Dear Experts
I am trying to configure OIM 11GR2 PS3( Pre-confgured VM) with O365 for basic Provisioning configuration and I am stuck.
Could you please guide me. I am not able to figureif the error is due to incorrect SSL certificate import or incorrect URI parameters passed
Following are the steps that I followed based on the documents in the below url
https://www.oracle.com/technetwork/middleware/id-mgmt/oim-integration-office-365-2706121.pdf
https://docs.oracle.com/cd/E22999_01/doc.111/e73273/toc.htm
I am currently using the Trial subscription of Azure AD & O365, I registered a new app for O365 in portal.azure.com
Generated the client id,client secret etc,set the permissions for Azure Graph API and Windows Azure AD
Installed O365 Connector,Configured IT Resource.
Imported the SSL certificate of O365 into keystore( cacerts) and verified it was imported successfully
Now when I try to run the O365 Scheduled jobs, I get the error:
org.identityconnectors.framework.common.exceptions.ConnectorException: Exception in getting authentication header Error occurred while executing a POST REST call on the target.
When I tried to check my HTTP request within my OIM guest VM, I get 200 OK
https://login.windows.net/common/oauth2/authorize?client_id=<replaced my client id>
These are the values that I have set and have
Name:O365App
Application Type:WebApp/API
Homepage url:https://outlook.office365.com
Configuration Lookup Lookup.Office365.Configuration
Connector Server Name
authenticationServerUrl https://login.windows.net/<replaced my client id>/oauth2/token?api-version=1.0
authenticationType client_credentials
clientId <replaced my client id>
clientSecret <replaced my client secret>
host graph.windows.net
port 443
proxyHost
proxyPassword
proxyPort
proxyUser
sslEnabled true
uriPlaceHolder "tenant_id;domain name","api_version;api-version=1.6"
*******************
LOGS INFO
**************
2019-02-03T03:03:27.713-08:00] [oim_server1] [ERROR] [] [ORACLE.IAM.CONNECTORS.ICFCOMMON.RECON.LOOKUPRECONTASK] [tid: OIMQuartzScheduler_Worker-7] [userId: oiminternal] [ecid: 0000MY_yRBGFw0WFLzjO8A1SKrBH000004,1:27720] [APP: oim#11.1.2.0.0] oracle.iam.connectors.icfcommon.recon.LookupReconTask : execute : Error during execution[[
org.identityconnectors.framework.common.exceptions.ConnectorException: Exception in getting authentication header Error occurred while executing a POST REST call on the target.
at org.identityconnectors.genericrest.GenericRESTConnection.setAuthHeaders(GenericRESTConnection.java:93)
at org.identityconnectors.genericrest.GenericRESTConnection.<init>(GenericRESTConnection.java:78)
at org.identityconnectors.genericrest.GenericRESTConnector.init(GenericRESTConnector.java:164)
at org.identityconnectors.framework.impl.api.local.operations.ConnectorAPIOperationRunnerProxy.invoke(ConnectorAPIOperationRunnerProxy.java:89)
at $Proxy499.search(Unknown Source)
at sun.reflect.GeneratedMethodAccessor2402.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at org.identityconnectors.framework.impl.api.local.operations.ThreadClassLoaderManagerProxy.invoke(ThreadClassLoaderManagerProxy.java:107)
at $Proxy499.search(Unknown Source)
at sun.reflect.GeneratedMethodAccessor2402.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at org.identityconnectors.framework.impl.api.BufferedResultsProxy$BufferedResultsHandler.run(BufferedResultsProxy.java:162)
Caused by: org.identityconnectors.framework.common.exceptions.ConnectorException: Error occurred while executing a POST REST call on the target.
at org.identityconnectors.restcommon.ClientHandler.executeRequest(ClientHandler.java:257)
at org.identityconnectors.restcommon.auth.impl.OAuthClientCredentials.getAuthHeaders(OAuthClientCredentials.java:121)
at org.identityconnectors.restcommon.ClientHandler.getAuthenticationHeaders(ClientHandler.java:97)
at org.identityconnectors.genericrest.GenericRESTConnection.setAuthHeaders(GenericRESTConnection.java:87)
... 13 more
Caused by: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:174)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1699)
at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:241)
at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:235)
at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1206)
at com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:136)
at com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Handshaker.java:593)
at com.sun.net.ssl.internal.ssl.Handshaker.process_record(Handshaker.java:529)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:893)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1138)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1165)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1149)
at org.apache.http.conn.ssl.SSLConnectionSocketFactory.createLayeredSocket(SSLConnectionSocketFactory.java:290)
at org.apache.http.conn.ssl.SSLConnectionSocketFactory.connectSocket(SSLConnectionSocketFactory.java:259)
at org.apache.http.impl.conn.HttpClientConnectionOperator.connect(HttpClientConnectionOperator.java:125)
at org.apache.http.impl.conn.PoolingHttpClientConnectionManager.connect(PoolingHttpClientConnectionManager.java:319)
at org.apache.http.impl.execchain.MainClientExec.establishRoute(MainClientExec.java:363)
at org.apache.http.impl.execchain.MainClientExec.execute(MainClientExec.java:219)
at org.apache.http.impl.execchain.ProtocolExec.execute(ProtocolExec.java:195)
at org.apache.http.impl.execchain.RetryExec.execute(RetryExec.java:86)
at org.apache.http.impl.execchain.RedirectExec.execute(RedirectExec.java:108)
at org.apache.http.impl.client.InternalHttpClient.doExecute(InternalHttpClient.java:184)
at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:82)
at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:106)
at org.identityconnectors.restcommon.ClientHandler.executeRequest(ClientHandler.java:245)
... 16 more
Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:323)
at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:217)
at sun.security.validator.Validator.validate(Validator.java:218)
at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:126)
at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:209)
at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:249)
at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1185)
... 36 more
Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:174)
at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:238)
at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:318)
... 42 more
Thanks
sundas7