By: Roman Ott user 11 Jun 2019 at 2:15 a.m. CDT

1 Response
Roman Ott gravatar
I tried to restore a gluu backup on our staging environment in aws. 1. Install Gluu via apt-get 2. Installation with own backuped setup.properties 3. Restore LDAP via import from backup Now i can login via OXTrust Admin Gui and Browse Ldap Scheme via Jxplorer All client configuration is visible and users are present. But OpenID Authentification via Client is not working. Because id_token is missing in respone, i get only access_token, refresh token OST[TOKEN_ENDPPOINT] grant_type=authorization_code &client_id=[CLIENT_ID] &client_secret=[CLIENT_SECRET] &redirect_url=https://openidconnect.net/callback &code=bcf8972f-19b5-4f65-8c39-c91370ca6676 HTTP/1.1 200 Content-Type: application/json { "access_token": "f1c46e7b-f404-4ce8-8ea9-6fd9ffafeda6", "token_type": "bearer", "expires_in": 299, "refresh_token": "f73f9707-2402-4c0e-a0fd-b5d52ff2bf32" } 2019-06-10 21:19:10,115 INFO [qtp804611486-9] [org.xdi.oxauth.auth.Authenticator] (Authenticator.java:262) - Authentication success for Client: '@!50D2.35DC.8E35.73EE!0001!3176.2217!0008!053D.2761.DEAA.37F6' 2019-06-10 21:19:10,122 ERROR [qtp804611486-9] [org.xdi.oxauth.model.common.AuthorizationGrant] (AuthorizationGrant.java:231) - Supplied key (null) is not a RSAPrivateKey instance java.security.InvalidKeyException: Supplied key (null) is not a RSAPrivateKey instance at org.bouncycastle.jcajce.provider.asymmetric.rsa.DigestSignatureSpi.engineInitSign(Unknown Source) ~[bcprov-jdk15on-1.54.jar:1.54.0] at java.security.Signature$Delegate.engineInitSign(Signature.java:1177) ~[?:1.8.0_181] at java.security.Signature.initSign(Signature.java:530) ~[?:1.8.0_181] at org.xdi.oxauth.model.crypto.OxAuthCryptoProvider.sign(OxAuthCryptoProvider.java:168) ~[oxauth-model-3.1.5.Final.jar:?] at org.xdi.oxauth.model.token.JwtSigner.sign(JwtSigner.java:85) ~[classes/:?] at org.xdi.oxauth.model.token.IdTokenFactory.generateSignedIdToken(IdTokenFactory.java:294) ~[classes/:?] at org.xdi.oxauth.model.token.IdTokenFactory.createJwr(IdTokenFactory.java:530) ~[classes/:?] at org.xdi.oxauth.model.common.AuthorizationGrant.createIdToken(AuthorizationGrant.java:89) ~[classes/:?] at org.xdi.oxauth.model.common.AuthorizationGrant.createIdToken(AuthorizationGrant.java:215) [classes/:?] at org.xdi.oxauth.token.ws.rs.TokenRestWebServiceImpl.requestAccessToken(TokenRestWebServiceImpl.java:202) [classes/:?] at org.xdi.oxauth.token.ws.rs.TokenRestWebServiceImpl$Proxy$_$$_WeldClientProxy.requestAccessToken(Unknown Source) [classes/:?] at sun.reflect.GeneratedMethodAccessor300.invoke(Unknown Source) ~[?:?] at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) ~[?:1.8.0_181] at java.lang.reflect.Method.invoke(Method.java:498) ~[?:1.8.0_181] at org.jboss.resteasy.core.MethodInjectorImpl.invoke(MethodInjectorImpl.java:140) [resteasy-jaxrs-3.0.21.Final.jar:3.0.21.Final] at org.jboss.resteasy.core.ResourceMethodInvoker.invokeOnTarget(ResourceMethodInvoker.java:295) [resteasy-jaxrs-3.0.21.Final.jar:3.0.21.Final] at org.jboss.resteasy.core.ResourceMethodInvoker.invoke(ResourceMethodInvoker.java:249) [resteasy-jaxrs-3.0.21.Final.jar:3.0.21.Final] at org.jboss.resteasy.core.ResourceMethodInvoker.invoke(ResourceMethodInvoker.java:236) [resteasy-jaxrs-3.0.21.Final.jar:3.0.21.Final] at org.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:402) [resteasy-jaxrs-3.0.21.Final.jar:3.0.21.Final] at org.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:209) [resteasy-jaxrs-3.0.21.Final.jar:3.0.21.Final] at org.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:228) [resteasy-jaxrs-3.0.21.Final.jar:3.0.21.Final] at org.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:56) [resteasy-jaxrs-3.0.21.Final.jar:3.0.21.Final] at org.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:51) [resteasy-jaxrs-3.0.21.Final.jar:3.0.21.Final] at javax.servlet.http.HttpServlet.service(HttpServlet.java:790) [servlet-api-3.1.jar:3.1.0] at org.eclipse.jetty.servlet.ServletHolder.handle(ServletHolder.java:865) [jetty-servlet-9.4.12.v20180830.jar:9.4.12.v20180830] at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1655) [jetty-servlet-9.4.12.v20180830.jar:9.4.12.v20180830] at org.eclipse.jetty.websocket.server.WebSocketUpgradeFilter.doFilter(WebSocketUpgradeFilter.java:215) [websocket-server-9.4.12.v20180830.jar:9.4.12.v20180830] at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1642) [jetty-servlet-9.4.12.v20180830.jar:9.4.12.v20180830] at org.xdi.oxauth.auth.AuthenticationFilter.processPostAuth(AuthenticationFilter.java:342) [classes/:?] at org.xdi.oxauth.auth.AuthenticationFilter.doFilter(AuthenticationFilter.java:115) [classes/:?] I think there is a problem with certificates, but i dont know which certificate to update. Is it the idp certificate? Best Regards Roman

By Roman Ott user 11 Jun 2019 at 9:54 a.m. CDT

Roman Ott gravatar
Okay question solved. Generated complete new credentials for oxauth-keys.jks and oxauth-keys.json via oxauth-client.jar Update via JxExplorer in LDAP Scheme jwks Restart Gluu