Token.

Steps to Reproduce

 

  1. Create an OAuth Profile and Application Registry
  2. Point the Token URL at a sever using a self-signed certificate
  3. Execute the following through

    -- script ------
gs.print("GlideHttpRequest test:" + test_oauth("servicenow", "123456789", 'Gateway validate').join("\n"));

function test_oauth(vuser, vpassword, vregistry) {
    c = [];
    var e = new sn_auth.GlideOAuthClient;
    vuser = {
        grant_type: "password",
        username: vuser,
        password: vpassword,
        scope: "servicenow"
    };
    vuser = (new global.JSON).encode(vuser);
    vregistry = e.requestToken(vregistry, vuser).getToken();
    c.push("GlideOAuthClient test: ");
    c.push("AccessToken:" + vregistry.getAccessToken());
    c.push("AccessTokenExpiresIn:" + vregistry.getExpiresIn());
    c.push(" RefreshToken:" + vregistry.getRefreshToken())
};


Results: 

GlideOAuthClient test:
> org.apache.oltu.oauth2.common.exception.OAuthSystemException: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

Workaround

Ensure end-point system is using a certificate signed by an approved Java CA Authority.

 


Related Problem: PRB724888

Seen In

Helsinki Patch 0 Hot Fix 1

Associated Community Threads

There is no data to report.

Article Information

Last Updated:2018-03-02 05:37:03
Published:2017-09-22