[BUG-1532] SAML IdP fail to import metadata

Ignition
1

I’m trying to configure a SAML 2.0 IdP with Shibboleth, but the metadata import fails. I also tried saving as a file to import, but that failed too. The log shows an Error Handling Route. Is anyone familiar with configuring Shibboleth for SSO through Ignition yet?

2

In what way does the import fail? Are there any error messages in the gateway logs when the import fails?

3

Next to the import button, the only message that pops up is “import failed” in red. See attached for the Error Handling Route message from the log.

SAML error handling route- forum post
SAML error handling route- forum post1106×766 14.5 KB

4

Could you copy and paste the entire stacktrace text here? I can’t see which line number is referenced on the first line of the stack since it is cut off.

5

java.lang.NullPointerException: null

at com.inductiveautomation.ignition.gateway.auth.web.strategy.saml.SAMLWebAuthStrategyAdapter.importProviderMetadata(SAMLWebAuthStrategyAdapter.java:580)

at com.inductiveautomation.ignition.gateway.auth.idp.IdpAdapterConfigRoutes.importProviderMetadata(IdpAdapterConfigRoutes.java:561)

at com.inductiveautomation.ignition.gateway.dataroutes.Route.service(Route.java:252)

at com.inductiveautomation.ignition.gateway.dataroutes.RouteGroupImpl.service(RouteGroupImpl.java:61)

at com.inductiveautomation.ignition.gateway.dataroutes.RouteGroupCollectionServlet.serviceInternal(RouteGroupCollectionServlet.java:54)

at com.inductiveautomation.ignition.gateway.dataroutes.AbstractRouteGroupServlet.service(AbstractRouteGroupServlet.java:38)

at javax.servlet.http.HttpServlet.service(HttpServlet.java:790)

at org.eclipse.jetty.servlet.ServletHolder$NotAsyncServlet.service(ServletHolder.java:1391)

at org.eclipse.jetty.servlet.ServletHolder.handle(ServletHolder.java:760)

at org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:547)

at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:143)

at org.eclipse.jetty.security.SecurityHandler.handle(SecurityHandler.java:590)

at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:127)

at org.eclipse.jetty.server.handler.ScopedHandler.nextHandle(ScopedHandler.java:235)

at org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:1607)

at org.eclipse.jetty.server.handler.ScopedHandler.nextHandle(ScopedHandler.java:233)

at org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1297)

at org.eclipse.jetty.server.handler.ScopedHandler.nextScope(ScopedHandler.java:188)

at org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:485)

at org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:1577)

at org.eclipse.jetty.server.handler.ScopedHandler.nextScope(ScopedHandler.java:186)

at org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1212)

at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:141)

at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:127)

at org.eclipse.jetty.rewrite.handler.RewriteHandler.handle(RewriteHandler.java:322)

at org.eclipse.jetty.server.handler.HandlerList.handle(HandlerList.java:59)

at org.eclipse.jetty.server.handler.HandlerCollection.handle(HandlerCollection.java:146)

at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:127)

at org.eclipse.jetty.server.Server.handle(Server.java:500)

at org.eclipse.jetty.server.HttpChannel.lambda$handle$1(HttpChannel.java:383)

at org.eclipse.jetty.server.HttpChannel.dispatch(HttpChannel.java:547)

at org.eclipse.jetty.server.HttpChannel.handle(HttpChannel.java:375)

at org.eclipse.jetty.server.HttpConnection.onFillable(HttpConnection.java:270)

at org.eclipse.jetty.io.AbstractConnection$ReadCallback.succeeded(AbstractConnection.java:311)

at org.eclipse.jetty.io.FillInterest.fillable(FillInterest.java:103)

at org.eclipse.jetty.io.ssl.SslConnection$DecryptedEndPoint.onFillable(SslConnection.java:543)

at org.eclipse.jetty.io.ssl.SslConnection.onFillable(SslConnection.java:398)

at org.eclipse.jetty.io.ssl.SslConnection$2.succeeded(SslConnection.java:161)

at org.eclipse.jetty.io.FillInterest.fillable(FillInterest.java:103)

at org.eclipse.jetty.io.ChannelEndPoint$2.run(ChannelEndPoint.java:117)

at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.runTask(EatWhatYouKill.java:336)

at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.doProduce(EatWhatYouKill.java:313)

at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.tryProduce(EatWhatYouKill.java:171)

at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.run(EatWhatYouKill.java:129)

at org.eclipse.jetty.util.thread.ReservedThreadExecutor$ReservedThread.run(ReservedThreadExecutor.java:388)

at org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:806)

at org.eclipse.jetty.util.thread.QueuedThreadPool$Runner.run(QueuedThreadPool.java:938)

at java.base/java.lang.Thread.run(Unknown Source)

6

Can you attach (or DM me) a copy of your IdP’s metadata XML which is causing the NPE?

7

For posterity, @nickbrickner DM’d me the failing metadata XML, and turns out there is a bug in Ignition’s code which does not properly process IdP metadata when any KeyDescriptor tag under a IDPSSODescriptor tag is missing the use attribute. According to the SAML spec, the use attribute may be omitted, and if omitted, should be treated as use="signing". I’ve logged a ticket to fix this, and as a workaround for anyone running into this issue, you may download the metadata XML to a file on your computer, open it with a text editor, and change the following XML tag under the IDPSSODescriptor XML tag from <KeyDescriptor> to <KeyDescriptor use="signing"> , then import the metadata file into Ignition and it should work.

3 Likes
8

This bug was fixed and made it into the latest 8.1.3 nightly build.

9

I just got the same problem with version 8.1.38. I have done this with 32 other sites and no issue but I just hit one that does. The keydescriptor also has the use="signing" in it as suggested.

10

What is the exact error that you ran into? Can you share a stacktrace from the Gateway logs?

We recently fixed a SAML Metadata import regression in 8.1.43 that was introduced in 8.1.34, I'm wondering if you ran into that...

11

Error handling route. Further logging for this event will be DEBUG

com.inductiveautomation.ignition.gateway.auth.web.strategy.WebAuthStrategyAdapterException: Unable to deserialize the SAML Metadata at com.inductiveautomation.ignition.gateway.auth.web.strategy.saml.SAMLWebAuthStrategyAdapter.deserialize(SAMLWebAuthStrategyAdapter.java:450) at com.inductiveautomation.ignition.gateway.auth.web.strategy.saml.SAMLWebAuthStrategyAdapter.doImportProviderMetadata(SAMLWebAuthStrategyAdapter.java:499) at com.inductiveautomation.ignition.gateway.auth.web.strategy.saml.SAMLWebAuthStrategyAdapter.importProviderMetadata(SAMLWebAuthStrategyAdapter.java:725) at com.inductiveautomation.ignition.gateway.auth.idp.IdpAdapterConfigRoutes.importProviderMetadata(IdpAdapterConfigRoutes.java:584) at com.inductiveautomation.ignition.gateway.dataroutes.Route.service(Route.java:254) at com.inductiveautomation.ignition.gateway.dataroutes.RouteGroupImpl.service(RouteGroupImpl.java:64) at com.inductiveautomation.ignition.gateway.dataroutes.RouteGroupCollectionServlet.serviceInternal(RouteGroupCollectionServlet.java:59) at com.inductiveautomation.ignition.gateway.dataroutes.AbstractRouteGroupServlet.service(AbstractRouteGroupServlet.java:38) at javax.servlet.http.HttpServlet.service(HttpServlet.java:590) at org.eclipse.jetty.servlet.ServletHolder$NotAsync.service(ServletHolder.java:1410) at org.eclipse.jetty.servlet.ServletHolder.handle(ServletHolder.java:764) at org.eclipse.jetty.servlet.ServletHandler$ChainEnd.doFilter(ServletHandler.java:1665) at org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:527) at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:131) at org.eclipse.jetty.security.SecurityHandler.handle(SecurityHandler.java:578) at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:122) at org.eclipse.jetty.server.handler.ScopedHandler.nextHandle(ScopedHandler.java:223) at org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:1570) at org.eclipse.jetty.server.handler.ScopedHandler.nextHandle(ScopedHandler.java:221) at org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1384) at org.eclipse.jetty.server.handler.ScopedHandler.nextScope(ScopedHandler.java:176) at org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:484) at org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:1543) at org.eclipse.jetty.server.handler.ScopedHandler.nextScope(ScopedHandler.java:174) at org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1306) at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:129) at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:122) at com.inductiveautomation.catapult.handlers.RemoteHostNameLookupHandler.handle(RemoteHostNameLookupHandler.java:121) at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:122) at org.eclipse.jetty.rewrite.handler.RewriteHandler.handle(RewriteHandler.java:301) at org.eclipse.jetty.server.handler.HandlerList.handle(HandlerList.java:51) at org.eclipse.jetty.server.handler.HandlerCollection.handle(HandlerCollection.java:141) at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:122) at org.eclipse.jetty.server.Server.handle(Server.java:563) at org.eclipse.jetty.server.HttpChannel.lambda$handle$0(HttpChannel.java:505) at org.eclipse.jetty.server.HttpChannel.dispatch(HttpChannel.java:762) at org.eclipse.jetty.server.HttpChannel.handle(HttpChannel.java:497) at org.eclipse.jetty.server.HttpConnection.onFillable(HttpConnection.java:282) at org.eclipse.jetty.io.AbstractConnection$ReadCallback.succeeded(AbstractConnection.java:314) at org.eclipse.jetty.io.FillInterest.fillable(FillInterest.java:100) at org.eclipse.jetty.io.ssl.SslConnection$DecryptedEndPoint.onFillable(SslConnection.java:558) at org.eclipse.jetty.io.ssl.SslConnection.onFillable(SslConnection.java:379) at org.eclipse.jetty.io.ssl.SslConnection$2.succeeded(SslConnection.java:146) at org.eclipse.jetty.io.FillInterest.fillable(FillInterest.java:100) at org.eclipse.jetty.io.SelectableChannelEndPoint$1.run(SelectableChannelEndPoint.java:53) at org.eclipse.jetty.util.thread.strategy.AdaptiveExecutionStrategy.runTask(AdaptiveExecutionStrategy.java:416) at org.eclipse.jetty.util.thread.strategy.AdaptiveExecutionStrategy.consumeTask(AdaptiveExecutionStrategy.java:385) at org.eclipse.jetty.util.thread.strategy.AdaptiveExecutionStrategy.tryProduce(AdaptiveExecutionStrategy.java:272) at org.eclipse.jetty.util.thread.strategy.AdaptiveExecutionStrategy.lambda$new$0(AdaptiveExecutionStrategy.java:140) at org.eclipse.jetty.util.thread.ReservedThreadExecutor$ReservedThread.run(ReservedThreadExecutor.java:411) at org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:969) at org.eclipse.jetty.util.thread.QueuedThreadPool$Runner.doRunJob(QueuedThreadPool.java:1194) at org.eclipse.jetty.util.thread.QueuedThreadPool$Runner.run(QueuedThreadPool.java:1149) at java.base/java.lang.Thread.run(Unknown Source) Caused by: com.inductiveautomation.ignition.gateway.auth.saml.serialization.SAMLDeserializerException: Unable to parse the Document at com.inductiveautomation.ignition.gateway.auth.saml.serialization.AbstractSAMLDeserializer.deserialize(AbstractSAMLDeserializer.java:43) at com.inductiveautomation.ignition.gateway.auth.web.strategy.saml.SAMLWebAuthStrategyAdapter.deserialize(SAMLWebAuthStrategyAdapter.java:448) ... 53 common frames omitted Caused by: com.inductiveautomation.ignition.gateway.auth.saml.parsing.SAMLDocumentParserException: Unable to parse the SAML document at com.inductiveautomation.ignition.gateway.auth.saml.parsing.SAMLDocumentParserImpl.parse(SAMLDocumentParserImpl.java:40) at com.inductiveautomation.ignition.gateway.auth.saml.parsing.SAMLDocumentParserDecorator.parse(SAMLDocumentParserDecorator.java:28) at com.inductiveautomation.ignition.gateway.auth.saml.parsing.SchemaValidatingSAMLDocumentParser.parse(SchemaValidatingSAMLDocumentParser.java:86) at com.inductiveautomation.ignition.gateway.auth.saml.parsing.SAMLDocumentParserDecorator.parse(SAMLDocumentParserDecorator.java:28) at com.inductiveautomation.ignition.gateway.auth.saml.parsing.IdTaggingSAMLDocumentParserDecorator.parse(IdTaggingSAMLDocumentParserDecorator.java:43) at com.inductiveautomation.ignition.gateway.auth.saml.serialization.AbstractSAMLDeserializer.deserialize(AbstractSAMLDeserializer.java:41) ... 54 common frames omitted Caused by: org.xml.sax.SAXParseException: Content is not allowed in prolog. at java.xml/com.sun.org.apache.xerces.internal.parsers.DOMParser.parse(Unknown Source) at java.xml/com.sun.org.apache.xerces.internal.jaxp.DocumentBuilderImpl.parse(Unknown Source) at java.xml/javax.xml.parsers.DocumentBuilder.parse(Unknown Source) at com.inductiveautomation.ignition.gateway.auth.saml.parsing.SAMLDocumentParserImpl.parse(SAMLDocumentParserImpl.java:38)

12

Caused by: org.xml.sax.SAXParseException: Content is not allowed in prolog

This root cause lines up with the bug we fixed in 8.1.43.

Two options:

  1. Upgrade to 8.1.43
  2. Download an Ignition 8.1 build prior to 8.1.34, import the SAML metadata on that version, save the IdP, then export the SAML IdP and import it into your 8.1.38 instance. One thing with this approach is that it will overwrite the rest of your IdP's config such as user attribute mappings, user grants, and security level rules, so you will have to make sure to go back and fix those settings after import. I'd recommend importing to a new IdP, get the settings the way you want it on the new one, and then point to this new IdP anywhere in Ignition where you reference the old IdP (should make for a smoother cutover in theory).
13

Upgrading will be our option, thanks.

1 Like
14

I am also getting below exception while starting my application:
Metadata refreshing has failed: java.lang.NullPointerException
this my idp mtadata xml
keycloak-metadata.xml (2.8 KB)

15

Can you share the full stacktrace?

16

Caused by: org.springframework.beans.factory.UnsatisfiedDependencyException: Error creating bean with name 'samlEntryPoint': Unsatisfied dependency expressed through method 'setMetadata' parameter 0; nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'metadata' defined in class path resource [appcontext-security.xml]: Invocation of init method failed; nested exception is java.lang.NullPointerException
Caused by: org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'metadata' defined in class path resource [appcontext-security.xml]: Invocation of init method failed; nested exception is java.lang.NullPointerException
Caused by: java.lang.NullPointerException"

17

A "full backtrace" includes the parts with all the line numbers, and and appended "Caused by" sections.

18

Actually, its happening when I am starting my application. The whole configuration is done in spring-security-context.xml. So there is no specific code line at which its happening:

17:09:43,631 WARN [org.springframework.security.saml.metadata.MetadataManager] (Metadata-reload) Metadata refreshing has failed: java.lang.NullPointerException
at org.springframework.security.saml.metadata.MetadataManager.getTrustEngine(MetadataManager.java:588) [spring-security-saml2-core-1.0.3.RELEASE.jar:1.0.3.RELEASE]
at org.springframework.security.saml.metadata.MetadataManager.initializeProviderFilters(MetadataManager.java:523) [spring-security-saml2-core-1.0.3.RELEASE.jar:1.0.3.RELEASE]
at org.springframework.security.saml.metadata.MetadataManager.refreshMetadata(MetadataManager.java:237) [spring-security-saml2-core-1.0.3.RELEASE.jar:1.0.3.RELEASE]
at org.springframework.security.saml.metadata.CachingMetadataManager.refreshMetadata(CachingMetadataManager.java:86) [spring-security-saml2-core-1.0.3.RELEASE.jar:1.0.3.RELEASE]
at org.springframework.security.saml.metadata.MetadataManager$RefreshTask.run(MetadataManager.java:1040) [spring-security-saml2-core-1.0.3.RELEASE.jar:1.0.3.RELEASE]
at java.util.TimerThread.mainLoop(Timer.java:555) [rt.jar:1.8.0_211]
at java.util.TimerThread.run(Timer.java:505) [rt.jar:1.8.0_211]

19

Where are you getting these stack traces from? They don't appear to come from Ignition since Ignition does not use the Spring framework...

20

I get similar error , 8.1.44
trying to import from keycloak


Route	26Mar2025 16:20:32	Error handling route. Further logging for this event will be DEBUG
javax.net.ssl.SSLHandshakeException: PKIX path validation failed: java.security.cert.CertPathValidatorException: Path does not chain with any of the trust anchors

at java.base/sun.security.ssl.Alert.createSSLException(Unknown Source)

at java.base/sun.security.ssl.TransportContext.fatal(Unknown Source)

at java.base/sun.security.ssl.TransportContext.fatal(Unknown Source)

at java.base/sun.security.ssl.TransportContext.fatal(Unknown Source)

at java.base/sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(Unknown Source)

at java.base/sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(Unknown Source)

at java.base/sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(Unknown Source)

at java.base/sun.security.ssl.SSLHandshake.consume(Unknown Source)

at java.base/sun.security.ssl.HandshakeContext.dispatch(Unknown Source)

at java.base/sun.security.ssl.HandshakeContext.dispatch(Unknown Source)

at java.base/sun.security.ssl.TransportContext.dispatch(Unknown Source)

at java.base/sun.security.ssl.SSLTransport.decode(Unknown Source)

at java.base/sun.security.ssl.SSLSocketImpl.decode(Unknown Source)

at java.base/sun.security.ssl.SSLSocketImpl.readHandshakeRecord(Unknown Source)

at java.base/sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source)

at java.base/sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source)

at org.apache.http.conn.ssl.SSLConnectionSocketFactory.createLayeredSocket(SSLConnectionSocketFactory.java:436)

at org.apache.http.conn.ssl.SSLConnectionSocketFactory.connectSocket(SSLConnectionSocketFactory.java:384)

at org.apache.http.impl.conn.DefaultHttpClientConnectionOperator.connect(DefaultHttpClientConnectionOperator.java:142)

at org.apache.http.impl.conn.PoolingHttpClientConnectionManager.connect(PoolingHttpClientConnectionManager.java:376)

at org.apache.http.impl.execchain.MainClientExec.establishRoute(MainClientExec.java:393)

at org.apache.http.impl.execchain.MainClientExec.execute(MainClientExec.java:236)

at org.apache.http.impl.execchain.ProtocolExec.execute(ProtocolExec.java:186)

at org.apache.http.impl.execchain.RetryExec.execute(RetryExec.java:89)

at org.apache.http.impl.execchain.RedirectExec.execute(RedirectExec.java:110)

at org.apache.http.impl.client.InternalHttpClient.doExecute(InternalHttpClient.java:185)

at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:83)

at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:108)

at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:56)

at com.inductiveautomation.ignition.gateway.auth.idp.IdpAdapterConfigRoutes.importProviderMetadata(IdpAdapterConfigRoutes.java:572)

at com.inductiveautomation.ignition.gateway.dataroutes.Route.service(Route.java:254)

at com.inductiveautomation.ignition.gateway.dataroutes.RouteGroupImpl.service(RouteGroupImpl.java:64)

at com.inductiveautomation.ignition.gateway.dataroutes.RouteGroupCollectionServlet.serviceInternal(RouteGroupCollectionServlet.java:59)

at com.inductiveautomation.ignition.gateway.dataroutes.AbstractRouteGroupServlet.service(AbstractRouteGroupServlet.java:38)

at javax.servlet.http.HttpServlet.service(HttpServlet.java:590)

at org.eclipse.jetty.servlet.ServletHolder$NotAsync.service(ServletHolder.java:1410)

at org.eclipse.jetty.servlet.ServletHolder.handle(ServletHolder.java:764)

at org.eclipse.jetty.servlet.ServletHandler$ChainEnd.doFilter(ServletHandler.java:1665)

at org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:527)

at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:131)

at org.eclipse.jetty.security.SecurityHandler.handle(SecurityHandler.java:598)

at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:122)

at org.eclipse.jetty.server.handler.ScopedHandler.nextHandle(ScopedHandler.java:223)

at org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:1580)

at org.eclipse.jetty.server.handler.ScopedHandler.nextHandle(ScopedHandler.java:221)

at org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1384)

at org.eclipse.jetty.server.handler.ScopedHandler.nextScope(ScopedHandler.java:176)

at org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:484)

at org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:1553)

at org.eclipse.jetty.server.handler.ScopedHandler.nextScope(ScopedHandler.java:174)

at org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1306)

at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:129)

at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:122)

at com.inductiveautomation.catapult.handlers.RemoteHostNameLookupHandler.handle(RemoteHostNameLookupHandler.java:121)

at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:122)

at org.eclipse.jetty.rewrite.handler.RewriteHandler.handle(RewriteHandler.java:301)

at org.eclipse.jetty.server.handler.HandlerList.handle(HandlerList.java:51)

at org.eclipse.jetty.server.handler.HandlerCollection.handle(HandlerCollection.java:141)

at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:122)

at org.eclipse.jetty.server.Server.handle(Server.java:563)

at org.eclipse.jetty.server.HttpChannel$RequestDispatchable.dispatch(HttpChannel.java:1598)

at org.eclipse.jetty.server.HttpChannel.dispatch(HttpChannel.java:753)

at org.eclipse.jetty.server.HttpChannel.handle(HttpChannel.java:501)

at org.eclipse.jetty.server.HttpConnection.onFillable(HttpConnection.java:287)

at org.eclipse.jetty.io.AbstractConnection$ReadCallback.succeeded(AbstractConnection.java:314)

at org.eclipse.jetty.io.FillInterest.fillable(FillInterest.java:100)

at org.eclipse.jetty.io.ssl.SslConnection$DecryptedEndPoint.onFillable(SslConnection.java:558)

at org.eclipse.jetty.io.ssl.SslConnection.onFillable(SslConnection.java:379)

at org.eclipse.jetty.io.ssl.SslConnection$2.succeeded(SslConnection.java:146)

at org.eclipse.jetty.io.FillInterest.fillable(FillInterest.java:100)

at org.eclipse.jetty.io.SelectableChannelEndPoint$1.run(SelectableChannelEndPoint.java:53)

at org.eclipse.jetty.util.thread.strategy.AdaptiveExecutionStrategy.runTask(AdaptiveExecutionStrategy.java:421)

at org.eclipse.jetty.util.thread.strategy.AdaptiveExecutionStrategy.consumeTask(AdaptiveExecutionStrategy.java:390)

at org.eclipse.jetty.util.thread.strategy.AdaptiveExecutionStrategy.tryProduce(AdaptiveExecutionStrategy.java:277)

at org.eclipse.jetty.util.thread.strategy.AdaptiveExecutionStrategy.run(AdaptiveExecutionStrategy.java:199)

at org.eclipse.jetty.util.thread.ReservedThreadExecutor$ReservedThread.run(ReservedThreadExecutor.java:411)

at org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:969)

at org.eclipse.jetty.util.thread.QueuedThreadPool$Runner.doRunJob(QueuedThreadPool.java:1194)

at org.eclipse.jetty.util.thread.QueuedThreadPool$Runner.run(QueuedThreadPool.java:1149)

at java.base/java.lang.Thread.run(Unknown Source)

Caused by: sun.security.validator.ValidatorException: PKIX path validation failed: java.security.cert.CertPathValidatorException: Path does not chain with any of the trust anchors

at java.base/sun.security.validator.PKIXValidator.doValidate(Unknown Source)

at java.base/sun.security.validator.PKIXValidator.engineValidate(Unknown Source)

at java.base/sun.security.validator.Validator.validate(Unknown Source)

at java.base/sun.security.ssl.X509TrustManagerImpl.checkTrusted(Unknown Source)

at java.base/sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(Unknown Source)

... 76 common frames omitted

Caused by: java.security.cert.CertPathValidatorException: Path does not chain with any of the trust anchors

at java.base/sun.security.provider.certpath.PKIXCertPathValidator.validate(Unknown Source)

at java.base/sun.security.provider.certpath.PKIXCertPathValidator.engineValidate(Unknown Source)

at java.base/java.security.cert.CertPathValidator.validate(Unknown Source)

... 81 common frames omitted