On Mon, Dec 21, 2015 at 3:09 PM, Maduranga Siriwardena <[email protected]> wrote:
> Hi, > Ideally this should be fixed in kernel as we mentioned above. But we have > fixed this and released carbon-identity 5.0.7 > > @Product teams, > Please update your carbon-identity version to 5.0.7 > ACK > > Thanks, > Maduranga. > > On Mon, Dec 21, 2015 at 11:58 AM, Sanjeewa Malalgoda <[email protected]> > wrote: > >> >> >> On Mon, Dec 21, 2015 at 11:48 AM, Maduranga Siriwardena < >> [email protected]> wrote: >> >>> Hi Sanjeewa, >>> >>> We tried to reproduce the issue with IS 5.1.0 RC1 and we couldn't >>> reproduce. >>> >>> Further we investigated and observed that the problem seems to be in >>> KeyStoreManager in kernel [1]. In KeyStoreManager, primaryKeyStore is >>> initialized from getPrimaryKeyStore() [2]. For IS getPrimaryKeyStore() is >>> called from one of our components [3] and so primaryKeyStore is getting >>> initialized. But for APIM this is not happening. As a workaround you can do >>> the same from one of your components. >>> >>> [1] >>> https://github.com/wso2/carbon-kernel/blob/v4.4.3/core/org.wso2.carbon.core/src/main/java/org/wso2/carbon/core/util/KeyStoreManager.java >>> [2] >>> https://github.com/wso2/carbon-kernel/blob/v4.4.3/core/org.wso2.carbon.core/src/main/java/org/wso2/carbon/core/util/KeyStoreManager.java#L328 >>> [3] >>> https://github.com/wso2/carbon-identity/blob/v5.0.5/components/sts/org.wso2.carbon.sts/src/main/java/org/wso2/carbon/sts/STSDeploymentInterceptor.java#L157 >>> >> >> If this key store initializing is required for OAuth endpoint and OAuth >> service why don't we initialize from oauth components? >> As i understood this issue is not happening in IS because some other >> component initialize this instead of OAuth endpoint or service. >> Let say we fixed it in our components(APIM), but still if someone >> installed OAuth features into kernal or any other server they still see >> same issue. >> So i think its better to add this to OAuth component itself. >> >>> >>> Thanks, >>> Maduranga. >>> >>> On Mon, Dec 21, 2015 at 10:03 AM, Sanjeewa Malalgoda <[email protected]> >>> wrote: >>> >>>> Hi Team, >>>> While requesting access tokens with openid scope(see curl request[1]) >>>> i'm getting following error[2]. >>>> I tested this with carbon-identity 5.0.5 based AM build and i don't >>>> think 5.0.6 do not have changes related to this use case. >>>> I tested this with another white listed scopes to confirm this happen >>>> due to white listed scopes or specific to openId. >>>> We were able to get access tokens for normal white listed scopes but >>>> not for openid scope. >>>> Generate access tokens with openid scope is very common use case for >>>> all API manager clients. >>>> Did i missed anything here or we need to fix it (since this is NPE i >>>> think we should fix this)? >>>> >>>> [1]curl -k -d >>>> "grant_type=password&username=admin&password=admin&scope=openid" -H >>>> "Authorization: Basic >>>> VUFmMWFmZ3VCTzFaVE5QY0k2d2ZYbXNIQ1hVYTpUWURlT01nQjc3ME5DQ3RraTBZR3BNUVdQT2Nh" >>>> https://10.100.1.65:8243/token >>>> >>>> [2][2015-12-21 09:46:53,812] ERROR - OAuth2Service Error occurred while >>>> issuing the access token for Client ID : UAf1afguBO1ZTNPcI6wfXmsHCXUa, User >>>> ID admin, Scope : [openid] and Grant Type : password >>>> org.wso2.carbon.identity.oauth2.IdentityOAuth2Exception: Error while >>>> obtaining private key for super tenant >>>> at >>>> org.wso2.carbon.identity.openidconnect.DefaultIDTokenBuilder.signJWTWithRSA(DefaultIDTokenBuilder.java:351) >>>> at >>>> org.wso2.carbon.identity.openidconnect.DefaultIDTokenBuilder.signJWT(DefaultIDTokenBuilder.java:514) >>>> at >>>> org.wso2.carbon.identity.openidconnect.DefaultIDTokenBuilder.buildIDToken(DefaultIDTokenBuilder.java:237) >>>> at >>>> org.wso2.carbon.identity.oauth2.token.AccessTokenIssuer.issue(AccessTokenIssuer.java:224) >>>> at >>>> org.wso2.carbon.identity.oauth2.OAuth2Service.issueAccessToken(OAuth2Service.java:196) >>>> at >>>> org.wso2.carbon.identity.oauth.endpoint.token.OAuth2TokenEndpoint.getAccessToken(OAuth2TokenEndpoint.java:245) >>>> at >>>> org.wso2.carbon.identity.oauth.endpoint.token.OAuth2TokenEndpoint.issueAccessToken(OAuth2TokenEndpoint.java:111) >>>> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) >>>> at >>>> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57) >>>> at >>>> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) >>>> at java.lang.reflect.Method.invoke(Method.java:606) >>>> at >>>> org.apache.cxf.service.invoker.AbstractInvoker.performInvocation(AbstractInvoker.java:188) >>>> at >>>> org.apache.cxf.service.invoker.AbstractInvoker.invoke(AbstractInvoker.java:104) >>>> at org.apache.cxf.jaxrs.JAXRSInvoker.invoke(JAXRSInvoker.java:204) >>>> at org.apache.cxf.jaxrs.JAXRSInvoker.invoke(JAXRSInvoker.java:101) >>>> at >>>> org.apache.cxf.interceptor.ServiceInvokerInterceptor$1.run(ServiceInvokerInterceptor.java:58) >>>> at >>>> org.apache.cxf.interceptor.ServiceInvokerInterceptor.handleMessage(ServiceInvokerInterceptor.java:94) >>>> at >>>> org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:272) >>>> at >>>> org.apache.cxf.transport.ChainInitiationObserver.onMessage(ChainInitiationObserver.java:121) >>>> at >>>> org.apache.cxf.transport.http.AbstractHTTPDestination.invoke(AbstractHTTPDestination.java:249) >>>> at >>>> org.apache.cxf.transport.servlet.ServletController.invokeDestination(ServletController.java:248) >>>> at >>>> org.apache.cxf.transport.servlet.ServletController.invoke(ServletController.java:222) >>>> at >>>> org.apache.cxf.transport.servlet.ServletController.invoke(ServletController.java:153) >>>> at >>>> org.apache.cxf.transport.servlet.CXFNonSpringServlet.invoke(CXFNonSpringServlet.java:171) >>>> at >>>> org.apache.cxf.transport.servlet.AbstractHTTPServlet.handleRequest(AbstractHTTPServlet.java:289) >>>> at >>>> org.apache.cxf.transport.servlet.AbstractHTTPServlet.doPost(AbstractHTTPServlet.java:209) >>>> at javax.servlet.http.HttpServlet.service(HttpServlet.java:646) >>>> at >>>> org.apache.cxf.transport.servlet.AbstractHTTPServlet.service(AbstractHTTPServlet.java:265) >>>> at >>>> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:303) >>>> at >>>> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208) >>>> at >>>> org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52) >>>> at >>>> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241) >>>> at >>>> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208) >>>> at >>>> org.wso2.carbon.ui.filters.CSRFPreventionFilter.doFilter(CSRFPreventionFilter.java:88) >>>> at >>>> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241) >>>> at >>>> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208) >>>> at >>>> org.wso2.carbon.ui.filters.CRLFPreventionFilter.doFilter(CRLFPreventionFilter.java:59) >>>> at >>>> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241) >>>> at >>>> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208) >>>> at >>>> org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:220) >>>> at >>>> org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:122) >>>> at >>>> org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:504) >>>> at >>>> org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:170) >>>> at >>>> org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:103) >>>> at >>>> org.wso2.carbon.tomcat.ext.valves.CompositeValve.continueInvocation(CompositeValve.java:99) >>>> at >>>> org.wso2.carbon.tomcat.ext.valves.CarbonTomcatValve$1.invoke(CarbonTomcatValve.java:47) >>>> at >>>> org.wso2.carbon.webapp.mgt.TenantLazyLoaderValve.invoke(TenantLazyLoaderValve.java:57) >>>> at >>>> org.wso2.carbon.tomcat.ext.valves.TomcatValveContainer.invokeValves(TomcatValveContainer.java:47) >>>> at >>>> org.wso2.carbon.tomcat.ext.valves.CompositeValve.invoke(CompositeValve.java:62) >>>> at >>>> org.wso2.carbon.tomcat.ext.valves.CarbonStuckThreadDetectionValve.invoke(CarbonStuckThreadDetectionValve.java:159) >>>> at >>>> org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:950) >>>> at >>>> org.wso2.carbon.tomcat.ext.valves.CarbonContextCreatorValve.invoke(CarbonContextCreatorValve.java:57) >>>> at >>>> org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:116) >>>> at >>>> org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:421) >>>> at >>>> org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1074) >>>> at >>>> org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:611) >>>> at >>>> org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1739) >>>> at >>>> org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.run(NioEndpoint.java:1698) >>>> at >>>> java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145) >>>> at >>>> java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615) >>>> at >>>> org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61) >>>> at java.lang.Thread.run(Thread.java:745) >>>> Caused by: java.lang.NullPointerException >>>> at >>>> org.wso2.carbon.core.util.KeyStoreManager.getDefaultPrivateKey(KeyStoreManager.java:395) >>>> at >>>> org.wso2.carbon.identity.openidconnect.DefaultIDTokenBuilder.signJWTWithRSA(DefaultIDTokenBuilder.java:349) >>>> ... 61 more >>>> >>>> Thanks, >>>> sanjeewa. >>>> -- >>>> >>>> *Sanjeewa Malalgoda* >>>> WSO2 Inc. >>>> Mobile : +94713068779 >>>> >>>> <http://sanjeewamalalgoda.blogspot.com/>blog >>>> :http://sanjeewamalalgoda.blogspot.com/ >>>> <http://sanjeewamalalgoda.blogspot.com/> >>>> >>>> >>>> >>>> _______________________________________________ >>>> Dev mailing list >>>> [email protected] >>>> http://wso2.org/cgi-bin/mailman/listinfo/dev >>>> >>>> >>> >>> >>> -- >>> Maduranga Siriwardena >>> Software Engineer >>> WSO2 Inc. >>> >>> email: [email protected] >>> mobile: +94718990591 >>> >> >> >> >> -- >> >> *Sanjeewa Malalgoda* >> WSO2 Inc. >> Mobile : +94713068779 >> >> <http://sanjeewamalalgoda.blogspot.com/>blog >> :http://sanjeewamalalgoda.blogspot.com/ >> <http://sanjeewamalalgoda.blogspot.com/> >> >> >> > > > -- > Maduranga Siriwardena > Software Engineer > WSO2 Inc. > > email: [email protected] > mobile: +94718990591 > -- Deependra Ariyadewa WSO2, Inc. http://wso2.com/ http://wso2.org email [email protected]; cell +94 71 403 5996 ; Blog http://risenfall.wordpress.com/ PGP info: KeyID: 'DC627E6F' *WSO2 - Lean . Enterprise . Middleware*
_______________________________________________ Dev mailing list [email protected] http://wso2.org/cgi-bin/mailman/listinfo/dev
