By: Pallavi Pipalwa user 06 Mar 2021 at 7:53 a.m. CST

1 Response
Pallavi Pipalwa gravatar
We have a business requirement and we've setup two Gluu installations(for failovers). One installed normally([ubuntu installation](https://gluu.org/docs/gluu-server/4.2/installation-guide/install-ubuntu/)) and other[ docker installation](https://gluu.org/docs/gluu-server/4.2/installation-guide/install-docker/) We've configured opendj replication between them successfully following the [Clustering guide](https://gluu.org/docs/gluu-server/4.2/installation-guide/cluster/). So far dn o=gluu has been replicated between two installtions. The source gluu instance(docker installation) is fine and I can login to the default admin account. But the destination gluu instace(ubuntu installation) doesn't work. The login to default admin account fails. The logs are as below:- `==> /opt/gluu/jetty/identity/logs/2021_03_06.jetty.log <== 2021-03-06 13:35:03,392 ERROR [qtp222511810-19] [org.gluu.oxtrust.action.Authenticator] (Authenticator.java:284) - Failed to decrypt client password org.gluu.util.security.StringEncrypter$EncryptionException: javax.crypto.BadPaddingException: Given final block not properly padded. Such issues can arise if a bad key is used during decryption. at org.gluu.util.security.StringEncrypter.decrypt(StringEncrypter.java:219) ~[oxcore-util-4.2.3.Final.jar:?] at org.gluu.util.security.StringEncrypter.decrypt(StringEncrypter.java:238) ~[oxcore-util-4.2.3.Final.jar:?] at org.gluu.util.security.StringEncrypter.decrypt(StringEncrypter.java:232) ~[oxcore-util-4.2.3.Final.jar:?] at org.gluu.util.security.StringEncrypter$Proxy$_$$_WeldClientProxy.decrypt(Unknown Source) ~[oxcore-util-4.2.3.Final.jar:?] at org.gluu.oxtrust.service.EncryptionService.decrypt(EncryptionService.java:37) ~[oxtrust-service-4.2.3.Final.jar:?] at org.gluu.oxtrust.service.EncryptionService$Proxy$_$$_WeldClientProxy.decrypt(Unknown Source) ~[oxtrust-service-4.2.3.Final.jar:?] at org.gluu.oxtrust.action.Authenticator.oAuthGetAccessToken(Authenticator.java:282) ~[classes/:?] at jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method) ~[?:?] at jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) ~[?:?] at jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) ~[?:?] at java.lang.reflect.Method.invoke(Method.java:566) ~[?:?] at org.apache.el.parser.AstValue.invoke(AstValue.java:247) ~[org.mortbay.jasper.apache-el-8.5.54.jar:8.5.54] at org.apache.el.MethodExpressionImpl.invoke(MethodExpressionImpl.java:267) ~[org.mortbay.jasper.apache-el-8.5.54.jar:8.5.54] at org.jboss.weld.module.web.util.el.ForwardingMethodExpression.invoke(ForwardingMethodExpression.java:40) ~[weld-web-3.1.4.Final.jar:3.1.4.Final] at org.jboss.weld.module.web.el.WeldMethodExpression.invoke(WeldMethodExpression.java:50) ~[weld-web-3.1.4.Final.jar:3.1.4.Final] at com.sun.faces.facelets.el.TagMethodExpression.invoke(TagMethodExpression.java:65) ~[jakarta.faces-2.3.14.jar:2.3.14] at com.sun.faces.application.MethodBindingMethodExpressionAdapter.invoke(MethodBindingMethodExpressionAdapter.java:66) ~[jakarta.faces-2.3.14.jar:2.3.14] at com.sun.faces.application.ActionListenerImpl.getNavigationOutcome(ActionListenerImpl.java:82) ~[jakarta.faces-2.3.14.jar:2.3.14] at com.sun.faces.application.ActionListenerImpl.processAction(ActionListenerImpl.java:71) ~[jakarta.faces-2.3.14.jar:2.3.14] at javax.faces.component.UIViewAction.broadcast(UIViewAction.java:548) ~[jakarta.faces-2.3.14.jar:2.3.14] at javax.faces.component.UIViewRoot.broadcastEvents(UIViewRoot.java:847) ~[jakarta.faces-2.3.14.jar:2.3.14] at javax.faces.component.UIViewRoot.processApplication(UIViewRoot.java:1396) ~[jakarta.faces-2.3.14.jar:2.3.14] at com.sun.faces.lifecycle.InvokeApplicationPhase.execute(InvokeApplicationPhase.java:58) ~[jakarta.faces-2.3.14.jar:2.3.14] at com.sun.faces.lifecycle.Phase.doPhase(Phase.java:76) ~[jakarta.faces-2.3.14.jar:2.3.14] at com.sun.faces.lifecycle.LifecycleImpl.execute(LifecycleImpl.java:177) ~[jakarta.faces-2.3.14.jar:2.3.14] at javax.faces.webapp.FacesServlet.executeLifecyle(FacesServlet.java:707) ~[jakarta.faces-2.3.14.jar:2.3.14] at javax.faces.webapp.FacesServlet.service(FacesServlet.java:451) ~[jakarta.faces-2.3.14.jar:2.3.14] at org.eclipse.jetty.servlet.ServletHolder$NotAsync.service(ServletHolder.java:1443) ~[jetty-servlet-9.4.35.v20201120.jar:9.4.35.v20201120] at org.eclipse.jetty.servlet.ServletHolder.handle(ServletHolder.java:791) ~[jetty-servlet-9.4.35.v20201120.jar:9.4.35.v20201120] at org.eclipse.jetty.servlet.ServletHandler$ChainEnd.doFilter(ServletHandler.java:1626) ~[jetty-servlet-9.4.35.v20201120.jar:9.4.35.v20201120] at org.eclipse.jetty.websocket.server.WebSocketUpgradeFilter.doFilter(WebSocketUpgradeFilter.java:228) ~[websocket-server-9.4.35.v20201120.jar:9.4.35.v20201120] at org.eclipse.jetty.servlet.FilterHolder.doFilter(FilterHolder.java:193) ~[jetty-servlet-9.4.35.v20201120.jar:9.4.35.v20201120] at org.eclipse.jetty.servlet.ServletHandler$Chain.doFilter(ServletHandler.java:1601) ~[jetty-servlet-9.4.35.v20201120.jar:9.4.35.v20201120] at org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:548) ~[jetty-servlet-9.4.35.v20201120.jar:9.4.35.v20201120] at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:143) ~[jetty-server-9.4.35.v20201120.jar:9.4.35.v20201120] at org.eclipse.jetty.security.SecurityHandler.handle(SecurityHandler.java:602) ~[jetty-security-9.4.35.v20201120.jar:9.4.35.v20201120] at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:127) ~[jetty-server-9.4.35.v20201120.jar:9.4.35.v20201120] at org.eclipse.jetty.server.handler.ScopedHandler.nextHandle(ScopedHandler.java:235) ~[jetty-server-9.4.35.v20201120.jar:9.4.35.v20201120] at org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:1624) ~[jetty-server-9.4.35.v20201120.jar:9.4.35.v20201120] at org.eclipse.jetty.server.handler.ScopedHandler.nextHandle(ScopedHandler.java:233) ~[jetty-server-9.4.35.v20201120.jar:9.4.35.v20201120] at org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1435) ~[jetty-server-9.4.35.v20201120.jar:9.4.35.v20201120] at org.eclipse.jetty.server.handler.ScopedHandler.nextScope(ScopedHandler.java:188) ~[jetty-server-9.4.35.v20201120.jar:9.4.35.v20201120] at org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:501) ~[jetty-servlet-9.4.35.v20201120.jar:9.4.35.v20201120] at org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:1594) ~[jetty-server-9.4.35.v20201120.jar:9.4.35.v20201120] at org.eclipse.jetty.server.handler.ScopedHandler.nextScope(ScopedHandler.java:186) ~[jetty-server-9.4.35.v20201120.jar:9.4.35.v20201120] at org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1350) ~[jetty-server-9.4.35.v20201120.jar:9.4.35.v20201120] at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:141) ~[jetty-server-9.4.35.v20201120.jar:9.4.35.v20201120] at org.eclipse.jetty.server.handler.ContextHandlerCollection.handle(ContextHandlerCollection.java:234) ~[jetty-server-9.4.35.v20201120.jar:9.4.35.v20201120] at org.eclipse.jetty.server.handler.HandlerCollection.handle(HandlerCollection.java:146) ~[jetty-server-9.4.35.v20201120.jar:9.4.35.v20201120] at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:127) ~[jetty-server-9.4.35.v20201120.jar:9.4.35.v20201120] at org.eclipse.jetty.server.Server.handle(Server.java:516) ~[jetty-server-9.4.35.v20201120.jar:9.4.35.v20201120] at org.eclipse.jetty.server.HttpChannel.lambda$handle$1(HttpChannel.java:388) ~[jetty-server-9.4.35.v20201120.jar:9.4.35.v20201120] at org.eclipse.jetty.server.HttpChannel.dispatch(HttpChannel.java:633) ~[jetty-server-9.4.35.v20201120.jar:9.4.35.v20201120] at org.eclipse.jetty.server.HttpChannel.handle(HttpChannel.java:380) ~[jetty-server-9.4.35.v20201120.jar:9.4.35.v20201120] at org.eclipse.jetty.server.HttpConnection.onFillable(HttpConnection.java:273) ~[jetty-server-9.4.35.v20201120.jar:9.4.35.v20201120] at org.eclipse.jetty.io.AbstractConnection$ReadCallback.succeeded(AbstractConnection.java:311) ~[jetty-io-9.4.35.v20201120.jar:9.4.35.v20201120] at org.eclipse.jetty.io.FillInterest.fillable(FillInterest.java:105) ~[jetty-io-9.4.35.v20201120.jar:9.4.35.v20201120] at org.eclipse.jetty.io.ChannelEndPoint$1.run(ChannelEndPoint.java:104) ~[jetty-io-9.4.35.v20201120.jar:9.4.35.v20201120] at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.runTask(EatWhatYouKill.java:336) ~[jetty-util-9.4.35.v20201120.jar:9.4.35.v20201120] at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.doProduce(EatWhatYouKill.java:313) ~[jetty-util-9.4.35.v20201120.jar:9.4.35.v20201120] at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.tryProduce(EatWhatYouKill.java:171) ~[jetty-util-9.4.35.v20201120.jar:9.4.35.v20201120] at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.produce(EatWhatYouKill.java:135) ~[jetty-util-9.4.35.v20201120.jar:9.4.35.v20201120] at org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:773) [jetty-util-9.4.35.v20201120.jar:9.4.35.v20201120] at org.eclipse.jetty.util.thread.QueuedThreadPool$Runner.run(QueuedThreadPool.java:905) [jetty-util-9.4.35.v20201120.jar:9.4.35.v20201120] at java.lang.Thread.run(Thread.java:834) [?:?] Caused by: javax.crypto.BadPaddingException: Given final block not properly padded. Such issues can arise if a bad key is used during decryption. at com.sun.crypto.provider.CipherCore.unpad(CipherCore.java:975) ~[?:?] at com.sun.crypto.provider.CipherCore.fillOutputBuffer(CipherCore.java:1056) ~[?:?] at com.sun.crypto.provider.CipherCore.doFinal(CipherCore.java:853) ~[?:?] at com.sun.crypto.provider.DESedeCipher.engineDoFinal(DESedeCipher.java:294) ~[?:?] at javax.crypto.Cipher.doFinal(Cipher.java:2202) ~[?:?] at org.gluu.util.security.StringEncrypter.decrypt(StringEncrypter.java:211) ~[oxcore-util-4.2.3.Final.jar:?] ... 64 more ==> /opt/gluu/jetty/identity/logs/oxtrust.log <== 2021-03-06 13:35:03,438 ERROR [qtp222511810-19] [org.gluu.oxtrust.action.Authenticator] (Authenticator.java:316) - Failed to get id_token ==> /opt/gluu/jetty/identity/logs/2021_03_06.jetty.log <== 2021-03-06 13:35:03,438 ERROR [qtp222511810-19] [org.gluu.oxtrust.action.Authenticator] (Authenticator.java:316) - Failed to get id_token ` The error on the GUI says: Login failed, oxTrust wasn't allowed to access user data I have tried the additional steps in Clustering guide like Copying the keystore.pin, truststore Transfer Certificates but it didn't work and created additional issues. Also I couldn't find the keystore file in /opt/opendj/config in the opendj docker container. What am I missing here? Any help would be really appreciated

By Michael Schwartz staff 07 Mar 2021 at 10:32 p.m. CST

Michael Schwartz gravatar
Not supported in community forums. If you want support on HA, you can get a VIP support subscription and use either VM's and Cluster Manager, or containers and Kubernetes.