Failed to find private key by kid

By: Martin Petri user 21 Jan 2020 at 8:25 a.m. CST

4 Responses
Martin Petri gravatar
Hi. Few days ago we got the error listed below. We were not able so solve the problem and decided to reinstall gluu-server. Now, two days later we're facing the same problem. The client app worked perfectly with gluu/oxd until 2pm. Nothing changed in gluu-serer... oxauth.log: 2020-01-21 14:19:53,418 ERROR [qtp105704967-10] [org.gluu.oxauth.model.crypto.OxAuthCryptoProvider] (OxAuthCryptoProvider.java:229) - Failed to find private key by kid: 02d10d63-0f91-451b-aaf3-cc068dec3d21_sig_rs256, signatureAlgorithm: RS256(check whether web keys JSON in persistence corresponds to keystore file.) 2020-01-21 14:19:53,419 ERROR [qtp105704967-10] [org.gluu.oxauth.model.common.AuthorizationGrant] (AuthorizationGrant.java:266) - Failed to find private key by kid: 02d10d63-0f91-451b-aaf3-cc068dec3d21_sig_rs256, signatureAlgorithm: RS256(check whether web keys JSON in persistence corresponds to keystore file.) java.lang.RuntimeException: Failed to find private key by kid: 02d10d63-0f91-451b-aaf3-cc068dec3d21_sig_rs256, signatureAlgorithm: RS256(check whether web keys JSON in persistence corresponds to keystore file.) at org.gluu.oxauth.model.crypto.OxAuthCryptoProvider.sign(OxAuthCryptoProvider.java:230) ~[oxauth-model-4.0.Final.jar:?] Cheers, Martin
Gluu 4.0 Ubuntu 18.04
closed

Answers

By Martin Petri user 21 Jan 2020 at 11:02 a.m. CST

Copy
Martin Petri gravatar
oxauth.log file points out the key in oxauth-key.jks has been renewed. oxauth json config: keyRegenerationEnabled: true keyRegenerationInterval: 48 48 hours would match... > *root@rz-00272:/opt/gluu-server/etc/certs# keytool -list -v -keystore /opt/gluu-server/etc/certs/oxauth-keys.jks > Enter keystore password: > Keystore type: JKS > Keystore provider: SUN > > Your keystore contains 0 entries* And the new oxauth jks seems to have no entries, but the json file looks good. Can you help us with that?

By Michael Schwartz Account Admin 23 Jan 2020 at 12:50 p.m. CST

Copy
Michael Schwartz gravatar
There is a fix for this in the latest branch. @Mohib.Zico am I correct? If so, can you reference it?

By Mohib Zico Account Admin 23 Jan 2020 at 3:54 p.m. CST

Copy
Mohib Zico gravatar
Yes, I believe so. I'll share info.

By Mohib Zico Account Admin 27 Jan 2020 at 12:10 a.m. CST

Copy
Mohib Zico gravatar
[Here](https://github.com/GluuFederation/oxAuth/issues/1123) is the github issue which covered this scenario.

Post an answer