Hi Sanjeewa, We tried to reproduce the issue with IS 5.1.0 RC1 and we couldn't reproduce.
Further we investigated and observed that the problem seems to be in KeyStoreManager in kernel [1]. In KeyStoreManager, primaryKeyStore is initialized from getPrimaryKeyStore() [2]. For IS getPrimaryKeyStore() is called from one of our components [3] and so primaryKeyStore is getting initialized. But for APIM this is not happening. As a workaround you can do the same from one of your components. [1] https://github.com/wso2/carbon-kernel/blob/v4.4.3/core/org.wso2.carbon.core/src/main/java/org/wso2/carbon/core/util/KeyStoreManager.java [2] https://github.com/wso2/carbon-kernel/blob/v4.4.3/core/org.wso2.carbon.core/src/main/java/org/wso2/carbon/core/util/KeyStoreManager.java#L328 [3] https://github.com/wso2/carbon-identity/blob/v5.0.5/components/sts/org.wso2.carbon.sts/src/main/java/org/wso2/carbon/sts/STSDeploymentInterceptor.java#L157 Thanks, Maduranga. On Mon, Dec 21, 2015 at 10:03 AM, Sanjeewa Malalgoda <[email protected]> wrote: > Hi Team, > While requesting access tokens with openid scope(see curl request[1]) i'm > getting following error[2]. > I tested this with carbon-identity 5.0.5 based AM build and i don't think > 5.0.6 do not have changes related to this use case. > I tested this with another white listed scopes to confirm this happen due > to white listed scopes or specific to openId. > We were able to get access tokens for normal white listed scopes but not > for openid scope. > Generate access tokens with openid scope is very common use case for all > API manager clients. > Did i missed anything here or we need to fix it (since this is NPE i think > we should fix this)? > > [1]curl -k -d > "grant_type=password&username=admin&password=admin&scope=openid" -H > "Authorization: Basic > VUFmMWFmZ3VCTzFaVE5QY0k2d2ZYbXNIQ1hVYTpUWURlT01nQjc3ME5DQ3RraTBZR3BNUVdQT2Nh" > https://10.100.1.65:8243/token > > [2][2015-12-21 09:46:53,812] ERROR - OAuth2Service Error occurred while > issuing the access token for Client ID : UAf1afguBO1ZTNPcI6wfXmsHCXUa, User > ID admin, Scope : [openid] and Grant Type : password > org.wso2.carbon.identity.oauth2.IdentityOAuth2Exception: Error while > obtaining private key for super tenant > at > org.wso2.carbon.identity.openidconnect.DefaultIDTokenBuilder.signJWTWithRSA(DefaultIDTokenBuilder.java:351) > at > org.wso2.carbon.identity.openidconnect.DefaultIDTokenBuilder.signJWT(DefaultIDTokenBuilder.java:514) > at > org.wso2.carbon.identity.openidconnect.DefaultIDTokenBuilder.buildIDToken(DefaultIDTokenBuilder.java:237) > at > org.wso2.carbon.identity.oauth2.token.AccessTokenIssuer.issue(AccessTokenIssuer.java:224) > at > org.wso2.carbon.identity.oauth2.OAuth2Service.issueAccessToken(OAuth2Service.java:196) > at > org.wso2.carbon.identity.oauth.endpoint.token.OAuth2TokenEndpoint.getAccessToken(OAuth2TokenEndpoint.java:245) > at > org.wso2.carbon.identity.oauth.endpoint.token.OAuth2TokenEndpoint.issueAccessToken(OAuth2TokenEndpoint.java:111) > at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) > at > sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57) > at > sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) > at java.lang.reflect.Method.invoke(Method.java:606) > at > org.apache.cxf.service.invoker.AbstractInvoker.performInvocation(AbstractInvoker.java:188) > at > org.apache.cxf.service.invoker.AbstractInvoker.invoke(AbstractInvoker.java:104) > at org.apache.cxf.jaxrs.JAXRSInvoker.invoke(JAXRSInvoker.java:204) > at org.apache.cxf.jaxrs.JAXRSInvoker.invoke(JAXRSInvoker.java:101) > at > org.apache.cxf.interceptor.ServiceInvokerInterceptor$1.run(ServiceInvokerInterceptor.java:58) > at > org.apache.cxf.interceptor.ServiceInvokerInterceptor.handleMessage(ServiceInvokerInterceptor.java:94) > at > org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:272) > at > org.apache.cxf.transport.ChainInitiationObserver.onMessage(ChainInitiationObserver.java:121) > at > org.apache.cxf.transport.http.AbstractHTTPDestination.invoke(AbstractHTTPDestination.java:249) > at > org.apache.cxf.transport.servlet.ServletController.invokeDestination(ServletController.java:248) > at > org.apache.cxf.transport.servlet.ServletController.invoke(ServletController.java:222) > at > org.apache.cxf.transport.servlet.ServletController.invoke(ServletController.java:153) > at > org.apache.cxf.transport.servlet.CXFNonSpringServlet.invoke(CXFNonSpringServlet.java:171) > at > org.apache.cxf.transport.servlet.AbstractHTTPServlet.handleRequest(AbstractHTTPServlet.java:289) > at > org.apache.cxf.transport.servlet.AbstractHTTPServlet.doPost(AbstractHTTPServlet.java:209) > at javax.servlet.http.HttpServlet.service(HttpServlet.java:646) > at > org.apache.cxf.transport.servlet.AbstractHTTPServlet.service(AbstractHTTPServlet.java:265) > at > org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:303) > at > org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208) > at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52) > at > org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241) > at > org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208) > at > org.wso2.carbon.ui.filters.CSRFPreventionFilter.doFilter(CSRFPreventionFilter.java:88) > at > org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241) > at > org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208) > at > org.wso2.carbon.ui.filters.CRLFPreventionFilter.doFilter(CRLFPreventionFilter.java:59) > at > org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241) > at > org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208) > at > org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:220) > at > org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:122) > at > org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:504) > at > org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:170) > at > org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:103) > at > org.wso2.carbon.tomcat.ext.valves.CompositeValve.continueInvocation(CompositeValve.java:99) > at > org.wso2.carbon.tomcat.ext.valves.CarbonTomcatValve$1.invoke(CarbonTomcatValve.java:47) > at > org.wso2.carbon.webapp.mgt.TenantLazyLoaderValve.invoke(TenantLazyLoaderValve.java:57) > at > org.wso2.carbon.tomcat.ext.valves.TomcatValveContainer.invokeValves(TomcatValveContainer.java:47) > at > org.wso2.carbon.tomcat.ext.valves.CompositeValve.invoke(CompositeValve.java:62) > at > org.wso2.carbon.tomcat.ext.valves.CarbonStuckThreadDetectionValve.invoke(CarbonStuckThreadDetectionValve.java:159) > at > org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:950) > at > org.wso2.carbon.tomcat.ext.valves.CarbonContextCreatorValve.invoke(CarbonContextCreatorValve.java:57) > at > org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:116) > at > org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:421) > at > org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1074) > at > org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:611) > at > org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1739) > at > org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.run(NioEndpoint.java:1698) > at > java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145) > at > java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615) > at > org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61) > at java.lang.Thread.run(Thread.java:745) > Caused by: java.lang.NullPointerException > at > org.wso2.carbon.core.util.KeyStoreManager.getDefaultPrivateKey(KeyStoreManager.java:395) > at > org.wso2.carbon.identity.openidconnect.DefaultIDTokenBuilder.signJWTWithRSA(DefaultIDTokenBuilder.java:349) > ... 61 more > > Thanks, > sanjeewa. > -- > > *Sanjeewa Malalgoda* > WSO2 Inc. > Mobile : +94713068779 > > <http://sanjeewamalalgoda.blogspot.com/>blog > :http://sanjeewamalalgoda.blogspot.com/ > <http://sanjeewamalalgoda.blogspot.com/> > > > > _______________________________________________ > Dev mailing list > [email protected] > http://wso2.org/cgi-bin/mailman/listinfo/dev > > -- Maduranga Siriwardena Software Engineer WSO2 Inc. email: [email protected] mobile: +94718990591
_______________________________________________ Dev mailing list [email protected] http://wso2.org/cgi-bin/mailman/listinfo/dev
