Calling LDAPS from DevTest IAM and getting this error when Testing Authentication:

2019-03-01 15:50:45,443 ERROR [org.keycloak.services] (default task-56) KC-SERVICES0055: Error when authenticating to LDAP: simple bind failed: <hostname>:636: javax.naming.CommunicationException: simple bind failed: <hostname>:636 [Root exception is javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target]

 

All supported DevTest releases.

The IAM iam-truststore.ks does not have the needed certificates for accessing the LDAPS server.

Import the LDAPS server certificates in the iam-truststore.ks located in folder DEVTEST_HOME/IdentityAccessManager.

! Important Note ! : Please make sure that along with server certificate, all the intermediate certificates along with Root CA certificate which are part of the certificate chain are imported in the iam trust store.

Restart IAM.