By: Wilbur Pereira user 30 Mar 2017 at 3:36 a.m. CDT

8 Responses

What could possibly be the reason for the below error, 2017-03-30 13:42:00,053 INFO [qtp242131142-16] [org.xdi.oxauth.auth.Authenticator] (Authenticator.java:323) - Authentication success for User: 'bbbbbb' 2017-03-30 13:42:00,176 ERROR [qtp242131142-11] [org.xdi.oxauth.model.crypto.OxAuthCryptoProvider] (OxAuthCryptoProvider.java:114) - Keystore was tampered with, or password was incorrect java.io.IOException: Keystore was tampered with, or password was incorrect at sun.security.provider.JavaKeyStore.engineLoad(JavaKeyStore.java:780) ~[?:1.8.0_112] at sun.security.provider.JavaKeyStore$JKS.engineLoad(JavaKeyStore.java:56) ~[?:1.8.0_112] at sun.security.provider.KeyStoreDelegator.engineLoad(KeyStoreDelegator.java:224) ~[?:1.8.0_112] at sun.security.provider.JavaKeyStore$DualFormatJKS.engineLoad(JavaKeyStore.java:70) ~[?:1.8.0_112] at java.security.KeyStore.load(KeyStore.java:1445) ~[?:1.8.0_112] at org.xdi.oxauth.model.crypto.OxAuthCryptoProvider.<init>(OxAuthCryptoProvider.java:112) [oxauth-model-3.0.1.jar:?] at org.xdi.oxauth.model.crypto.CryptoProviderFactory.getCryptoProvider(CryptoProviderFactory.java:27) [oxauth-model-3.0.1.jar:?] at org.xdi.oxauth.model.token.JwtSigner.<init>(JwtSigner.java:49) [classes/:?] at org.xdi.oxauth.model.token.JwtSigner.newJwtSigner(JwtSigner.java:59) [classes/:?] at org.xdi.oxauth.model.token.IdTokenFactory.generateSignedIdToken(IdTokenFactory.java:102) [classes/:?] at sun.reflect.GeneratedMethodAccessor424.invoke(Unknown Source) ~[?:?] at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) ~[?:1.8.0_112] at java.lang.reflect.Method.invoke(Method.java:498) ~[?:1.8.0_112] at org.jboss.seam.util.Reflections.invoke(Reflections.java:22) [jboss-seam-2.3.1.Final.jar:2.3.1.Final] at org.jboss.seam.intercept.RootInvocationContext.proceed(RootInvocationContext.java:32) [jboss-seam-2.3.1.Final.jar:2.3.1.Final] at org.jboss.seam.intercept.SeamInvocationContext.proceed(SeamInvocationContext.java:56) [jboss-seam-2.3.1.Final.jar:2.3.1.Final] at org.jboss.seam.transaction.RollbackInterceptor.aroundInvoke(RollbackInterceptor.java:28) [jboss-seam-2.3.1.Final.jar:2.3.1.Final] at org.jboss.seam.intercept.SeamInvocationContext.proceed(SeamInvocationContext.java:68) [jboss-seam-2.3.1.Final.jar:2.3.1.Final] at org.jboss.seam.core.BijectionInterceptor.aroundInvoke(BijectionInterceptor.java:79) [jboss-seam-2.3.1.Final.jar:2.3.1.Final] at org.jboss.seam.intercept.SeamInvocationContext.proceed(SeamInvocationContext.java:68) [jboss-seam-2.3.1.Final.jar:2.3.1.Final] at org.jboss.seam.core.MethodContextInterceptor.aroundInvoke(MethodContextInterceptor.java:44) [jboss-seam-2.3.1.Final.jar:2.3.1.Final] at org.jboss.seam.intercept.SeamInvocationContext.proceed(SeamInvocationContext.java:68) [jboss-seam-2.3.1.Final.jar:2.3.1.Final] at org.jboss.seam.intercept.RootInterceptor.invoke(RootInterceptor.java:107) [jboss-seam-2.3.1.Final.jar:2.3.1.Final] at org.jboss.seam.intercept.JavaBeanInterceptor.interceptInvocation(JavaBeanInterceptor.java:196) [jboss-seam-2.3.1.Final.jar:2.3.1.Final] at org.jboss.seam.intercept.JavaBeanInterceptor.invoke(JavaBeanInterceptor.java:114) [jboss-seam-2.3.1.Final.jar:2.3.1.Final] at org.xdi.oxauth.model.token.IdTokenFactory_$$_javassist_seam_58.generateSignedIdToken(IdTokenFactory_$$_javassist_seam_58.java) [classes/:?] at org.xdi.oxauth.model.token.IdTokenFactory.createJwr(IdTokenFactory.java:482) [classes/:?] at org.xdi.oxauth.model.common.AuthorizationGrant.createIdToken(AuthorizationGrant.java:59) [classes/:?] at org.xdi.oxauth.model.common.AuthorizationGrant.createIdToken(AuthorizationGrant.java:158) [classes/:?] at org.xdi.oxauth.authorize.ws.rs.AuthorizeRestWebServiceImpl.requestAuthorization(AuthorizeRestWebServiceImpl.java:542) [classes/:?] at org.xdi.oxauth.authorize.ws.rs.AuthorizeRestWebServiceImpl.requestAuthorizationGet(AuthorizeRestWebServiceImpl.java:112) [classes/:?] at sun.reflect.GeneratedMethodAccessor257.invoke(Unknown Source) ~[?:?] at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) ~[?:1.8.0_112] at java.lang.reflect.Method.invoke(Method.java:498) ~[?:1.8.0_112] at org.jboss.seam.util.Reflections.invoke(Reflections.java:22) [jboss-seam-2.3.1.Final.jar:2.3.1.Final] at org.jboss.seam.intercept.RootInvocationContext.proceed(RootInvocationContext.java:32) [jboss-seam-2.3.1.Final.jar:2.3.1.Final] at org.jboss.seam.intercept.SeamInvocationContext.proceed(SeamInvocationContext.java:56) [jboss-seam-2.3.1.Final.jar:2.3.1.Final] at org.jboss.seam.resteasy.ResteasyContextInjectionInterceptor.aroundInvoke(ResteasyContextInjectionInterceptor.java:59) [jboss-seam-resteasy-2.3.1.Final.jar:2.3.1.Final] at org.jboss.seam.intercept.SeamInvocationContext.proceed(SeamInvocationContext.java:68) [jboss-seam-2.3.1.Final.jar:2.3.1.Final] at org.jboss.seam.transaction.RollbackInterceptor.aroundInvoke(RollbackInterceptor.java:28) [jboss-seam-2.3.1.Final.jar:2.3.1.Final] at org.jboss.seam.intercept.SeamInvocationContext.proceed(SeamInvocationContext.java:68) [jboss-seam-2.3.1.Final.jar:2.3.1.Final] at org.jboss.seam.core.BijectionInterceptor.aroundInvoke(BijectionInterceptor.java:79) [jboss-seam-2.3.1.Final.jar:2.3.1.Final] at org.jboss.seam.intercept.SeamInvocationContext.proceed(SeamInvocationContext.java:68) [jboss-seam-2.3.1.Final.jar:2.3.1.Final] at org.jboss.seam.core.MethodContextInterceptor.aroundInvoke(MethodContextInterceptor.java:44) [jboss-seam-2.3.1.Final.jar:2.3.1.Final] at org.jboss.seam.intercept.SeamInvocationContext.proceed(SeamInvocationContext.java:68) [jboss-seam-2.3.1.Final.jar:2.3.1.Final] at org.jboss.seam.intercept.RootInterceptor.invoke(RootInterceptor.java:107) [jboss-seam-2.3.1.Final.jar:2.3.1.Final] at org.jboss.seam.intercept.JavaBeanInterceptor.interceptInvocation(JavaBeanInterceptor.java:196) [jboss-seam-2.3.1.Final.jar:2.3.1.Final] at org.jboss.seam.intercept.JavaBeanInterceptor.invoke(JavaBeanInterceptor.java:114) [jboss-seam-2.3.1.Final.jar:2.3.1.Final] at org.xdi.oxauth.authorize.ws.rs.AuthorizeRestWebServiceImpl_$$_javassist_seam_46.requestAuthorizationGet(AuthorizeRestWebServiceImpl_$$_javassist_seam_46.java) [classes/:?] at sun.reflect.GeneratedMethodAccessor256.invoke(Unknown Source) ~[?:?] at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) ~[?:1.8.0_112] at java.lang.reflect.Method.invoke(Method.java:498) ~[?:1.8.0_112] at org.jboss.resteasy.core.MethodInjectorImpl.invoke(MethodInjectorImpl.java:167) [resteasy-jaxrs-2.3.7.Final.jar:?] at org.jboss.resteasy.core.ResourceMethod.invokeOnTarget(ResourceMethod.java:269) [resteasy-jaxrs-2.3.7.Final.jar:?] at org.jboss.resteasy.core.ResourceMethod.invoke(ResourceMethod.java:227) [resteasy-jaxrs-2.3.7.Final.jar:?] at org.jboss.resteasy.core.ResourceMethod.invoke(ResourceMethod.java:216) [resteasy-jaxrs-2.3.7.Final.jar:?] at org.jboss.resteasy.core.SynchronousDispatcher.getResponse(SynchronousDispatcher.java:542) [resteasy-jaxrs-2.3.7.Final.jar:?] at org.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:524) [resteasy-jaxrs-2.3.7.Final.jar:?] at org.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:126) [resteasy-jaxrs-2.3.7.Final.jar:?] at org.jboss.seam.resteasy.ResteasyResourceAdapter$1.process(ResteasyResourceAdapter.java:145) [jboss-seam-resteasy-2.3.1.Final.jar:2.3.1.Final] at org.jboss.seam.servlet.ContextualHttpServletRequest.run(ContextualHttpServletRequest.java:65) [jboss-seam-2.3.1.Final.jar:2.3.1.Final] at org.jboss.seam.resteasy.ResteasyResourceAdapter.getResource(ResteasyResourceAdapter.java:120) [jboss-seam-resteasy-2.3.1.Final.jar:2.3.1.Final] at org.jboss.seam.servlet.SeamResourceServlet.service(SeamResourceServlet.java:80) [jboss-seam-2.3.1.Final.jar:2.3.1.Final] at javax.servlet.http.HttpServlet.service(HttpServlet.java:790) [servlet-api-3.1.jar:3.1.0] at org.eclipse.jetty.servlet.ServletHolder.handle(ServletHolder.java:845) [jetty-servlet-9.3.15.v20161220.jar:9.3.15.v20161220] at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1772) [jetty-servlet-9.3.15.v20161220.jar:9.3.15.v20161220] at org.jboss.seam.servlet.SeamFilter$FilterChainImpl.doFilter(SeamFilter.java:83) [jboss-seam-2.3.1.Final.jar:2.3.1.Final] at org.jboss.seam.web.RewriteFilter.doFilter(RewriteFilter.java:63) [jboss-seam-2.3.1.Final.jar:2.3.1.Final] at org.jboss.seam.servlet.SeamFilter$FilterChainImpl.doFilter(SeamFilter.java:69) [jboss-seam-2.3.1.Final.jar:2.3.1.Final] at org.jboss.seam.web.IdentityFilter.doFilter(IdentityFilter.java:40) [jboss-seam-2.3.1.Final.jar:2.3.1.Final] at org.jboss.seam.servlet.SeamFilter$FilterChainImpl.doFilter(SeamFilter.java:69) [jboss-seam-2.3.1.Final.jar:2.3.1.Final] at org.jboss.seam.web.LoggingFilter.doFilter(LoggingFilter.java:60) [jboss-seam-2.3.1.Final.jar:2.3.1.Final] at org.jboss.seam.servlet.SeamFilter$FilterChainImpl.doFilter(SeamFilter.java:69) [jboss-seam-2.3.1.Final.jar:2.3.1.Final] at org.xdi.oxauth.auth.AuthenticationFilter.processSessionAuth(AuthenticationFilter.java:168) [classes/:?] at org.xdi.oxauth.auth.AuthenticationFilter.access$600(AuthenticationFilter.java:67) [classes/:?] at org.xdi.oxauth.auth.AuthenticationFilter$1.process(AuthenticationFilter.java:146) [classes/:?] at org.jboss.seam.servlet.ContextualHttpServletRequest.run(ContextualHttpServletRequest.java:65) [jboss-seam-2.3.1.Final.jar:2.3.1.Final] at org.xdi.oxauth.auth.AuthenticationFilter.doFilter(AuthenticationFilter.java:89) [classes/:?] at org.jboss.seam.servlet.SeamFilter$FilterChainImpl.doFilter(SeamFilter.java:69) [jboss-seam-2.3.1.Final.jar:2.3.1.Final] at org.jboss.seam.web.MultipartFilter.doFilter(MultipartFilter.java:90) [jboss-seam-2.3.1.Final.jar:2.3.1.Final] at org.jboss.seam.servlet.SeamFilter$FilterChainImpl.doFilter(SeamFilter.java:69) [jboss-seam-2.3.1.Final.jar:2.3.1.Final] at org.jboss.seam.web.ExceptionFilter.doFilter(ExceptionFilter.java:64) [jboss-seam-2.3.1.Final.jar:2.3.1.Final] at org.jboss.seam.servlet.SeamFilter$FilterChainImpl.doFilter(SeamFilter.java:69) [jboss-seam-2.3.1.Final.jar:2.3.1.Final] at org.jboss.seam.web.RedirectFilter.doFilter(RedirectFilter.java:45) [jboss-seam-2.3.1.Final.jar:2.3.1.Final] at org.jboss.seam.servlet.SeamFilter$FilterChainImpl.doFilter(SeamFilter.java:69) [jboss-seam-2.3.1.Final.jar:2.3.1.Final] at org.jboss.seam.servlet.SeamFilter.doFilter(SeamFilter.java:158) [jboss-seam-2.3.1.Final.jar:2.3.1.Final] at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1751) [jetty-servlet-9.3.15.v20161220.jar:9.3.15.v20161220] at org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:582) [jetty-servlet-9.3.15.v20161220.jar:9.3.15.v20161220] at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:143) [jetty-server-9.3.15.v20161220.jar:9.3.15.v20161220] at org.eclipse.jetty.security.SecurityHandler.handle(SecurityHandler.java:548) [jetty-security-9.3.15.v20161220.jar:9.3.15.v20161220] at org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:226) [jetty-server-9.3.15.v20161220.jar:9.3.15.v20161220] at org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1180) [jetty-server-9.3.15.v20161220.jar:9.3.15.v20161220] at org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:512) [jetty-servlet-9.3.15.v20161220.jar:9.3.15.v20161220] at org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:185) [jetty-server-9.3.15.v20161220.jar:9.3.15.v20161220] at org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1112) [jetty-server-9.3.15.v20161220.jar:9.3.15.v20161220] at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:141) [jetty-server-9.3.15.v20161220.jar:9.3.15.v20161220] at org.eclipse.jetty.server.handler.ContextHandlerCollection.handle(ContextHandlerCollection.java:213) [jetty-server-9.3.15.v20161220.jar:9.3.15.v20161220] at org.eclipse.jetty.server.handler.HandlerCollection.handle(HandlerCollection.java:119) [jetty-server-9.3.15.v20161220.jar:9.3.15.v20161220] at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:134) [jetty-server-9.3.15.v20161220.jar:9.3.15.v20161220] at org.eclipse.jetty.server.Server.handle(Server.java:534) [jetty-server-9.3.15.v20161220.jar:9.3.15.v20161220] at org.eclipse.jetty.server.HttpChannel.handle(HttpChannel.java:320) [jetty-server-9.3.15.v20161220.jar:9.3.15.v20161220] at org.eclipse.jetty.server.HttpConnection.onFillable(HttpConnection.java:251) [jetty-server-9.3.15.v20161220.jar:9.3.15.v20161220] at org.eclipse.jetty.io.AbstractConnection$ReadCallback.succeeded(AbstractConnection.java:283) [jetty-io-9.3.15.v20161220.jar:9.3.15.v20161220] at org.eclipse.jetty.io.FillInterest.fillable(FillInterest.java:110) [jetty-io-9.3.15.v20161220.jar:9.3.15.v20161220] at org.eclipse.jetty.io.SelectChannelEndPoint$2.run(SelectChannelEndPoint.java:93) [jetty-io-9.3.15.v20161220.jar:9.3.15.v20161220] at org.eclipse.jetty.util.thread.strategy.ExecuteProduceConsume.executeProduceConsume(ExecuteProduceConsume.java:303) [jetty-util-9.3.15.v20161220.jar:9.3.15.v20161220] at org.eclipse.jetty.util.thread.strategy.ExecuteProduceConsume.produceConsume(ExecuteProduceConsume.java:148) [jetty-util-9.3.15.v20161220.jar:9.3.15.v20161220] at org.eclipse.jetty.util.thread.strategy.ExecuteProduceConsume.run(ExecuteProduceConsume.java:136) [jetty-util-9.3.15.v20161220.jar:9.3.15.v20161220] at org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:671) [jetty-util-9.3.15.v20161220.jar:9.3.15.v20161220] at org.eclipse.jetty.util.thread.QueuedThreadPool$2.run(QueuedThreadPool.java:589) [jetty-util-9.3.15.v20161220.jar:9.3.15.v20161220] at java.lang.Thread.run(Thread.java:745) [?:1.8.0_112] Caused by: java.security.UnrecoverableKeyException: Password verification failed at sun.security.provider.JavaKeyStore.engineLoad(JavaKeyStore.java:778) ~[?:1.8.0_112] ... 110 more

CentOS72

closed

By Mohib Zico staff 30 Mar 2017 at 4:16 a.m. CDT

Copy

Reason is as it says... >> Keystore was tampered with, or password was incorrect

By Wilbur Pereira user 30 Mar 2017 at 4:19 a.m. CDT

Copy

IS there a solution to this. We have googled for the same but have not managed to find a working solution.

By Mohib Zico staff 30 Mar 2017 at 4:21 a.m. CDT

Copy

We don't know what problem you are facing... Can't you authenticate? Isn't oxTrust not working? Isn't SSO working?

By Wilbur Pereira user 30 Mar 2017 at 4:27 a.m. CDT

Copy

As per the logs **Authentication success for User: 'bbbbbb'** 2017-03-30 13:42:00,176 ERROR [qtp242131142-11] but the redirection to the RP is not working and when we checked the logs we noticed the errors mentioned in the ticket. Could this be as result of an improper installation of the GLUU server ?

By Mohib Zico staff 30 Mar 2017 at 4:49 a.m. CDT

Copy

Generally it happens if you 'change' any working condition. Say: - Your RP was connected with another Gluu Server. Now this is a new Gluu Server. - You upgraded your old Gluu Server to latest 3.x.x, which didn't go well. - Some configuration ( connectivity to OP ) changed. Resolutions would be: - Restore old configuration. - Make sure 'oxauth-keys.jks' and 'oxauth-keys.json' ( /etc/certs ) are in good condition.

By Wilbur Pereira user 30 Mar 2017 at 6:47 a.m. CDT

Copy

This is our first installation of GLUU so none of the below are applicable to us, Generally it happens if you 'change' any working condition. Say: Your RP was connected with another Gluu Server. Now this is a new Gluu Server. You upgraded your old Gluu Server to latest 3.x.x, which didn't go well. Some configuration ( connectivity to OP ) changed. We modified the path to the keystore in setup.properties.last to point to our the gluu default path. #defaultTrustStoreFN=/opt/jre/jre/lib/security/cacerts defaultTrustStoreFN=/opt/gluu-server/etc/certs Resolutions would be: Restore old configuration. Make sure 'oxauth-keys.jks' and 'oxauth-keys.json' ( /etc/certs ) are in good condition. Tried to run a keytool -list command on oxauth-keys.jks but the password seems to be different. We have a keystore password that we tried but go the same error #defaultTrustStoreFN=/opt/jre/jre/lib/security/cacerts defaultTrustStoreFN=/opt/gluu-server-3.0.1/etc/certs

By Wilbur Pereira user 30 Mar 2017 at 9:36 a.m. CDT

Copy

Just noticed that the setup log had certificate issues throughout and will be uninstalling and installing the server again. Thanks for the support.

By Wilbur Pereira user 30 Mar 2017 at 9:36 a.m. CDT

Copy

Surprisingly with the errors throughout there was not setup_error.log generated so we assumed that the setup was fine.

You need to Login in order to post an answer

Keystore was tampered with, or password was incorrect java.io.IOException

By: Wilbur Pereira user 30 Mar 2017 at 3:36 a.m. CDT

Answers

By Mohib Zico staff 30 Mar 2017 at 4:16 a.m. CDT

By Wilbur Pereira user 30 Mar 2017 at 4:19 a.m. CDT

By Mohib Zico staff 30 Mar 2017 at 4:21 a.m. CDT

By Wilbur Pereira user 30 Mar 2017 at 4:27 a.m. CDT

By Mohib Zico staff 30 Mar 2017 at 4:49 a.m. CDT

By Wilbur Pereira user 30 Mar 2017 at 6:47 a.m. CDT

By Wilbur Pereira user 30 Mar 2017 at 9:36 a.m. CDT

By Wilbur Pereira user 30 Mar 2017 at 9:36 a.m. CDT

Post an answer