[
https://issues.apache.org/jira/browse/NIFI-9249?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17421329#comment-17421329
]
Pierre Villard commented on NIFI-9249:
--------------------------------------
When trying with
{code:java}
$ java -version
openjdk version "11.0.12" 2021-07-20 LTS
OpenJDK Runtime Environment Zulu11.50+19-CA (build 11.0.12+7-LTS)
OpenJDK 64-Bit Server VM Zulu11.50+19-CA (build 11.0.12+7-LTS, mixed mode){code}
This works as expected. Closing. Thanks [~exceptionfactory]!
> OIDC with Java 11 - the trustAnchors parameter must be non-empty
> ----------------------------------------------------------------
>
> Key: NIFI-9249
> URL: https://issues.apache.org/jira/browse/NIFI-9249
> Project: Apache NiFi
> Issue Type: Bug
> Components: Core Framework
> Affects Versions: 1.14.0
> Environment: openjdk version "11.0.6" 2020-01-14
> OpenJDK Runtime Environment (build 11.0.6+10-post-Debian-1bpo91)
> OpenJDK 64-Bit Server VM (build 11.0.6+10-post-Debian-1bpo91, mixed mode,
> sharing)
> Reporter: Pierre Villard
> Priority: Major
> Attachments: nifi-bootstrap (1).log, nifi-bootstrap (2).log,
> nifi-bootstrap.log, stacktrace.txt
>
>
> With the exact same configuration, when switching from Java 8 to Java 11, I
> get the following error when using OIDC for authentication:
> {code:java}
> 2021-09-27 09:52:57,733 WARN [main] org.apache.nifi.web.server.JettyServer
> Failed to start web server... shutting down.
> org.springframework.beans.factory.BeanCreationException: Error creating bean
> with name 'oidcService' defined in class path resource
> [nifi-web-security-context.xml]: Bean instantiation via constructor failed;
> nested exception is org.springframework.beans.BeanInstantiationException:
> Failed to instantiate [org.apache.nifi.web.security.oidc.OidcService]:
> Constructor threw exception; nested exception is java.lang.RuntimeException:
> Unable to retrieve OpenId Connect Provider metadata from:
> https://accounts.google.com/.well-known/openid-configuration
> at
> org.springframework.beans.factory.support.ConstructorResolver.instantiate(ConstructorResolver.java:315)
> at
> org.springframework.beans.factory.support.ConstructorResolver.autowireConstructor(ConstructorResolver.java:296)
> at
> org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.autowireConstructor(AbstractAutowireCapableBeanFactory.java:1354)
> at
> org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBeanInstance(AbstractAutowireCapableBeanFactory.java:1204)
> at
> org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.doCreateBean(AbstractAutowireCapableBeanFactory.java:564)
> at
> org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(AbstractAutowireCapableBeanFactory.java:524)
> at
> org.springframework.beans.factory.support.AbstractBeanFactory.lambda$doGetBean$0(AbstractBeanFactory.java:335)
> at
> org.springframework.beans.factory.support.DefaultSingletonBeanRegistry.getSingleton(DefaultSingletonBeanRegistry.java:234)
> at
> org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:333)
> at
> org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:208)
> at
> org.springframework.beans.factory.support.DefaultListableBeanFactory.preInstantiateSingletons(DefaultListableBeanFactory.java:944)
> at
> org.springframework.context.support.AbstractApplicationContext.finishBeanFactoryInitialization(AbstractApplicationContext.java:918)
> at
> org.springframework.context.support.AbstractApplicationContext.refresh(AbstractApplicationContext.java:583)
> at
> org.springframework.web.context.ContextLoader.configureAndRefreshWebApplicationContext(ContextLoader.java:401)
> at
> org.springframework.web.context.ContextLoader.initWebApplicationContext(ContextLoader.java:292)
> at
> org.springframework.web.context.ContextLoaderListener.contextInitialized(ContextLoaderListener.java:103)
> at
> org.eclipse.jetty.server.handler.ContextHandler.callContextInitialized(ContextHandler.java:1068)
> at
> org.eclipse.jetty.servlet.ServletContextHandler.callContextInitialized(ServletContextHandler.java:572)
> at
> org.eclipse.jetty.server.handler.ContextHandler.contextInitialized(ContextHandler.java:997)
> at
> org.eclipse.jetty.servlet.ServletHandler.initialize(ServletHandler.java:746)
> at
> org.eclipse.jetty.servlet.ServletContextHandler.startContext(ServletContextHandler.java:379)
> at
> org.eclipse.jetty.webapp.WebAppContext.startWebapp(WebAppContext.java:1449)
> at
> org.eclipse.jetty.webapp.WebAppContext.startContext(WebAppContext.java:1414)
> at
> org.eclipse.jetty.server.handler.ContextHandler.doStart(ContextHandler.java:911)
> at
> org.eclipse.jetty.servlet.ServletContextHandler.doStart(ServletContextHandler.java:288)
> at
> org.eclipse.jetty.webapp.WebAppContext.doStart(WebAppContext.java:524)
> at
> org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:73)
> at
> org.eclipse.jetty.util.component.ContainerLifeCycle.start(ContainerLifeCycle.java:169)
> at
> org.eclipse.jetty.util.component.ContainerLifeCycle.doStart(ContainerLifeCycle.java:117)
> at
> org.eclipse.jetty.server.handler.AbstractHandler.doStart(AbstractHandler.java:97)
> at
> org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:73)
> at
> org.eclipse.jetty.util.component.ContainerLifeCycle.start(ContainerLifeCycle.java:169)
> at
> org.eclipse.jetty.util.component.ContainerLifeCycle.doStart(ContainerLifeCycle.java:110)
> at
> org.eclipse.jetty.server.handler.AbstractHandler.doStart(AbstractHandler.java:97)
> at
> org.eclipse.jetty.server.handler.gzip.GzipHandler.doStart(GzipHandler.java:426)
> at
> org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:73)
> at
> org.eclipse.jetty.util.component.ContainerLifeCycle.start(ContainerLifeCycle.java:169)
> at
> org.eclipse.jetty.util.component.ContainerLifeCycle.doStart(ContainerLifeCycle.java:117)
> at
> org.eclipse.jetty.server.handler.AbstractHandler.doStart(AbstractHandler.java:97)
> at
> org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:73)
> at
> org.eclipse.jetty.util.component.ContainerLifeCycle.start(ContainerLifeCycle.java:169)
> at
> org.eclipse.jetty.util.component.ContainerLifeCycle.doStart(ContainerLifeCycle.java:117)
> at
> org.eclipse.jetty.server.handler.AbstractHandler.doStart(AbstractHandler.java:97)
> at
> org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:73)
> at
> org.eclipse.jetty.util.component.ContainerLifeCycle.start(ContainerLifeCycle.java:169)
> at org.eclipse.jetty.server.Server.start(Server.java:423)
> at
> org.eclipse.jetty.util.component.ContainerLifeCycle.doStart(ContainerLifeCycle.java:110)
> at
> org.eclipse.jetty.server.handler.AbstractHandler.doStart(AbstractHandler.java:97)
> at org.eclipse.jetty.server.Server.doStart(Server.java:387)
> at
> org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:73)
> at org.apache.nifi.web.server.JettyServer.start(JettyServer.java:1129)
> at org.apache.nifi.NiFi.<init>(NiFi.java:159)
> at org.apache.nifi.NiFi.<init>(NiFi.java:71)
> at org.apache.nifi.NiFi.main(NiFi.java:303)
> Caused by: org.springframework.beans.BeanInstantiationException: Failed to
> instantiate [org.apache.nifi.web.security.oidc.OidcService]: Constructor
> threw exception; nested exception is java.lang.RuntimeException: Unable to
> retrieve OpenId Connect Provider metadata from:
> https://accounts.google.com/.well-known/openid-configuration at
> org.springframework.beans.BeanUtils.instantiateClass(BeanUtils.java:225)
> at
> org.springframework.beans.factory.support.SimpleInstantiationStrategy.instantiate(SimpleInstantiationStrategy.java:117)
> at
> org.springframework.beans.factory.support.ConstructorResolver.instantiate(ConstructorResolver.java:311)
> ... 53 common frames omittedCaused by: java.lang.RuntimeException:
> Unable to retrieve OpenId Connect Provider metadata from:
> https://accounts.google.com/.well-known/openid-configuration at
> org.apache.nifi.web.security.oidc.StandardOidcIdentityProvider.initializeProvider(StandardOidcIdentityProvider.java:123)
> at
> org.apache.nifi.web.security.oidc.OidcService.<init>(OidcService.java:67)
> at
> org.apache.nifi.web.security.oidc.OidcService.<init>(OidcService.java:50)
> at
> java.base/jdk.internal.reflect.NativeConstructorAccessorImpl.newInstance0(Native
> Method) at
> java.base/jdk.internal.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:62)
> at
> java.base/jdk.internal.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45)
> at
> java.base/java.lang.reflect.Constructor.newInstance(Constructor.java:490)
> at
> org.springframework.beans.BeanUtils.instantiateClass(BeanUtils.java:212)
> ... 55 common frames omittedCaused by: javax.net.ssl.SSLException:
> Unexpected error: java.security.InvalidAlgorithmParameterException: the
> trustAnchors parameter must be non-empty at
> java.base/jdk.internal.reflect.NativeConstructorAccessorImpl.newInstance0(Native
> Method) at
> java.base/jdk.internal.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:62)
> at
> java.base/jdk.internal.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45)
> at
> java.base/java.lang.reflect.Constructor.newInstance(Constructor.java:490)
> at
> java.base/sun.net.www.protocol.http.HttpURLConnection$10.run(HttpURLConnection.java:1969)
> at
> java.base/sun.net.www.protocol.http.HttpURLConnection$10.run(HttpURLConnection.java:1964)
> at java.base/java.security.AccessController.doPrivileged(Native
> Method) at
> java.base/sun.net.www.protocol.http.HttpURLConnection.getChainedException(HttpURLConnection.java:1963)
> at
> java.base/sun.net.www.protocol.http.HttpURLConnection.getInputStream0(HttpURLConnection.java:1531)
> at
> java.base/sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:1515)
> at
> java.base/java.net.HttpURLConnection.getResponseCode(HttpURLConnection.java:527)
> at
> java.base/sun.net.www.protocol.https.HttpsURLConnectionImpl.getResponseCode(HttpsURLConnectionImpl.java:334)
> at
> com.nimbusds.oauth2.sdk.http.HTTPRequest.send(HTTPRequest.java:901) at
> org.apache.nifi.web.security.oidc.StandardOidcIdentityProvider.retrieveOidcProviderMetadata(StandardOidcIdentityProvider.java:255)
> at
> org.apache.nifi.web.security.oidc.StandardOidcIdentityProvider.initializeProvider(StandardOidcIdentityProvider.java:121)
> ... 62 common frames omittedCaused by: javax.net.ssl.SSLException:
> Unexpected error: java.security.InvalidAlgorithmParameterException: the
> trustAnchors parameter must be non-empty at
> java.base/sun.security.ssl.Alert.createSSLException(Alert.java:133) at
> java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:320)
> at
> java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:263)
> at
> java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:258)
> at
> java.base/sun.security.ssl.SSLSocketImpl.handleException(SSLSocketImpl.java:1313)
> at
> java.base/sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:408)
> at
> java.base/sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:567)
> at
> java.base/sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:185)
> at
> java.base/sun.net.www.protocol.http.HttpURLConnection.getInputStream0(HttpURLConnection.java:1587)
> at
> java.base/sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:1515)
> at
> java.base/sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream(HttpsURLConnectionImpl.java:250)
> at
> com.nimbusds.oauth2.sdk.http.HTTPRequest.send(HTTPRequest.java:890)
> ... 64 common frames omitted
> Caused by: java.lang.RuntimeException: Unexpected error:
> java.security.InvalidAlgorithmParameterException: the trustAnchors parameter
> must be non-empty
> at
> java.base/sun.security.validator.PKIXValidator.<init>(PKIXValidator.java:102)
> at
> java.base/sun.security.validator.Validator.getInstance(Validator.java:181)
> at
> java.base/sun.security.ssl.X509TrustManagerImpl.getValidator(X509TrustManagerImpl.java:300)
> at
> java.base/sun.security.ssl.X509TrustManagerImpl.checkTrustedInit(X509TrustManagerImpl.java:176)
> at
> java.base/sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:189)
> at
> java.base/sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:129)
> at
> java.base/sun.security.ssl.CertificateMessage$T12CertificateConsumer.checkServerCerts(CertificateMessage.java:629)
> at
> java.base/sun.security.ssl.CertificateMessage$T12CertificateConsumer.onCertificate(CertificateMessage.java:464)
> at
> java.base/sun.security.ssl.CertificateMessage$T12CertificateConsumer.consume(CertificateMessage.java:360)
> at
> java.base/sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:392)
> at
> java.base/sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:443)
> at
> java.base/sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:421)
> at
> java.base/sun.security.ssl.TransportContext.dispatch(TransportContext.java:177)
> at
> java.base/sun.security.ssl.SSLTransport.decode(SSLTransport.java:164)
> at
> java.base/sun.security.ssl.SSLSocketImpl.decode(SSLSocketImpl.java:1151)
> at
> java.base/sun.security.ssl.SSLSocketImpl.readHandshakeRecord(SSLSocketImpl.java:1062)
> at
> java.base/sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:402)
> ... 70 common frames omitted
> Caused by: java.security.InvalidAlgorithmParameterException: the trustAnchors
> parameter must be non-empty
> at
> java.base/java.security.cert.PKIXParameters.setTrustAnchors(PKIXParameters.java:200)
> at
> java.base/java.security.cert.PKIXParameters.<init>(PKIXParameters.java:120)
> at
> java.base/java.security.cert.PKIXBuilderParameters.<init>(PKIXBuilderParameters.java:104)
> at
> java.base/sun.security.validator.PKIXValidator.<init>(PKIXValidator.java:99)
> ... 86 common frames omitted
> {code}
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
