wso2 federation : unable to find valid certification path to requested target

Describe the issue: When I try to log in with an external identity provider with a valid tested user, I get an exception from my client .net app
client app says login_required', error_description: 'Authentication required', error_uri: 'error_uri is null'

and wso2 carbon server says

ERROR {org.wso2.carbon.identity.application.authentication.framework.handler.step.impl.DefaultStepHandler} - Authentication failed exception! javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

How to reproduce:

I configure wso2 to use federation.
I used duende identity server as my external identity provider.
I provide the relevant information.
I get redirected to the external idp login page.
Login is successful from the external idp perspective, because, when it throws the exception and I just go back to the previous page, the external idp shows that I'm logged cf. picture below
But then, it fails after this request GET /oauth2/authorize?sessionDataKey=4a525025-430f-41e9-8021-958e2a7433c6 HTTP/1.1 200 2192
Failing at my serviceProviderHost callback url: https://localhost:5005/signin-oidc (normal, since authentication process is not completed)
As opposed to normal login (without federation), after I get the sessionDataKey GET response, it should be redicrecting to https://localhost:9443/authenticationendpoint/oauth2_consent.do

Expected behavior: Once i log in via the external identity provider, I expect to be redirected to my service provider page with an ID and access token from Wso2.

Environment information (Please complete the following information; remove any unnecessary fields) :

Product Version: [ IS 6.1.0]
OS: [e.g., Windows10 pro]

wso2 / product-is

wso2 federation : unable to find valid certification path to requested target #16137