stackoom
  简体   繁体   中英

ERROR {org.wso2.carbon.idp.mgt.util.IdPManagementUtil} - Error when accessing the IdentityProviderManager for tenant

 原文  2017-01-29 01:19:19       wso2/ wso2is/ wso2carbon

Question

Getting this exception in WSO2IS 5.1.0 on signin. 

[2017-01-28 20:12:22,384] ERROR {org.wso2.carbon.idp.mgt.util.IdPManagementUtil} -  Error when accessing the IdentityProviderManager for tenant : xyz.com org.wso2.carbon.idp.mgt.IdentityProviderManagementException: Error retrieving primary certificate for tenant : xyz.com
        at org.wso2.carbon.idp.mgt.IdentityProviderManager.getResidentIdP(IdentityProviderManager.java:214)
        at org.wso2.carbon.idp.mgt.util.IdPManagementUtil.getRememberMeTimeout(IdPManagementUtil.java:98)
        at org.wso2.carbon.identity.application.authentication.framework.handler.request.impl.DefaultAuthenticationRequestHandler.setAuthCookie(DefaultAuthenticationRequestHandler.java:347)
        at org.wso2.carbon.identity.application.authentication.framework.handler.request.impl.DefaultAuthenticationRequestHandler.concludeFlow(DefaultAuthenticationRequestHandler.java:284)
        at org.wso2.carbon.identity.application.authentication.framework.handler.request.impl.DefaultAuthenticationRequestHandler.handle(DefaultAuthenticationRequestHandler.java:120)
        at org.wso2.carbon.identity.application.authentication.framework.handler.request.impl.DefaultRequestCoordinator.handle(DefaultRequestCoordinator.java:135)
        at org.wso2.carbon.identity.application.authentication.framework.servlet.CommonAuthenticationServlet.doPost(CommonAuthenticationServlet.java:53)
        at javax.servlet.http.HttpServlet.service(HttpServlet.java:646)
        at javax.servlet.http.HttpServlet.service(HttpServlet.java:727)
        at org.eclipse.equinox.http.helper.ContextPathServletAdaptor.service(ContextPathServletAdaptor.java:37)
        at org.eclipse.equinox.http.servlet.internal.ServletRegistration.service(ServletRegistration.java:61)
        at org.eclipse.equinox.http.servlet.internal.ProxyServlet.processAlias(ProxyServlet.java:128)
        at org.eclipse.equinox.http.servlet.internal.ProxyServlet.service(ProxyServlet.java:60)
        at javax.servlet.http.HttpServlet.service(HttpServlet.java:727)
        at org.wso2.carbon.tomcat.ext.servlet.DelegationServlet.service(DelegationServlet.java:68)
        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:303)
        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
        at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)
        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
        at org.wso2.carbon.ui.filters.CSRFPreventionFilter.doFilter(CSRFPreventionFilter.java:88)
        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
        at org.wso2.carbon.ui.filters.CRLFPreventionFilter.doFilter(CRLFPreventionFilter.java:59)
        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
        at org.wso2.carbon.tomcat.ext.filter.CharacterSetFilter.doFilter(CharacterSetFilter.java:61)
        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
        at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:220)
        at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:122)
        at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:504)
        at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:170)
        at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:103)
        at org.wso2.carbon.tomcat.ext.valves.CompositeValve.continueInvocation(CompositeValve.java:99)
        at org.wso2.carbon.tomcat.ext.valves.CarbonTomcatValve$1.invoke(CarbonTomcatValve.java:47)
        at org.wso2.carbon.webapp.mgt.TenantLazyLoaderValve.invoke(TenantLazyLoaderValve.java:57)
        at org.wso2.carbon.tomcat.ext.valves.TomcatValveContainer.invokeValves(TomcatValveContainer.java:47)
        at org.wso2.carbon.tomcat.ext.valves.CompositeValve.invoke(CompositeValve.java:62)
        at org.wso2.carbon.tomcat.ext.valves.CarbonStuckThreadDetectionValve.invoke(CarbonStuckThreadDetectionValve.java:159)
        at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:950)
        at org.wso2.carbon.tomcat.ext.valves.CarbonContextCreatorValve.invoke(CarbonContextCreatorValve.java:57)
        at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:116)
        at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:421)
        at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1074)
        at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:611)
        at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1739)
        at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.run(NioEndpoint.java:1698)
        at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
        at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
        at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
        at java.lang.Thread.run(Thread.java:745)

3 answers

solution1
 1  2017-07-04 16:39:07

Issue is with client-truststore.jks

Step 1

replace wso2appm-1.2.1-SNAPSHOT/repository/resources/security/wso2carbon.jks with jks file generated from pfx file (SSL files sent by provider)

Change jks file name, keystore password and alias in carbon.xml

replace client-truststore.jks with one you create in folder wso2appm-1.2.1-SNAPSHOT/repository/resources/security/client-truststore.jks

To create client-truststore.jks file please follow below steps

keytool -export -alias certalias -keystore your_jks.jks -file .pem

This will generate .pem file

If you don't know certalias name please find it by following steps and run abve command with correct alias

on Linux

keytool -list -v -keystore your_jks.jks | grep "Alias name\\|Creation date"

on Windows

keytool -list -v -keystore your_jks.jks | findstr "Alias Creation"

step 2

keytool -import -alias certalias -file .pem -keystore client-truststore.jks -storepass wso2carbon

This will generate client-truststore.jks and replace the old (wso2appm-1.2.1-SNAPSHOT/repository/resources/security/client-truststore.jks) with this

Now change keystore alias in carbon.xml (wso2appm-1.2.1-SNAPSHOT/repository/conf/carbon.xml)

Run the application and check.

If still error comes change identityAlias in below line in "repository/deployment/server/jaggeryapps/publisher/controllers/acs.jag"

var identityAlias = configs.ssoConfiguration.identityAlias;

change to var identityAlias = "your identity alias name"

solution2
 0  2017-01-30 04:22:26

I checked the source code [1] related to the error. According to that, the issue is coming when it tries to initialize the registry [2].

When a tenant is created, the server creates a keystore for that tenant and stores it in the following registry path.

/_system/governance/repository/security/key-stores/

If the tenant name is xyz.com, in above registry path it creates a java keystore file with the name xyz-com.jks .

The registry objects are stored in the backend database. Therefore is there any possibility that above keystore file is not found or registry file path cannot be accessed ?

[1] https://github.com/wso2/carbon-identity/blob/v5.0.7/components/idp-mgt/org.wso2.carbon.idp.mgt/src/main/java/org/wso2/carbon/idp/mgt/IdentityProviderManager.java#L213

[2] https://github.com/wso2/carbon-identity/blob/v5.0.7/components/idp-mgt/org.wso2.carbon.idp.mgt/src/main/java/org/wso2/carbon/idp/mgt/IdentityProviderManager.java#L197

solution3
 0  2017-05-24 05:10:32

Its kind of harassment the way this code is written. When you create a tenant, default key store is created and stored in registry. You obviously don't want that so you'll end up in replacing the keystore by updating te registry and uploading the new keystore. Trick is the way you create the keystore, Here is what you need to do

  • Tenant Domain: "xyz.com"
  • Name of the Keystore: "xyz-com.jks"
  • Name of the private key entry alias: "xyz.com"

Now everything will work alright.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question API Mgt (Traffic and DAS) ERROR {org.wso2.carbon.databridge.receiver.binary.internal.BinaryDataReceiver} - javax.net.ssl.SSLHandshakeException ERROR {org.wso2.carbon.identity.application.authentication.endpoint.util.TenantMgtAdminServiceClient} - Sending POST request to URL error finding main method in class: org.wso2.carbon.bootstrap.Bootstrap : org.wso2.carbon.bootstrap.Bootstrap WSO2 IS - Difference between Story Challenge Questions on /identity/questionCollection VS org.wso2.carbon.identity.mgt/questionCollection WSO2 Carbon: An error has occured while accessing backend services org.wso2.carbon.databridge.receiver.binary.internal.BinaryDataReceiver} - Error while reading from the socket WSO2 Carbon Initialization Failed (Fatal Error) WSO2 AM2.0.0 monetization - Error wso2carbon.log:No schema is available for table ORG_WSO2_APIMGT_STATISTICS_REQUEST Error in starting wso2 server : org.wso2.carbon.user.core.UserStoreException: Error! Subquery returns more than 1 row at WSO2 server not starting: org.wso2.carbon.server.util.BundleInfoLine.getInstance(BundleInfoLine.java:87)
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM