I have gotten SAML SSO to work in our sandbox environment.  However, when I tried to set it up in our production environment, I am getting a weird 401 Unauthorized error when our IDP post the SAML response back to our community login page.  Hence, the traffic is redirected back to the login page again, which re-initiates the SAML request again.  This goes into infinite loop.

Did anyone experience similar issue?  I am stuck and not sure what is causing this.

Communication between APEX code and WebService hosted in IIS

We have WebService hosted on IIS.

We have configured inbound SSL connection to the site by self-signed certificate. This certificate is not trusted on usual PC because we are using its in for debug purposes.

 

We trying to call our web service from APEX code by execute SOAP stub.

We have the following error: IO Exception: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

 

As I understand this error means that salesforce APEX virtual machine does not trust our self-signed certificate, is not it?

 

How to avoid this?

I get this exception, intermittently, when performing an async ws callout.  Some days everything is fine.  The endpoint is behind a ton of network security appliances (local dmz).

 

Does this exception denote a problem with the SF or local environment?  I am thinking local since there is so much hardware to traverse before hitting the true endpoint...but, how can I be sure?  Of course, the local guys are pointing fingers to SF infrastructure;)

 

Thanks!