Created a jira to track the issue. https://wso2.org/jira/browse/APIMANAGER-4430
On Mon, Dec 21, 2015 at 3:22 PM, Sanjeewa Malalgoda <[email protected]> wrote: > ACK. > > Thanks, > sanjeewa. > > On Mon, Dec 21, 2015 at 3:18 PM, Deependra Ariyadewa <[email protected]> > wrote: > >> >> >> On Mon, Dec 21, 2015 at 3:09 PM, Maduranga Siriwardena < >> [email protected]> wrote: >> >>> Hi, >>> Ideally this should be fixed in kernel as we mentioned above. But we >>> have fixed this and released carbon-identity 5.0.7 >>> >>> @Product teams, >>> Please update your carbon-identity version to 5.0.7 >>> >> >> ACK >> >>> >>> Thanks, >>> Maduranga. >>> >>> On Mon, Dec 21, 2015 at 11:58 AM, Sanjeewa Malalgoda <[email protected]> >>> wrote: >>> >>>> >>>> >>>> On Mon, Dec 21, 2015 at 11:48 AM, Maduranga Siriwardena < >>>> [email protected]> wrote: >>>> >>>>> Hi Sanjeewa, >>>>> >>>>> We tried to reproduce the issue with IS 5.1.0 RC1 and we couldn't >>>>> reproduce. >>>>> >>>>> Further we investigated and observed that the problem seems to be in >>>>> KeyStoreManager in kernel [1]. In KeyStoreManager, primaryKeyStore is >>>>> initialized from getPrimaryKeyStore() [2]. For IS getPrimaryKeyStore() is >>>>> called from one of our components [3] and so primaryKeyStore is getting >>>>> initialized. But for APIM this is not happening. As a workaround you can >>>>> do >>>>> the same from one of your components. >>>>> >>>>> [1] >>>>> https://github.com/wso2/carbon-kernel/blob/v4.4.3/core/org.wso2.carbon.core/src/main/java/org/wso2/carbon/core/util/KeyStoreManager.java >>>>> [2] >>>>> https://github.com/wso2/carbon-kernel/blob/v4.4.3/core/org.wso2.carbon.core/src/main/java/org/wso2/carbon/core/util/KeyStoreManager.java#L328 >>>>> [3] >>>>> https://github.com/wso2/carbon-identity/blob/v5.0.5/components/sts/org.wso2.carbon.sts/src/main/java/org/wso2/carbon/sts/STSDeploymentInterceptor.java#L157 >>>>> >>>> >>>> If this key store initializing is required for OAuth endpoint and OAuth >>>> service why don't we initialize from oauth components? >>>> As i understood this issue is not happening in IS because some other >>>> component initialize this instead of OAuth endpoint or service. >>>> Let say we fixed it in our components(APIM), but still if someone >>>> installed OAuth features into kernal or any other server they still see >>>> same issue. >>>> So i think its better to add this to OAuth component itself. >>>> >>>>> >>>>> Thanks, >>>>> Maduranga. >>>>> >>>>> On Mon, Dec 21, 2015 at 10:03 AM, Sanjeewa Malalgoda < >>>>> [email protected]> wrote: >>>>> >>>>>> Hi Team, >>>>>> While requesting access tokens with openid scope(see curl request[1]) >>>>>> i'm getting following error[2]. >>>>>> I tested this with carbon-identity 5.0.5 based AM build and i don't >>>>>> think 5.0.6 do not have changes related to this use case. >>>>>> I tested this with another white listed scopes to confirm this happen >>>>>> due to white listed scopes or specific to openId. >>>>>> We were able to get access tokens for normal white listed scopes but >>>>>> not for openid scope. >>>>>> Generate access tokens with openid scope is very common use case for >>>>>> all API manager clients. >>>>>> Did i missed anything here or we need to fix it (since this is NPE i >>>>>> think we should fix this)? >>>>>> >>>>>> [1]curl -k -d >>>>>> "grant_type=password&username=admin&password=admin&scope=openid" -H >>>>>> "Authorization: Basic >>>>>> VUFmMWFmZ3VCTzFaVE5QY0k2d2ZYbXNIQ1hVYTpUWURlT01nQjc3ME5DQ3RraTBZR3BNUVdQT2Nh" >>>>>> https://10.100.1.65:8243/token >>>>>> >>>>>> [2][2015-12-21 09:46:53,812] ERROR - OAuth2Service Error occurred >>>>>> while issuing the access token for Client ID : >>>>>> UAf1afguBO1ZTNPcI6wfXmsHCXUa, User ID admin, Scope : [openid] and Grant >>>>>> Type : password >>>>>> org.wso2.carbon.identity.oauth2.IdentityOAuth2Exception: Error while >>>>>> obtaining private key for super tenant >>>>>> at >>>>>> org.wso2.carbon.identity.openidconnect.DefaultIDTokenBuilder.signJWTWithRSA(DefaultIDTokenBuilder.java:351) >>>>>> at >>>>>> org.wso2.carbon.identity.openidconnect.DefaultIDTokenBuilder.signJWT(DefaultIDTokenBuilder.java:514) >>>>>> at >>>>>> org.wso2.carbon.identity.openidconnect.DefaultIDTokenBuilder.buildIDToken(DefaultIDTokenBuilder.java:237) >>>>>> at >>>>>> org.wso2.carbon.identity.oauth2.token.AccessTokenIssuer.issue(AccessTokenIssuer.java:224) >>>>>> at >>>>>> org.wso2.carbon.identity.oauth2.OAuth2Service.issueAccessToken(OAuth2Service.java:196) >>>>>> at >>>>>> org.wso2.carbon.identity.oauth.endpoint.token.OAuth2TokenEndpoint.getAccessToken(OAuth2TokenEndpoint.java:245) >>>>>> at >>>>>> org.wso2.carbon.identity.oauth.endpoint.token.OAuth2TokenEndpoint.issueAccessToken(OAuth2TokenEndpoint.java:111) >>>>>> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) >>>>>> at >>>>>> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57) >>>>>> at >>>>>> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) >>>>>> at java.lang.reflect.Method.invoke(Method.java:606) >>>>>> at >>>>>> org.apache.cxf.service.invoker.AbstractInvoker.performInvocation(AbstractInvoker.java:188) >>>>>> at >>>>>> org.apache.cxf.service.invoker.AbstractInvoker.invoke(AbstractInvoker.java:104) >>>>>> at org.apache.cxf.jaxrs.JAXRSInvoker.invoke(JAXRSInvoker.java:204) >>>>>> at org.apache.cxf.jaxrs.JAXRSInvoker.invoke(JAXRSInvoker.java:101) >>>>>> at >>>>>> org.apache.cxf.interceptor.ServiceInvokerInterceptor$1.run(ServiceInvokerInterceptor.java:58) >>>>>> at >>>>>> org.apache.cxf.interceptor.ServiceInvokerInterceptor.handleMessage(ServiceInvokerInterceptor.java:94) >>>>>> at >>>>>> org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:272) >>>>>> at >>>>>> org.apache.cxf.transport.ChainInitiationObserver.onMessage(ChainInitiationObserver.java:121) >>>>>> at >>>>>> org.apache.cxf.transport.http.AbstractHTTPDestination.invoke(AbstractHTTPDestination.java:249) >>>>>> at >>>>>> org.apache.cxf.transport.servlet.ServletController.invokeDestination(ServletController.java:248) >>>>>> at >>>>>> org.apache.cxf.transport.servlet.ServletController.invoke(ServletController.java:222) >>>>>> at >>>>>> org.apache.cxf.transport.servlet.ServletController.invoke(ServletController.java:153) >>>>>> at >>>>>> org.apache.cxf.transport.servlet.CXFNonSpringServlet.invoke(CXFNonSpringServlet.java:171) >>>>>> at >>>>>> org.apache.cxf.transport.servlet.AbstractHTTPServlet.handleRequest(AbstractHTTPServlet.java:289) >>>>>> at >>>>>> org.apache.cxf.transport.servlet.AbstractHTTPServlet.doPost(AbstractHTTPServlet.java:209) >>>>>> at javax.servlet.http.HttpServlet.service(HttpServlet.java:646) >>>>>> at >>>>>> org.apache.cxf.transport.servlet.AbstractHTTPServlet.service(AbstractHTTPServlet.java:265) >>>>>> at >>>>>> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:303) >>>>>> at >>>>>> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208) >>>>>> at >>>>>> org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52) >>>>>> at >>>>>> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241) >>>>>> at >>>>>> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208) >>>>>> at >>>>>> org.wso2.carbon.ui.filters.CSRFPreventionFilter.doFilter(CSRFPreventionFilter.java:88) >>>>>> at >>>>>> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241) >>>>>> at >>>>>> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208) >>>>>> at >>>>>> org.wso2.carbon.ui.filters.CRLFPreventionFilter.doFilter(CRLFPreventionFilter.java:59) >>>>>> at >>>>>> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241) >>>>>> at >>>>>> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208) >>>>>> at >>>>>> org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:220) >>>>>> at >>>>>> org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:122) >>>>>> at >>>>>> org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:504) >>>>>> at >>>>>> org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:170) >>>>>> at >>>>>> org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:103) >>>>>> at >>>>>> org.wso2.carbon.tomcat.ext.valves.CompositeValve.continueInvocation(CompositeValve.java:99) >>>>>> at >>>>>> org.wso2.carbon.tomcat.ext.valves.CarbonTomcatValve$1.invoke(CarbonTomcatValve.java:47) >>>>>> at >>>>>> org.wso2.carbon.webapp.mgt.TenantLazyLoaderValve.invoke(TenantLazyLoaderValve.java:57) >>>>>> at >>>>>> org.wso2.carbon.tomcat.ext.valves.TomcatValveContainer.invokeValves(TomcatValveContainer.java:47) >>>>>> at >>>>>> org.wso2.carbon.tomcat.ext.valves.CompositeValve.invoke(CompositeValve.java:62) >>>>>> at >>>>>> org.wso2.carbon.tomcat.ext.valves.CarbonStuckThreadDetectionValve.invoke(CarbonStuckThreadDetectionValve.java:159) >>>>>> at >>>>>> org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:950) >>>>>> at >>>>>> org.wso2.carbon.tomcat.ext.valves.CarbonContextCreatorValve.invoke(CarbonContextCreatorValve.java:57) >>>>>> at >>>>>> org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:116) >>>>>> at >>>>>> org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:421) >>>>>> at >>>>>> org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1074) >>>>>> at >>>>>> org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:611) >>>>>> at >>>>>> org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1739) >>>>>> at >>>>>> org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.run(NioEndpoint.java:1698) >>>>>> at >>>>>> java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145) >>>>>> at >>>>>> java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615) >>>>>> at >>>>>> org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61) >>>>>> at java.lang.Thread.run(Thread.java:745) >>>>>> Caused by: java.lang.NullPointerException >>>>>> at >>>>>> org.wso2.carbon.core.util.KeyStoreManager.getDefaultPrivateKey(KeyStoreManager.java:395) >>>>>> at >>>>>> org.wso2.carbon.identity.openidconnect.DefaultIDTokenBuilder.signJWTWithRSA(DefaultIDTokenBuilder.java:349) >>>>>> ... 61 more >>>>>> >>>>>> Thanks, >>>>>> sanjeewa. >>>>>> -- >>>>>> >>>>>> *Sanjeewa Malalgoda* >>>>>> WSO2 Inc. >>>>>> Mobile : +94713068779 >>>>>> >>>>>> <http://sanjeewamalalgoda.blogspot.com/>blog >>>>>> :http://sanjeewamalalgoda.blogspot.com/ >>>>>> <http://sanjeewamalalgoda.blogspot.com/> >>>>>> >>>>>> >>>>>> >>>>>> _______________________________________________ >>>>>> Dev mailing list >>>>>> [email protected] >>>>>> http://wso2.org/cgi-bin/mailman/listinfo/dev >>>>>> >>>>>> >>>>> >>>>> >>>>> -- >>>>> Maduranga Siriwardena >>>>> Software Engineer >>>>> WSO2 Inc. >>>>> >>>>> email: [email protected] >>>>> mobile: +94718990591 >>>>> >>>> >>>> >>>> >>>> -- >>>> >>>> *Sanjeewa Malalgoda* >>>> WSO2 Inc. >>>> Mobile : +94713068779 >>>> >>>> <http://sanjeewamalalgoda.blogspot.com/>blog >>>> :http://sanjeewamalalgoda.blogspot.com/ >>>> <http://sanjeewamalalgoda.blogspot.com/> >>>> >>>> >>>> >>> >>> >>> -- >>> Maduranga Siriwardena >>> Software Engineer >>> WSO2 Inc. >>> >>> email: [email protected] >>> mobile: +94718990591 >>> >> >> >> >> -- >> Deependra Ariyadewa >> WSO2, Inc. http://wso2.com/ http://wso2.org >> >> email [email protected]; cell +94 71 403 5996 ; >> Blog http://risenfall.wordpress.com/ >> PGP info: KeyID: 'DC627E6F' >> >> *WSO2 - Lean . Enterprise . Middleware* >> > > > > -- > > *Sanjeewa Malalgoda* > WSO2 Inc. > Mobile : +94713068779 > > <http://sanjeewamalalgoda.blogspot.com/>blog > :http://sanjeewamalalgoda.blogspot.com/ > <http://sanjeewamalalgoda.blogspot.com/> > > > > _______________________________________________ > Dev mailing list > [email protected] > http://wso2.org/cgi-bin/mailman/listinfo/dev > > -- *Dumidu Handakumbura* Software Engineer - QA WSO2 Inc; http://www.wso2.com/. Mobile; *+94777706740 *
_______________________________________________ Dev mailing list [email protected] http://wso2.org/cgi-bin/mailman/listinfo/dev
