在登录时在WSO2IS 5.1.0中获取此异常。
[2017-01-28 20:12:22,384] ERROR {org.wso2.carbon.idp.mgt.util.IdPManagementUtil} - Error when accessing the IdentityProviderManager for tenant : xyz.com org.wso2.carbon.idp.mgt.IdentityProviderManagementException: Error retrieving primary certificate for tenant : xyz.com
at org.wso2.carbon.idp.mgt.IdentityProviderManager.getResidentIdP(IdentityProviderManager.java:214)
at org.wso2.carbon.idp.mgt.util.IdPManagementUtil.getRememberMeTimeout(IdPManagementUtil.java:98)
at org.wso2.carbon.identity.application.authentication.framework.handler.request.impl.DefaultAuthenticationRequestHandler.setAuthCookie(DefaultAuthenticationRequestHandler.java:347)
at org.wso2.carbon.identity.application.authentication.framework.handler.request.impl.DefaultAuthenticationRequestHandler.concludeFlow(DefaultAuthenticationRequestHandler.java:284)
at org.wso2.carbon.identity.application.authentication.framework.handler.request.impl.DefaultAuthenticationRequestHandler.handle(DefaultAuthenticationRequestHandler.java:120)
at org.wso2.carbon.identity.application.authentication.framework.handler.request.impl.DefaultRequestCoordinator.handle(DefaultRequestCoordinator.java:135)
at org.wso2.carbon.identity.application.authentication.framework.servlet.CommonAuthenticationServlet.doPost(CommonAuthenticationServlet.java:53)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:646)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:727)
at org.eclipse.equinox.http.helper.ContextPathServletAdaptor.service(ContextPathServletAdaptor.java:37)
at org.eclipse.equinox.http.servlet.internal.ServletRegistration.service(ServletRegistration.java:61)
at org.eclipse.equinox.http.servlet.internal.ProxyServlet.processAlias(ProxyServlet.java:128)
at org.eclipse.equinox.http.servlet.internal.ProxyServlet.service(ProxyServlet.java:60)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:727)
at org.wso2.carbon.tomcat.ext.servlet.DelegationServlet.service(DelegationServlet.java:68)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:303)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
at org.wso2.carbon.ui.filters.CSRFPreventionFilter.doFilter(CSRFPreventionFilter.java:88)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
at org.wso2.carbon.ui.filters.CRLFPreventionFilter.doFilter(CRLFPreventionFilter.java:59)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
at org.wso2.carbon.tomcat.ext.filter.CharacterSetFilter.doFilter(CharacterSetFilter.java:61)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:220)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:122)
at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:504)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:170)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:103)
at org.wso2.carbon.tomcat.ext.valves.CompositeValve.continueInvocation(CompositeValve.java:99)
at org.wso2.carbon.tomcat.ext.valves.CarbonTomcatValve$1.invoke(CarbonTomcatValve.java:47)
at org.wso2.carbon.webapp.mgt.TenantLazyLoaderValve.invoke(TenantLazyLoaderValve.java:57)
at org.wso2.carbon.tomcat.ext.valves.TomcatValveContainer.invokeValves(TomcatValveContainer.java:47)
at org.wso2.carbon.tomcat.ext.valves.CompositeValve.invoke(CompositeValve.java:62)
at org.wso2.carbon.tomcat.ext.valves.CarbonStuckThreadDetectionValve.invoke(CarbonStuckThreadDetectionValve.java:159)
at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:950)
at org.wso2.carbon.tomcat.ext.valves.CarbonContextCreatorValve.invoke(CarbonContextCreatorValve.java:57)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:116)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:421)
at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1074)
at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:611)
at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1739)
at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.run(NioEndpoint.java:1698)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
at java.lang.Thread.run(Thread.java:745)
答案 0 :(得分:1)
问题在于client-truststore.jks
用pfx文件生成的jks文件替换wso2appm-1.2.1-SNAPSHOT / repository / resources / security / wso2carbon.jks(提供商发送的SSL文件)
在carbon.xml中更改jks文件名,密钥库密码和别名
将client-truststore.jks替换为您在文件夹wso2appm-1.2.1-SNAPSHOT / repository / resources / security / client-truststore.jks
中创建的客户端。要创建client-truststore.jks文件,请按照以下步骤进行操作
keytool -export -alias certalias -keystore your_jks.jks -file .pem
这将生成.pem文件
如果您不知道certalias名称,请按照以下步骤找到它并使用正确的别名运行abve命令
Linux上的
keytool -list -v -keystore your_jks.jks | grep"别名\ _创建日期"
Windows上的
keytool -list -v -keystore your_jks.jks | findstr" Alias Creation"
keytool -import -alias certalias -file .pem -keystore client-truststore.jks -storepass wso2carbon
这将生成client-truststore.jks并用此替换旧的(wso2appm-1.2.1-SNAPSHOT / repository / resources / security / client-truststore.jks)
现在更改carbon.xml中的密钥库别名(wso2appm-1.2.1-SNAPSHOT / repository / conf / carbon.xml)
运行该应用程序并检查。
如果仍然出现错误,请更改下面一行中的identityAlias" repository / deployment / server / jaggeryapps / publisher / controllers / acs.jag"
var identityAlias = configs.ssoConfiguration.identityAlias;
改为 var identityAlias ="您的身份别名"
答案 1 :(得分:0)
我检查了与错误相关的源代码[1]。据此,当它试图初始化注册表时问题就出现了[2]。
创建租户时,服务器会为该租户创建一个密钥库,并将其存储在以下注册表路径中。
/ _系统/治理/库/安全/密钥存储/
如果租户名称是xyz.com,则在上面的注册表路径中,它会创建一个名为xyz-com.jks的java密钥库文件。
注册表对象存储在后端数据库中。因此,是否有可能找不到上面的密钥库文件或无法访问注册表文件路径?
答案 2 :(得分:0)
这种代码编写的方式受到了骚扰。创建租户时,将创建默认密钥库并将其存储在注册表中。你显然不想这样,所以你最终会通过更新te注册表和上传新的密钥库来替换密钥库。 Trick是您创建密钥库的方式,这是您需要做的事情
现在一切都会好起来的。