Push notification is not working
search cancel

Push notification is not working

book

Article ID: 92349

calendar_today

Updated On:

Products

CA Rapid App Security CA Advanced Authentication CA API Gateway

Issue/Introduction

Google FCM certificate has a validity of one year and any solution using Google FCM service for Push notification has to replace the certificate before it gets expired.

Device registration is happening successfully but during authentication , push notification is not getting on the device

Below are the logs: 2018-04-19 12:40:11,931 [http-nio-8080-exec-6] INFO pns.fcm.SSLUtils(53) -> connection got successful 2018-04-19 12:40:11,971 [http-nio-8080-exec-6] ERROR aa.pns.PushNotificationService(90) -> Failed to notify device. javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)

at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1959)

at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:302)

at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:296)

at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1514)

at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:216)

at sun.security.ssl.Handshaker.processLoop(Handshaker.java:1026)

at sun.security.ssl.Handshaker.process_record(Handshaker.java:961)

at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1072)

at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1385)

at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1413)

at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1397)

at sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:559)

at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:185)

at sun.net.www.protocol.http.HttpURLConnection.getOutputStream0(HttpURLConnection.java:1316)

at sun.net.www.protocol.http.HttpURLConnection.getOutputStream(HttpURLConnection.java:1291)

at sun.net.www.protocol.https.HttpsURLConnectionImpl.getOutputStream(HttpsURLConnectionImpl.java:250)

at com.ca.sec.aa.pns.fcm.FCMPushService.sendNotification(FCMPushService.java:67)

at com.ca.sec.aa.pns.fcm.FCMPushService.sendNotification(FCMPushService.java:294)

at com.arcot.integrations.frontend.tasks.NotifierTask.executeTask(NotifierTask.java:151)

at com.arcot.integrations.frontend.tasks.TaskEngine.invoke(TaskEngine.java:78)

at com.arcot.integrations.frontend.tasks.TaskEngine.invoke(TaskEngine.java:39)

at com.arcot.integrations.frontend.authmodules.impl.PUSHAuthSrvcIntegratorImpl.authenticate(PUSHAuthSrvcIntegratorImpl.java:255)

at com.arcot.integrations.frontend.authmodules.helpers.controller.AuthenticationFlowManagerEngine.executeSecondaryAuthenticationFlow(AuthenticationFlowManagerEngine.java:186) Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:397)

at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:302)

at sun.security.validator.Validator.validate(Validator.java:260) at sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:324)

at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:229)

at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:124)

at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1496) ... 51 more Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141)

at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126)

at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:280)

at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:392) ... 57 more 2018-04-19 12:40:11,972 [http-nio-8080-exec-6] INFO aa.pns.PushNotificationService(302) -> error msg is : {"device":"dVEmfUoBNmc:APA91bFyNSAVcufOr1CQGi_skh0gVETLHivR6tFMbMIPO0by1_hJxgLD0dy0zwttbvcRw_fH2bKoDhkFVlVbpG9GhJldrUX5wBvurlx4hL5INqZkUvwjpkgzTdSGbCnC2f61H-NZz-P1","Exception":"sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target"}

Environment

Release Version: 9.x

Component: AuthMinder(Arcot WebFort)

Resolution

Google FCM certificate has a validity of one year and any solution using Google FCM service for Push notification has to replace the certificate before it gets expired. I am attaching a document which talks about the solution, please review the document for the solution and there is a modified trust store as well which is attached here.

Please reach out to Support teams for any clarifications.

Attachments

1558536293508Documents.zip get_app
Powered by Wolken Software