ACK. Thanks, sanjeewa.
On Mon, Dec 21, 2015 at 3:18 PM, Deependra Ariyadewa <[email protected]> wrote: > > > On Mon, Dec 21, 2015 at 3:09 PM, Maduranga Siriwardena <[email protected] > > wrote: > >> Hi, >> Ideally this should be fixed in kernel as we mentioned above. But we have >> fixed this and released carbon-identity 5.0.7 >> >> @Product teams, >> Please update your carbon-identity version to 5.0.7 >> > > ACK > >> >> Thanks, >> Maduranga. >> >> On Mon, Dec 21, 2015 at 11:58 AM, Sanjeewa Malalgoda <[email protected]> >> wrote: >> >>> >>> >>> On Mon, Dec 21, 2015 at 11:48 AM, Maduranga Siriwardena < >>> [email protected]> wrote: >>> >>>> Hi Sanjeewa, >>>> >>>> We tried to reproduce the issue with IS 5.1.0 RC1 and we couldn't >>>> reproduce. >>>> >>>> Further we investigated and observed that the problem seems to be in >>>> KeyStoreManager in kernel [1]. In KeyStoreManager, primaryKeyStore is >>>> initialized from getPrimaryKeyStore() [2]. For IS getPrimaryKeyStore() is >>>> called from one of our components [3] and so primaryKeyStore is getting >>>> initialized. But for APIM this is not happening. As a workaround you can do >>>> the same from one of your components. >>>> >>>> [1] >>>> https://github.com/wso2/carbon-kernel/blob/v4.4.3/core/org.wso2.carbon.core/src/main/java/org/wso2/carbon/core/util/KeyStoreManager.java >>>> [2] >>>> https://github.com/wso2/carbon-kernel/blob/v4.4.3/core/org.wso2.carbon.core/src/main/java/org/wso2/carbon/core/util/KeyStoreManager.java#L328 >>>> [3] >>>> https://github.com/wso2/carbon-identity/blob/v5.0.5/components/sts/org.wso2.carbon.sts/src/main/java/org/wso2/carbon/sts/STSDeploymentInterceptor.java#L157 >>>> >>> >>> If this key store initializing is required for OAuth endpoint and OAuth >>> service why don't we initialize from oauth components? >>> As i understood this issue is not happening in IS because some other >>> component initialize this instead of OAuth endpoint or service. >>> Let say we fixed it in our components(APIM), but still if someone >>> installed OAuth features into kernal or any other server they still see >>> same issue. >>> So i think its better to add this to OAuth component itself. >>> >>>> >>>> Thanks, >>>> Maduranga. >>>> >>>> On Mon, Dec 21, 2015 at 10:03 AM, Sanjeewa Malalgoda <[email protected] >>>> > wrote: >>>> >>>>> Hi Team, >>>>> While requesting access tokens with openid scope(see curl request[1]) >>>>> i'm getting following error[2]. >>>>> I tested this with carbon-identity 5.0.5 based AM build and i don't >>>>> think 5.0.6 do not have changes related to this use case. >>>>> I tested this with another white listed scopes to confirm this happen >>>>> due to white listed scopes or specific to openId. >>>>> We were able to get access tokens for normal white listed scopes but >>>>> not for openid scope. >>>>> Generate access tokens with openid scope is very common use case for >>>>> all API manager clients. >>>>> Did i missed anything here or we need to fix it (since this is NPE i >>>>> think we should fix this)? >>>>> >>>>> [1]curl -k -d >>>>> "grant_type=password&username=admin&password=admin&scope=openid" -H >>>>> "Authorization: Basic >>>>> VUFmMWFmZ3VCTzFaVE5QY0k2d2ZYbXNIQ1hVYTpUWURlT01nQjc3ME5DQ3RraTBZR3BNUVdQT2Nh" >>>>> https://10.100.1.65:8243/token >>>>> >>>>> [2][2015-12-21 09:46:53,812] ERROR - OAuth2Service Error occurred >>>>> while issuing the access token for Client ID : >>>>> UAf1afguBO1ZTNPcI6wfXmsHCXUa, User ID admin, Scope : [openid] and Grant >>>>> Type : password >>>>> org.wso2.carbon.identity.oauth2.IdentityOAuth2Exception: Error while >>>>> obtaining private key for super tenant >>>>> at >>>>> org.wso2.carbon.identity.openidconnect.DefaultIDTokenBuilder.signJWTWithRSA(DefaultIDTokenBuilder.java:351) >>>>> at >>>>> org.wso2.carbon.identity.openidconnect.DefaultIDTokenBuilder.signJWT(DefaultIDTokenBuilder.java:514) >>>>> at >>>>> org.wso2.carbon.identity.openidconnect.DefaultIDTokenBuilder.buildIDToken(DefaultIDTokenBuilder.java:237) >>>>> at >>>>> org.wso2.carbon.identity.oauth2.token.AccessTokenIssuer.issue(AccessTokenIssuer.java:224) >>>>> at >>>>> org.wso2.carbon.identity.oauth2.OAuth2Service.issueAccessToken(OAuth2Service.java:196) >>>>> at >>>>> org.wso2.carbon.identity.oauth.endpoint.token.OAuth2TokenEndpoint.getAccessToken(OAuth2TokenEndpoint.java:245) >>>>> at >>>>> org.wso2.carbon.identity.oauth.endpoint.token.OAuth2TokenEndpoint.issueAccessToken(OAuth2TokenEndpoint.java:111) >>>>> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) >>>>> at >>>>> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57) >>>>> at >>>>> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) >>>>> at java.lang.reflect.Method.invoke(Method.java:606) >>>>> at >>>>> org.apache.cxf.service.invoker.AbstractInvoker.performInvocation(AbstractInvoker.java:188) >>>>> at >>>>> org.apache.cxf.service.invoker.AbstractInvoker.invoke(AbstractInvoker.java:104) >>>>> at org.apache.cxf.jaxrs.JAXRSInvoker.invoke(JAXRSInvoker.java:204) >>>>> at org.apache.cxf.jaxrs.JAXRSInvoker.invoke(JAXRSInvoker.java:101) >>>>> at >>>>> org.apache.cxf.interceptor.ServiceInvokerInterceptor$1.run(ServiceInvokerInterceptor.java:58) >>>>> at >>>>> org.apache.cxf.interceptor.ServiceInvokerInterceptor.handleMessage(ServiceInvokerInterceptor.java:94) >>>>> at >>>>> org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:272) >>>>> at >>>>> org.apache.cxf.transport.ChainInitiationObserver.onMessage(ChainInitiationObserver.java:121) >>>>> at >>>>> org.apache.cxf.transport.http.AbstractHTTPDestination.invoke(AbstractHTTPDestination.java:249) >>>>> at >>>>> org.apache.cxf.transport.servlet.ServletController.invokeDestination(ServletController.java:248) >>>>> at >>>>> org.apache.cxf.transport.servlet.ServletController.invoke(ServletController.java:222) >>>>> at >>>>> org.apache.cxf.transport.servlet.ServletController.invoke(ServletController.java:153) >>>>> at >>>>> org.apache.cxf.transport.servlet.CXFNonSpringServlet.invoke(CXFNonSpringServlet.java:171) >>>>> at >>>>> org.apache.cxf.transport.servlet.AbstractHTTPServlet.handleRequest(AbstractHTTPServlet.java:289) >>>>> at >>>>> org.apache.cxf.transport.servlet.AbstractHTTPServlet.doPost(AbstractHTTPServlet.java:209) >>>>> at javax.servlet.http.HttpServlet.service(HttpServlet.java:646) >>>>> at >>>>> org.apache.cxf.transport.servlet.AbstractHTTPServlet.service(AbstractHTTPServlet.java:265) >>>>> at >>>>> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:303) >>>>> at >>>>> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208) >>>>> at >>>>> org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52) >>>>> at >>>>> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241) >>>>> at >>>>> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208) >>>>> at >>>>> org.wso2.carbon.ui.filters.CSRFPreventionFilter.doFilter(CSRFPreventionFilter.java:88) >>>>> at >>>>> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241) >>>>> at >>>>> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208) >>>>> at >>>>> org.wso2.carbon.ui.filters.CRLFPreventionFilter.doFilter(CRLFPreventionFilter.java:59) >>>>> at >>>>> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241) >>>>> at >>>>> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208) >>>>> at >>>>> org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:220) >>>>> at >>>>> org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:122) >>>>> at >>>>> org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:504) >>>>> at >>>>> org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:170) >>>>> at >>>>> org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:103) >>>>> at >>>>> org.wso2.carbon.tomcat.ext.valves.CompositeValve.continueInvocation(CompositeValve.java:99) >>>>> at >>>>> org.wso2.carbon.tomcat.ext.valves.CarbonTomcatValve$1.invoke(CarbonTomcatValve.java:47) >>>>> at >>>>> org.wso2.carbon.webapp.mgt.TenantLazyLoaderValve.invoke(TenantLazyLoaderValve.java:57) >>>>> at >>>>> org.wso2.carbon.tomcat.ext.valves.TomcatValveContainer.invokeValves(TomcatValveContainer.java:47) >>>>> at >>>>> org.wso2.carbon.tomcat.ext.valves.CompositeValve.invoke(CompositeValve.java:62) >>>>> at >>>>> org.wso2.carbon.tomcat.ext.valves.CarbonStuckThreadDetectionValve.invoke(CarbonStuckThreadDetectionValve.java:159) >>>>> at >>>>> org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:950) >>>>> at >>>>> org.wso2.carbon.tomcat.ext.valves.CarbonContextCreatorValve.invoke(CarbonContextCreatorValve.java:57) >>>>> at >>>>> org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:116) >>>>> at >>>>> org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:421) >>>>> at >>>>> org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1074) >>>>> at >>>>> org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:611) >>>>> at >>>>> org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1739) >>>>> at >>>>> org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.run(NioEndpoint.java:1698) >>>>> at >>>>> java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145) >>>>> at >>>>> java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615) >>>>> at >>>>> org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61) >>>>> at java.lang.Thread.run(Thread.java:745) >>>>> Caused by: java.lang.NullPointerException >>>>> at >>>>> org.wso2.carbon.core.util.KeyStoreManager.getDefaultPrivateKey(KeyStoreManager.java:395) >>>>> at >>>>> org.wso2.carbon.identity.openidconnect.DefaultIDTokenBuilder.signJWTWithRSA(DefaultIDTokenBuilder.java:349) >>>>> ... 61 more >>>>> >>>>> Thanks, >>>>> sanjeewa. >>>>> -- >>>>> >>>>> *Sanjeewa Malalgoda* >>>>> WSO2 Inc. >>>>> Mobile : +94713068779 >>>>> >>>>> <http://sanjeewamalalgoda.blogspot.com/>blog >>>>> :http://sanjeewamalalgoda.blogspot.com/ >>>>> <http://sanjeewamalalgoda.blogspot.com/> >>>>> >>>>> >>>>> >>>>> _______________________________________________ >>>>> Dev mailing list >>>>> [email protected] >>>>> http://wso2.org/cgi-bin/mailman/listinfo/dev >>>>> >>>>> >>>> >>>> >>>> -- >>>> Maduranga Siriwardena >>>> Software Engineer >>>> WSO2 Inc. >>>> >>>> email: [email protected] >>>> mobile: +94718990591 >>>> >>> >>> >>> >>> -- >>> >>> *Sanjeewa Malalgoda* >>> WSO2 Inc. >>> Mobile : +94713068779 >>> >>> <http://sanjeewamalalgoda.blogspot.com/>blog >>> :http://sanjeewamalalgoda.blogspot.com/ >>> <http://sanjeewamalalgoda.blogspot.com/> >>> >>> >>> >> >> >> -- >> Maduranga Siriwardena >> Software Engineer >> WSO2 Inc. >> >> email: [email protected] >> mobile: +94718990591 >> > > > > -- > Deependra Ariyadewa > WSO2, Inc. http://wso2.com/ http://wso2.org > > email [email protected]; cell +94 71 403 5996 ; > Blog http://risenfall.wordpress.com/ > PGP info: KeyID: 'DC627E6F' > > *WSO2 - Lean . Enterprise . Middleware* > -- *Sanjeewa Malalgoda* WSO2 Inc. Mobile : +94713068779 <http://sanjeewamalalgoda.blogspot.com/>blog :http://sanjeewamalalgoda.blogspot.com/ <http://sanjeewamalalgoda.blogspot.com/>
_______________________________________________ Dev mailing list [email protected] http://wso2.org/cgi-bin/mailman/listinfo/dev
