错误{org.wso2.carbon.idp.mgt.util.IdPManagementUtil} - 访问承租人的IdentityProviderManager时出错

时间:2017-01-29 01:19:19

标签: wso2 wso2is wso2carbon

在登录时在WSO2IS 5.1.0中获取此异常。

[2017-01-28 20:12:22,384] ERROR {org.wso2.carbon.idp.mgt.util.IdPManagementUtil} -  Error when accessing the IdentityProviderManager for tenant : xyz.com org.wso2.carbon.idp.mgt.IdentityProviderManagementException: Error retrieving primary certificate for tenant : xyz.com
        at org.wso2.carbon.idp.mgt.IdentityProviderManager.getResidentIdP(IdentityProviderManager.java:214)
        at org.wso2.carbon.idp.mgt.util.IdPManagementUtil.getRememberMeTimeout(IdPManagementUtil.java:98)
        at org.wso2.carbon.identity.application.authentication.framework.handler.request.impl.DefaultAuthenticationRequestHandler.setAuthCookie(DefaultAuthenticationRequestHandler.java:347)
        at org.wso2.carbon.identity.application.authentication.framework.handler.request.impl.DefaultAuthenticationRequestHandler.concludeFlow(DefaultAuthenticationRequestHandler.java:284)
        at org.wso2.carbon.identity.application.authentication.framework.handler.request.impl.DefaultAuthenticationRequestHandler.handle(DefaultAuthenticationRequestHandler.java:120)
        at org.wso2.carbon.identity.application.authentication.framework.handler.request.impl.DefaultRequestCoordinator.handle(DefaultRequestCoordinator.java:135)
        at org.wso2.carbon.identity.application.authentication.framework.servlet.CommonAuthenticationServlet.doPost(CommonAuthenticationServlet.java:53)
        at javax.servlet.http.HttpServlet.service(HttpServlet.java:646)
        at javax.servlet.http.HttpServlet.service(HttpServlet.java:727)
        at org.eclipse.equinox.http.helper.ContextPathServletAdaptor.service(ContextPathServletAdaptor.java:37)
        at org.eclipse.equinox.http.servlet.internal.ServletRegistration.service(ServletRegistration.java:61)
        at org.eclipse.equinox.http.servlet.internal.ProxyServlet.processAlias(ProxyServlet.java:128)
        at org.eclipse.equinox.http.servlet.internal.ProxyServlet.service(ProxyServlet.java:60)
        at javax.servlet.http.HttpServlet.service(HttpServlet.java:727)
        at org.wso2.carbon.tomcat.ext.servlet.DelegationServlet.service(DelegationServlet.java:68)
        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:303)
        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
        at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)
        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
        at org.wso2.carbon.ui.filters.CSRFPreventionFilter.doFilter(CSRFPreventionFilter.java:88)
        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
        at org.wso2.carbon.ui.filters.CRLFPreventionFilter.doFilter(CRLFPreventionFilter.java:59)
        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
        at org.wso2.carbon.tomcat.ext.filter.CharacterSetFilter.doFilter(CharacterSetFilter.java:61)
        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
        at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:220)
        at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:122)
        at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:504)
        at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:170)
        at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:103)
        at org.wso2.carbon.tomcat.ext.valves.CompositeValve.continueInvocation(CompositeValve.java:99)
        at org.wso2.carbon.tomcat.ext.valves.CarbonTomcatValve$1.invoke(CarbonTomcatValve.java:47)
        at org.wso2.carbon.webapp.mgt.TenantLazyLoaderValve.invoke(TenantLazyLoaderValve.java:57)
        at org.wso2.carbon.tomcat.ext.valves.TomcatValveContainer.invokeValves(TomcatValveContainer.java:47)
        at org.wso2.carbon.tomcat.ext.valves.CompositeValve.invoke(CompositeValve.java:62)
        at org.wso2.carbon.tomcat.ext.valves.CarbonStuckThreadDetectionValve.invoke(CarbonStuckThreadDetectionValve.java:159)
        at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:950)
        at org.wso2.carbon.tomcat.ext.valves.CarbonContextCreatorValve.invoke(CarbonContextCreatorValve.java:57)
        at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:116)
        at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:421)
        at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1074)
        at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:611)
        at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1739)
        at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.run(NioEndpoint.java:1698)
        at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
        at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
        at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
        at java.lang.Thread.run(Thread.java:745)

3 个答案:

答案 0 :(得分:1)

问题在于client-truststore.jks

第1步

用pfx文件生成的jks文件替换wso2appm-1.2.1-SNAPSHOT / repository / resources / security / wso2carbon.jks(提供商发送的SSL文件)

在carbon.xml中更改jks文件名,密钥库密码和别名

将client-truststore.jks替换为您在文件夹wso2appm-1.2.1-SNAPSHOT / repository / resources / security / client-truststore.jks

中创建的客户端。

要创建client-truststore.jks文件,请按照以下步骤进行操作

keytool -export -alias certalias -keystore your_jks.jks -file .pem

这将生成.pem文件

如果您不知道certalias名称,请按照以下步骤找到它并使用正确的别名运行abve命令

Linux上的

keytool -list -v -keystore your_jks.jks | grep"别名\ _创建日期"

Windows上的

keytool -list -v -keystore your_jks.jks | findstr" Alias Creation"

第2步

keytool -import -alias certalias -file .pem -keystore client-truststore.jks -storepass wso2carbon

这将生成client-truststore.jks并用此替换旧的(wso2appm-1.2.1-SNAPSHOT / repository / resources / security / client-truststore.jks)

现在更改carbon.xml中的密钥库别名(wso2appm-1.2.1-SNAPSHOT / repository / conf / carbon.xml)

运行该应用程序并检查。

如果仍然出现错误,请更改下面一行中的identityAlias" repository / deployment / server / jaggeryapps / publisher / controllers / acs.jag"

var identityAlias = configs.ssoConfiguration.identityAlias;

改为 var identityAlias ="您的身份别名"

答案 1 :(得分:0)

我检查了与错误相关的源代码[1]。据此,当它试图初始化注册表时问题就出现了[2]。

创建租户时,服务器会为该租户创建一个密钥库,并将其存储在以下注册表路径中。

/ _系统/治理/库/安全/密钥存储/

如果租户名称是xyz.com,则在上面的注册表路径中,它会创建一个名为xyz-com.jks的java密钥库文件。

注册表对象存储在后端数据库中。因此,是否有可能找不到上面的密钥库文件或无法访问注册表文件路径?

[1] https://github.com/wso2/carbon-identity/blob/v5.0.7/components/idp-mgt/org.wso2.carbon.idp.mgt/src/main/java/org/wso2/carbon/idp/mgt/IdentityProviderManager.java#L213

[2] https://github.com/wso2/carbon-identity/blob/v5.0.7/components/idp-mgt/org.wso2.carbon.idp.mgt/src/main/java/org/wso2/carbon/idp/mgt/IdentityProviderManager.java#L197

答案 2 :(得分:0)

这种代码编写的方式受到了骚扰。创建租户时,将创建默认密钥库并将其存储在注册表中。你显然不想这样,所以你最终会通过更新te注册表和上传新的密钥库来替换密钥库。 Trick是您创建密钥库的方式,这是您需要做的事情

  • 租户域名:" xyz.com"
  • 密钥库的名称:" xyz-com.jks"
  • 私钥条目别名的名称:" xyz.com"

现在一切都会好起来的。