Key error using SCIM2 Client

By: Carl Buxbaum user 16 Sep 2016 at 8:23 a.m. CDT

3 Responses
Carl Buxbaum gravatar
Hi, I upgraded to 2.4.4, and modified my code accordingly. You now use a jks keystore, and although I am able to run my unit tests locally, when I move my war to our cloud server, I am getting this error fragment when I try to create a user using a REST service that I am hosting there: ``` [http-nio-8080-exec-5] DEBUG org.apache.http.wire - << " "rpt_signing_alg_values_supported" : true,[\n]" [http-nio-8080-exec-5] DEBUG org.apache.http.wire - << " "rpt_encryption_alg_values_supported" : true,[\n]" [http-nio-8080-exec-5] DEBUG org.apache.http.wire - << " "rpt_encryption_enc_values_supported" : true[\n]" [http-nio-8080-exec-5] DEBUG org.apache.http.wire - << "}" [http-nio-8080-exec-5] DEBUG org.apache.http.impl.conn.BasicClientConnectionManager - Releasing connection org.apache.http.impl.conn.ManagedClientConnectionImpl@719e3c37 [http-nio-8080-exec-5] DEBUG org.apache.http.impl.conn.BasicClientConnectionManager - Connection can be kept alive for 5000 MILLISECONDS [http-nio-8080-exec-5] ERROR org.xdi.oxauth.client.TokenRequest - can't recognise key type in ECDSA based signer java.security.InvalidKeyException: can't recognise key type in ECDSA based signer at org.bouncycastle.jce.provider.asymmetric.ec.Signature.engineInitSign(Unknown Source) at org.bouncycastle.jce.provider.DSABase.engineInitSign(Unknown Source) at java.security.Signature$Delegate.engineInitSign(Signature.java:1174) at java.security.Signature.initSign(Signature.java:527) at org.xdi.oxauth.model.crypto.OxAuthCryptoProvider.sign(OxAuthCryptoProvider.java:172) at org.xdi.oxauth.client.TokenRequest.getClientAssertion(TokenRequest.java:357) at org.xdi.oxauth.client.TokenClient.exec(TokenClient.java:295) at org.xdi.oxauth.client.uma.wrapper.UmaClient.request(UmaClient.java:173) at gluu.scim2.client.auth.UmaScim2ClientImpl.initUmaRpt(UmaScim2ClientImpl.java:171) at gluu.scim2.client.auth.UmaScim2ClientImpl.initUmaAuthentication(UmaScim2ClientImpl.java:99) at gluu.scim2.client.auth.UmaScim2ClientImpl.init(UmaScim2ClientImpl.java:82) at gluu.scim2.client.BaseScim2ClientImpl.searchUsers(BaseScim2ClientImpl.java:853) at gluu.scim2.client.auth.UmaScim2ClientImpl.searchUsers(UmaScim2ClientImpl.java:466) at gluu.scim2.client.Scim2Client.searchUsers(Scim2Client.java:275) at com.bamboorose.security.dao.SCIMUserDAO.retrievePersonByAttribute(SCIMUserDAO.java:254) ``` It comes down to this error: can't recognise key type in ECDSA based signer java.security.InvalidKeyException: can't recognise key type in ECDSA based signer Thanks, Carl
U1404
closed

Answers

By Carl Buxbaum user 16 Sep 2016 at 8:40 a.m. CDT

Copy
Carl Buxbaum gravatar
I resolved this by adding the bc provider to the jre, in java.security file and putting the bcp jar in lib/ext of the jre. Thanks!

By Valentino Pecaoco user 16 Sep 2016 at 9:53 a.m. CDT

Copy
Valentino Pecaoco gravatar
Interesting, thanks for the solution. Are you using Maven to import SCIM-Client? What JDK are you using in the server? Thanks.

By Carl Buxbaum user 16 Sep 2016 at 10:55 a.m. CDT

Copy
Carl Buxbaum gravatar
yes, using Maven. JDK is 1.8.0_101 on an AWS server I think the capability of the JVM is what is relevant here; your code must be using bouncy castle methods to sign JWTs and there does not seem to be native capability to decipher them in the JVM without adding the bcp provider to it.

Post an answer