By: Alvaro Villanueva user 23 Sep 2021 at 3:38 a.m. CDT

1 Response
Alvaro Villanueva gravatar
OxAuth is unexpectedly performing key renewals about once every 14 days in a production environment and makes the instance to restart, disabling the Gluu Service. This procedure takes about one hour to finish, and it happens suddenly giving no time to warn clients. Is there a way to control the expiration date of certificates? Or at least a value to plan this, i.e try to apply it at midnight or something? OxAuth Logs: Warning previous to the error: ``` WARNING! Expired Key is used, alias: 9fbf6ae0-c1ab-444b-86d0-a0e862a33009_sig_rs256 Expires On: 2021-09-21 16:04:37 Today's Date: 2021-09-21 14:31:04 ``` When it fails: ``` 2021-09-21 14:35:56,522 INFO [main] [org.quartz.impl.StdSchedulerFactory] (StdSchedulerFactory.java:1374) - Quartz scheduler 'oxAuthScheduler' initialized from the specified file : 'quartz.properties' from the class resource path. 2021-09-21 14:35:56,522 INFO [main] [org.quartz.impl.StdSchedulerFactory] (StdSchedulerFactory.java:1378) - Quartz scheduler version: 2.3.2 2021-09-21 14:35:56,617 INFO [main] [org.quartz.core.QuartzScheduler] (QuartzScheduler.java:2293) - JobFactory set to: org.gluu.service.timer.JobExecutionFactory@2eb3e308 2021-09-21 14:35:56,618 INFO [main] [org.gluu.service.timer.QuartzSchedulerManager] (QuartzSchedulerManager.java:62) - Quartz scheduler manager initialized 2021-09-21 14:35:56,618 INFO [main] [org.quartz.core.QuartzScheduler] (QuartzScheduler.java:547) - Scheduler oxAuthScheduler_$_NON_CLUSTERED started. 2021-09-21 14:35:56,618 INFO [main] [org.gluu.service.timer.QuartzSchedulerManager] (QuartzSchedulerManager.java:115) - Quartz scheduler started 2021-09-21 14:35:57,020 INFO [main] [org.gluu.service.logger.LoggerService] (LoggerService.java:47) - Initializing Logger Update Timer 2021-09-21 14:35:57,522 INFO [main] [gluu.oxauth.fido2.service.mds.MdsTocService] (MdsTocService.java:111) - Populating TOC entries from /etc/gluu/conf/fido2/mds/toc 2021-09-21 14:35:57,922 INFO [main] [org.gluu.oxauth.fido2.certification.DirectoryBasedMetadataLoader] (DirectoryBasedMetadataLoader.java:68) - Populating metadata from /etc/gluu/conf/fido2/server_metadata 2021-09-21 14:35:59,621 INFO [main] [org.jboss.weld.environment.servlet.Listener] (Listener.java:112) - WELD-ENV-001006: org.jboss.weld.environment.servlet.EnhancedListener used to initialize Weld 2021-09-21 14:36:21,020 INFO [main] [org.jboss.weld.environment.servlet.EnhancedListener] (EnhancedListener.java:75) - WELD-ENV-001009: org.jboss.weld.environment.servlet.Listener used for ServletRequest and HttpSession notifications 2021-09-21 14:36:25,423 INFO [main] [org.jboss.resteasy.spi.ResteasyDeployment] (ResteasyDeployment.java:546) - RESTEASY002225: Deploying javax.ws.rs.core.Application: class org.gluu.oxauth.service.ResteasyInitializer$Proxy$_$$_WeldClientProxy 2021-09-21 14:36:25,424 WARN [main] [org.jboss.resteasy.spi.ResteasyProviderFactory] (ResteasyProviderFactory.java:1675) - RESTEASY002155: Provider class org.jboss.resteasy.plugins.providers.ReaderProvider is already registered. 2nd registration is being ignored. 2021-09-21 14:36:25,517 WARN [main] [org.jboss.resteasy.spi.ResteasyProviderFactory] (ResteasyProviderFactory.java:1675) - RESTEASY002155: Provider class org.jboss.resteasy.plugins.providers.DefaultBooleanWriter is already registered. 2nd registration is being ignored. 2021-09-21 14:36:25,518 WARN [main] [org.jboss.resteasy.spi.ResteasyProviderFactory] (ResteasyProviderFactory.java:1675) - RESTEASY002155: Provider class org.jboss.resteasy.plugins.providers.JaxrsFormProvider is already registered. 2nd registration is being ignored. 2021-09-21 14:36:25,518 WARN [main] [org.jboss.resteasy.spi.ResteasyProviderFactory] (ResteasyProviderFactory.java:1675) - RESTEASY002155: Provider class org.jboss.resteasy.plugins.providers.StringTextStar is already registered. 2nd registration is being ignored. 2021-09-21 14:36:25,519 WARN [main] [org.jboss.resteasy.spi.ResteasyProviderFactory] (ResteasyProviderFactory.java:1675) - RESTEASY002155: Provider class org.jboss.resteasy.plugins.providers.jackson.ResteasyJackson2Provider is already registered. 2nd registration is being ignored. 2021-09-21 14:36:25,520 WARN [main] [org.jboss.resteasy.spi.ResteasyProviderFactory] (ResteasyProviderFactory.java:1675) - RESTEASY002155: Provider class org.jboss.resteasy.plugins.providers.IIOImageProvider is already registered. 2nd registration is being ignored. 2021-09-21 14:36:25,718 WARN [main] [org.jboss.resteasy.spi.ResteasyProviderFactory] (ResteasyProviderFactory.java:1675) - RESTEASY002155: Provider class org.jboss.resteasy.plugins.providers.sse.SseEventProvider is already registered. 2nd registration is being ignored. 2021-09-21 14:36:25,719 WARN [main] [org.jboss.resteasy.spi.ResteasyProviderFactory] (ResteasyProviderFactory.java:1675) - RESTEASY002155: Provider class org.jboss.resteasy.plugins.providers.DefaultTextPlain is already registered. 2nd registration is being ignored. 2021-09-21 14:36:25,719 WARN [main] [org.jboss.resteasy.spi.ResteasyProviderFactory] (ResteasyProviderFactory.java:1675) - RESTEASY002155: Provider class org.jboss.resteasy.plugins.providers.sse.SseEventOutputProvider is already registered. 2nd registration is being ignored. 2021-09-21 14:36:25,719 WARN [main] [org.jboss.resteasy.spi.ResteasyProviderFactory] (ResteasyProviderFactory.java:1675) - RESTEASY002155: Provider class org.jboss.resteasy.plugins.providers.DocumentProvider is already registered. 2nd registration is being ignored. 2021-09-21 14:36:25,720 WARN [main] [org.jboss.resteasy.spi.ResteasyProviderFactory] (ResteasyProviderFactory.java:1675) - RESTEASY002155: Provider class org.jboss.resteasy.plugins.providers.jaxb.JAXBElementProvider is already registered. 2nd registration is being ignored. 2021-09-21 14:36:25,720 WARN [main] [org.jboss.resteasy.spi.ResteasyProviderFactory] (ResteasyProviderFactory.java:1675) - RESTEASY002155: Provider class org.jboss.resteasy.plugins.providers.jaxb.JAXBXmlSeeAlsoProvider is already registered. 2nd registration is being ignored. 2021-09-21 14:36:25,724 WARN [main] [org.jboss.resteasy.spi.ResteasyProviderFactory] (ResteasyProviderFactory.java:1675) - RESTEASY002155: Provider class org.jboss.resteasy.plugins.providers.jackson.PatchMethodFilter is already registered. 2nd registration is being ignored. 2021-09-21 14:36:25,819 WARN [main] [org.jboss.resteasy.spi.ResteasyProviderFactory] (ResteasyProviderFactory.java:1675) - RESTEASY002155: Provider class org.jboss.resteasy.plugins.providers.jaxb.XmlJAXBContextFinder is already registered. 2nd registration is being ignored. 2021-09-21 14:36:25,819 WARN [main] [org.jboss.resteasy.spi.ResteasyProviderFactory] (ResteasyProviderFactory.java:1675) - RESTEASY002155: Provider class org.jboss.resteasy.plugins.providers.jaxb.JAXBXmlRootElementProvider is already registered. 2nd registration is being ignored. 2021-09-21 14:36:25,824 WARN [main] [org.jboss.resteasy.spi.ResteasyProviderFactory] (ResteasyProviderFactory.java:1675) - RESTEASY002155: Provider class org.jboss.resteasy.plugins.providers.FormUrlEncodedProvider is already registered. 2nd registration is being ignored. 2021-09-21 14:36:25,824 WARN [main] [org.jboss.resteasy.spi.ResteasyProviderFactory] (ResteasyProviderFactory.java:1675) - RESTEASY002155: Provider class org.jboss.resteasy.plugins.providers.InputStreamProvider is already registered. 2nd registration is being ignored. 2021-09-21 14:36:25,824 WARN [main] [org.jboss.resteasy.spi.ResteasyProviderFactory] (ResteasyProviderFactory.java:1675) - RESTEASY002155: Provider class org.jboss.resteasy.plugins.interceptors.encoding.MessageSanitizerContainerResponseFilter is already registered. 2nd registration is being ignored. 2021-09-21 14:36:25,825 WARN [main] [org.jboss.resteasy.spi.ResteasyProviderFactory] (ResteasyProviderFactory.java:1675) - RESTEASY002155: Provider class org.jboss.resteasy.plugins.providers.jaxb.MapProvider is already registered. 2nd registration is being ignored. 2021-09-21 14:36:25,825 WARN [main] [org.jboss.resteasy.spi.ResteasyProviderFactory] (ResteasyProviderFactory.java:1675) - RESTEASY002155: Provider class org.jboss.resteasy.plugins.providers.FileProvider is already registered. 2nd registration is being ignored. 2021-09-21 14:36:25,825 WARN [main] [org.jboss.resteasy.spi.ResteasyProviderFactory] (ResteasyProviderFactory.java:1675) - RESTEASY002155: Provider class org.jboss.resteasy.plugins.providers.SourceProvider is already registered. 2nd registration is being ignored. 2021-09-21 14:36:25,825 WARN [main] [org.jboss.resteasy.spi.ResteasyProviderFactory] (ResteasyProviderFactory.java:1675) - RESTEASY002155: Provider class org.jboss.resteasy.plugins.providers.jackson.UnrecognizedPropertyExceptionHandler is already registered. 2nd registration is being ignored. 2021-09-21 14:36:25,826 WARN [main] [org.jboss.resteasy.spi.ResteasyProviderFactory] (ResteasyProviderFactory.java:1675) - RESTEASY002155: Provider class org.jboss.resteasy.plugins.providers.DataSourceProvider is already registered. 2nd registration is being ignored. 2021-09-21 14:36:25,917 WARN [main] [org.jboss.resteasy.spi.ResteasyProviderFactory] (ResteasyProviderFactory.java:1675) - RESTEASY002155: Provider class org.jboss.resteasy.plugins.providers.jaxb.JAXBXmlTypeProvider is already registered. 2nd registration is being ignored. 2021-09-21 14:36:26,021 WARN [main] [org.jboss.resteasy.spi.ResteasyProviderFactory] (ResteasyProviderFactory.java:1675) - RESTEASY002155: Provider class org.jboss.resteasy.plugins.providers.DefaultNumberWriter is already registered. 2nd registration is being ignored. 2021-09-21 14:36:26,023 WARN [main] [org.jboss.resteasy.spi.ResteasyProviderFactory] (ResteasyProviderFactory.java:1675) - RESTEASY002155: Provider class org.jboss.resteasy.plugins.providers.sse.SseEventSinkInterceptor is already registered. 2nd registration is being ignored. 2021-09-21 14:36:26,023 WARN [main] [org.jboss.resteasy.spi.ResteasyProviderFactory] (ResteasyProviderFactory.java:1675) - RESTEASY002155: Provider class org.jboss.resteasy.plugins.providers.jaxb.CollectionProvider is already registered. 2nd registration is being ignored. 2021-09-21 14:37:28,022 INFO [qtp1818402158-9] [org.gluu.oxauth.service.ApplicationFactory] (ApplicationFactory.java:82) - Cache configuration: CacheConfiguration{cacheProviderType=NATIVE_PERSISTENCE, memcachedConfiguration=MemcachedConfiguration{servers='localhost:11211', maxOperationQueueLength=100000, bufferSize=32768, defaultPutExpiration=60, connectionFactoryType=DEFAULT}, redisConfiguration=RedisConfiguration{servers='localhost:6379', defaultPutExpiration=60, redisProviderType=STANDALONE, useSSL=false, sslTrustStoreFilePath=, sentinelMasterGroupName=, maxIdleConnections=10, maxTotalConnections=500, connectionTimeout=3000, soTimeout=3000, maxRetryAttempts=5}, inMemoryConfiguration=InMemoryConfiguration{defaultPutExpiration=60}, nativePersistenceConfiguration=NativePersistenceConfiguration [defaultPutExpiration=60, defaultCleanupBatchSize=10000, deleteExpiredOnGetRequest=false, baseDn=o=gluu]} 2021-09-21 14:37:28,622 INFO [Thread-33] [org.gluu.service.cache.NativePersistenceCacheProvider] (NativePersistenceCacheProvider.java:75) - Created NATIVE_PERSISTENCE cache provider. `baseDn`: ou=cache,o=gluu 2021-09-21 14:38:24,818 INFO [qtp1818402158-15] [org.gluu.oxauth.auth.Authenticator] (Authenticator.java:277) - Authentication success for Client: '1501.f92fd1fa-0325-45ae-91d6-9f2bd4b4f2ce' 2021-09-21 14:39:03,920 ERROR [qtp1818402158-16] [org.gluu.oxauth.model.crypto.OxAuthCryptoProvider] (OxAuthCryptoProvider.java:244) - Failed to find private key by kid: 9fbf6ae0-c1ab-444b-86d0-a0e862a33009_sig_rs256, signatureAlgorithm: RS256(check whether web keys JSON in persistence corresponds to keystore file.) 2021-09-21 14:39:03,921 ERROR [qtp1818402158-16] [org.gluu.oxauth.model.common.AuthorizationGrant] (AuthorizationGrant.java:266) - Failed to find private key by kid: 9fbf6ae0-c1ab-444b-86d0-a0e862a33009_sig_rs256, signatureAlgorithm: RS256(check whether web keys JSON in persistence corresponds to keystore file.) java.lang.RuntimeException: Failed to find private key by kid: 9fbf6ae0-c1ab-444b-86d0-a0e862a33009_sig_rs256, signatureAlgorithm: RS256(check whether web keys JSON in persistence corresponds to keystore file.) ``` When it is up again: ``` 2021-09-21 15:36:33,620 INFO [Thread-1101] [org.gluu.oxauth.service.KeyGeneratorTimer] (KeyGeneratorTimer.java:138) - Updated JWKS successfully 2021-09-21 15:36:56,928 INFO [Thread-1130] [org.gluu.oxauth.model.config.ConfigurationFactory] (ConfigurationFactory.java:386) - Loading configuration from 'ldap' DB... 2021-09-21 15:36:56,932 INFO [Thread-1130] [org.gluu.service.logger.LoggerService] (LoggerService.java:179) - External log configuration: 2021-09-21 15:36:56,933 INFO [Thread-1130] [org.gluu.service.logger.LoggerService] (LoggerService.java:122) - Setting loggers level to: 'INFO' 2021-09-21 15:36:58,015 INFO [qtp1818402158-13] [org.gluu.oxauth.auth.Authenticator] (Authenticator.java:277) - Authentication success for Client: '20f609b6-0b4e-42ee-a6f7-b5eb581199b2' ``` Thanks and best regards

By Mohammad Abudayyeh staff 23 Sep 2021 at 3:42 a.m. CDT

Mohammad Abudayyeh gravatar
Hey Alvaro, All cloud native require a support plan. Please book a meeting on https://gluu.org/booking if VIP support may be an option for your organization. hint: https://gluu.org/docs/gluu-server/4.2/admin-guide/certificate/ This ticket will be closed. Thanks, Mohammad