OXD server error

By: Carlos Barbiero user 07 Aug 2018 at 1:38 p.m. CDT

3 Responses
Carlos Barbiero gravatar
Hey, I have an strange error with the OXD server on my ruby on Rails application. When I login into the gluu server and then get back to the callback url, the command: @oxd_command.get_tokens_by_code(params[:code], params[:state]) throws an exception (oxd server logs below) The app is cointainerized with docker and the oxd server is in the same container that the app. Is there any docker issues with oxd server? Thanks 2018-08-07 18:33:25,678 TRACE [org.xdi.oxd.server.service.HttpService] Created TRUST_ALL client. portal_1 | ------------------------------------------------------- portal_1 | REQUEST: portal_1 | ------------------------------------------------------- portal_1 | POST /oxauth/seam/resource/restv1/oxauth/token HTTP/1.1 portal_1 | Content-Type: application/x-www-form-urlencoded portal_1 | Host: idp.stamp51.com portal_1 | Authorization: Basic QCExQThFLjEyNDkuRjM2RS5GQjUxITAwMDEhMUY2Ni5BRENGITAwMDghOUExRC42QkU0LkQxNjcuNjcxNzoyZDEwMGY4ZC00ZmRmLTQxZTAtOTgzNy1kOWIzODM0OWYzYmI= portal_1 | portal_1 | grant_type=authorization_code&code=57582f10-c209-4da5-b33f-f0fbc2ef2973&redirect_uri=https%3A%2F%2Fswportal.stamp51.com%2Fcallbacks portal_1 | portal_1 | ------------------------------------------------------- portal_1 | RESPONSE: portal_1 | ------------------------------------------------------- portal_1 | HTTP/1.1 200 portal_1 | Date: Tue, 07 Aug 2018 18:33:25 GMT portal_1 | Server: Jetty(9.3.15.v20161220) portal_1 | Expires: Thu, 01 Jan 1970 00:00:00 GMT portal_1 | Transfer-Encoding: chunked portal_1 | Strict-Transport-Security: max-age=31536000; includeSubDomains portal_1 | Pragma: no-cache portal_1 | Access-Control-Allow-Origin: * portal_1 | Set-Cookie: JSESSIONID=1v39gooujhe3wvset54qk9vu5;Path=/oxauth;Secure;HttpOnly portal_1 | Keep-Alive: timeout=5, max=100 portal_1 | X-Xss-Protection: 1; mode=block portal_1 | X-Content-Type-Options: nosniff portal_1 | Content-Type: application/json portal_1 | Connection: Keep-Alive portal_1 | Cache-Control: no-store portal_1 | portal_1 | {"access_token":"c7d069e0-9519-4b03-9cbe-54aadbf56620","token_type":"bearer","expires_in":299,"refresh_token":"67016b1b-8d1f-4709-b587-cb3913356594","id_token":"eyJraWQiOiIzYmQ5NjE1Yy02 YTM3LTRiYWMtODY2Ni0yMzIzZjlmYmUxZGIiLCJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiJ9.eyJpc3MiOiJodHRwczovL2lkcC5zdGFtcDUxLmNvbSIsImF1ZCI6IkAhMUE4RS4xMjQ5LkYzNkUuRkI1MSEwMDAxITFGNjYuQURDRiEwMDA4ITlBMUQuNkJFNC5E MTY3LjY3MTciLCJleHAiOjE1MzM2NzA0MDUsImlhdCI6MTUzMzY2NjgwNSwibm9uY2UiOiI3aTZ0MmJtcTI3Mjk3cmE5NW43aHZoZ2l2cSIsImF1dGhfdGltZSI6MTUzMzY2NjgwNCwiYXRfaGFzaCI6InhvTjh1enpCLTFoV0pGd01SaTJXdWciLCJveFZhbGlkY XRpb25VUkkiOiJodHRwczovL2lkcC5zdGFtcDUxLmNvbS9veGF1dGgvc2VhbS9yZXNvdXJjZS9yZXN0djEvb3hhdXRoL3ZhbGlkYXRlIiwib3hPcGVuSURDb25uZWN0VmVyc2lvbiI6Im9wZW5pZGNvbm5lY3QtMS4wIiwic3ViIjoiMGtmY0ExWFhqSEdYcWFZX2 U2WHJBTnRwLTVUYW82SlRyRWNZZXVURU9XdyJ9.ddZEbCUPCww0I4BYM2dsoaqi04oVmFTjAVx_pJtq45uDLNhWcUh99mTrwKXHNzX6E8BfR8IwG91Ev5o7qNp7cQaT2Tg5alHWgIDOLqNB1dFIYAmdJ1NIi1wa0ASyNUV-Murj5ddLBOYgOKIlAlIPGdVcYaFwdj R0jY9zAxvOxgackYOsHSACVno-7s9RYEOsX2ObZBXJZp1HY8NMI1KFt3xi_GKo8p_PZsHoZ58gNXXGYtt8L4kSImzvKFsEEmPk6YGF2IPGOI8zNnuKfmEk453Js4kZkJn9eCcZ2g7TAErPidRsv-9i4MhQ9GkXvI73oGqcrJEE5RdOS1-1vyRVVg"} portal_1 | portal_1 | 2018-08-07 18:33:27,225 ERROR [org.xdi.oxauth.model.jws.AbstractJwsSigner] java.lang.SecurityException: JCE cannot authenticate the provider BC portal_1 | java.security.SignatureException: java.lang.SecurityException: JCE cannot authenticate the provider BC portal_1 | at org.xdi.oxauth.model.jws.RSASigner.validateSignature(RSASigner.java:166) portal_1 | at org.xdi.oxauth.model.jws.AbstractJwsSigner.validate(AbstractJwsSigner.java:54) portal_1 | at org.xdi.oxd.server.op.CheckIdTokenOperation.isValid(CheckIdTokenOperation.java:106) portal_1 | at org.xdi.oxd.server.op.GetTokensByCodeOperation.execute(GetTokensByCodeOperation.java:89) portal_1 | at org.xdi.oxd.server.op.GetTokensByCodeOperation.execute(GetTokensByCodeOperation.java:32) portal_1 | at org.xdi.oxd.server.Processor.process(Processor.java:80) portal_1 | at org.xdi.oxd.server.Processor.process(Processor.java:55) portal_1 | at org.xdi.oxd.server.SocketProcessor.run(SocketProcessor.java:60) portal_1 | at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149) portal_1 | at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624) portal_1 | at java.lang.Thread.run(Thread.java:748) portal_1 | Caused by: java.lang.SecurityException: JCE cannot authenticate the provider BC portal_1 | at javax.crypto.Cipher.getInstance(Cipher.java:656) portal_1 | at javax.crypto.Cipher.getInstance(Cipher.java:595) portal_1 | at org.xdi.oxauth.model.jws.RSASigner.validateSignature(RSASigner.java:136) portal_1 | ... 10 more portal_1 | Caused by: java.util.jar.JarException: file:/skyway/oxd-server/lib/oxd-server-jar-with-dependencies.jar has unsigned entries - Log4j-config.xsd portal_1 | at javax.crypto.JarVerifier.verifySingleJar(JarVerifier.java:502) portal_1 | at javax.crypto.JarVerifier.verifyJars(JarVerifier.java:363) portal_1 | at javax.crypto.JarVerifier.verify(JarVerifier.java:289) portal_1 | at javax.crypto.JceSecurity.verifyProviderJar(JceSecurity.java:164) portal_1 | at javax.crypto.JceSecurity.getVerificationResult(JceSecurity.java:190) portal_1 | at javax.crypto.Cipher.getInstance(Cipher.java:652) portal_1 | ... 12 more portal_1 | 2018-08-07 18:33:27,237 ERROR [org.xdi.oxd.server.op.CheckIdTokenOperation] ID Token signature is invalid. portal_1 | 2018-08-07 18:33:27,238 ERROR [org.xdi.oxd.server.op.GetTokensByCodeOperation] ID Token is not valid, token: eyJraWQiOiIzYmQ5NjE1Yy02YTM3LTRiYWMtODY2Ni0yMzIzZjlmYmUxZGIiLCJ0eXAiOiJKV1Qi LCJhbGciOiJSUzI1NiJ9.eyJpc3MiOiJodHRwczovL2lkcC5zdGFtcDUxLmNvbSIsImF1ZCI6IkAhMUE4RS4xMjQ5LkYzNkUuRkI1MSEwMDAxITFGNjYuQURDRiEwMDA4ITlBMUQuNkJFNC5EMTY3LjY3MTciLCJleHAiOjE1MzM2NzA0MDUsImlhdCI6MTUzMzY2 NjgwNSwibm9uY2UiOiI3aTZ0MmJtcTI3Mjk3cmE5NW43aHZoZ2l2cSIsImF1dGhfdGltZSI6MTUzMzY2NjgwNCwiYXRfaGFzaCI6InhvTjh1enpCLTFoV0pGd01SaTJXdWciLCJveFZhbGlkYXRpb25VUkkiOiJodHRwczovL2lkcC5zdGFtcDUxLmNvbS9veGF1d Ggvc2VhbS9yZXNvdXJjZS9yZXN0djEvb3hhdXRoL3ZhbGlkYXRlIiwib3hPcGVuSURDb25uZWN0VmVyc2lvbiI6Im9wZW5pZGNvbm5lY3QtMS4wIiwic3ViIjoiMGtmY0ExWFhqSEdYcWFZX2U2WHJBTnRwLTVUYW82SlRyRWNZZXVURU9XdyJ9.ddZEbCUPCww0I 4BYM2dsoaqi04oVmFTjAVx_pJtq45uDLNhWcUh99mTrwKXHNzX6E8BfR8IwG91Ev5o7qNp7cQaT2Tg5alHWgIDOLqNB1dFIYAmdJ1NIi1wa0ASyNUV-Murj5ddLBOYgOKIlAlIPGdVcYaFwdjR0jY9zAxvOxgackYOsHSACVno-7s9RYEOsX2ObZBXJZp1HY8NMI1 KFt3xi_GKo8p_PZsHoZ58gNXXGYtt8L4kSImzvKFsEEmPk6YGF2IPGOI8zNnuKfmEk453Js4kZkJn9eCcZ2g7TAErPidRsv-9i4MhQ9GkXvI73oGqcrJEE5RdOS1-1vyRVVg
Ubuntu 16.04
closed

Answers

By Yuriy Zabrovarnyy staff 07 Aug 2018 at 5:08 p.m. CDT

Copy
Yuriy Zabrovarnyy gravatar
We do not officially dockerized oxd 3.0.2 but you should be able to get it working since oxd-server is simple applicaiton. It seems oxd-server inside container fails to register bouncy castle security provider and as result during id_token validation fails with `JCE cannot authenticate the provider BC`. Please make sure bouncy castle jar is present directly in classpath. See our sh script `https://github.com/GluuFederation/oxd/blob/version_3.0.2/oxd-server/src/main/bin/oxd-start.sh` Note direct jar which is signed to be included correctly by `java.security.Security` ``` $javaExe -Doxd.server.config=$CONF -cp $LIB/bcprov-jdk15on-1.54.jar:$LIB/oxd-server-jar-with-dependencies.jar org.xdi.oxd.server.ServerLauncher ``` Thanks, Yuriy Z

By Carlos Barbiero user 07 Aug 2018 at 5:40 p.m. CDT

Copy
Carlos Barbiero gravatar
Thanks Yuriy, I'll take a look and I'll keep this ticket updated.

By Carlos Barbiero user 08 Aug 2018 at 5:58 p.m. CDT

Copy
Carlos Barbiero gravatar
Problem was the JDK. Didnt work with oracle JDK 8. I installed openjdk-8 and worked

Post an answer