OpenID Connect - Error private key

By: Julien Bastin user 22 May 2020 at 4:11 a.m. CDT

5 Responses
Julien Bastin gravatar
Morning, everyone, I have configured my Gluu server to allow an application to authenticate via the Gluu server, for this I used the mod_auth_openid module. It works fine at first, but then I get the error `OpenID Connect Provider error: Error in handling response type` And so when I look in the logs (/opt/gluu/jetty/oxauth/logs/oxauth.log), I see these lines: ``` 2020-05-22 08:57:41,968 INFO [qtp105704967-12] [org.gluu.oxauth.auth.Authenticator] (Authenticator.java:426) - Authentication success for User: 'xxx' 2020-05-22 08:57:42,658 INFO [qtp105704967-12] [org.gluu.oxauth.auth.Authenticator] (Authenticator.java:276) - Authentication success for Client: 'xxx' 2020-05-22 08:57:42,666 ERROR [qtp105704967-12] [org.gluu.oxauth.model.crypto.OxAuthCryptoProvider] (OxAuthCryptoProvider.java:229) - Failed to find private key by kid: xxx_sig_rs512, signatureAlgorithm: RS512(check whether web keys JSON in persistence corresponds to keystore file.) 2020-05-22 08:57:42,666 ERROR [qtp105704967-12] [org.gluu.oxauth.model.common.AuthorizationGrant] (AuthorizationGrant.java:266) - Failed to find private key by kid: xxx_sig_rs512, signatureAlgorithm: RS512(check whether web keys JSON in persistence corresponds to keystore file.) java.lang.RuntimeException: Failed to find private key by kid: xxx_sig_rs512, signatureAlgorithm: RS512(check whether web keys JSON in persistence corresponds to keystore file.) ``` When I go online I find this tutorial: https://gluu.org/docs/gluu-server/4.0/operation/replace-expired-jks-scim/ I do it, but a few days later it happens again. Thank you in advance.
Gluu 4.0 Ubuntu 18.04
closed

Answers

By Michael Schwartz Account Admin 22 May 2020 at 10:58 a.m. CDT

Copy
Michael Schwartz gravatar
Maybe you should disable key rotation. In Configuration / JSON Configuration... in the oxAuth tab, look for the property `keyRegenerationEnabled` and set it to `false`.

By Mohib Zico staff 22 May 2020 at 10:59 a.m. CDT

Copy
Mohib Zico gravatar
Interesting. Key rotation should does it's job automatically and that shouldn't hamper SSO operation. Can you please try with Gluu Server 4.1? See how things go?

By Aliaksandr Samuseu staff 22 May 2020 at 1:55 p.m. CDT

Copy
Aliaksandr Samuseu gravatar
Hi, Julien. Yes, as Zico said, you should try the latest package (4.1 as of now). Ideally, it should be 4.1.1 - but it's not released yet (should be soon). For now, you could install 4.1, then fetch the 4.1.1 oxAuth WAR from [here](https://ox.gluu.org/maven/org/gluu/oxauth-server/4.1.1.Final/oxauth-server-4.1.1.Final.war). To deploy it, stop "oxauth" service inside container, then back up original file located at `/opt/gluu/jetty/oxauth/webapps/oxauth.war`, overwrite it with the one you've downloaded, and start the service again.

By Julien Bastin user 22 May 2020 at 2:02 p.m. CDT

Copy
Julien Bastin gravatar
Hello, Thank you for your reply. I will try this solution and I will let you know within 3-4 days if it works. Thank you very much.

By Julien Bastin user 05 Jun 2020 at 7:28 a.m. CDT

Copy
Julien Bastin gravatar
Hello, So for now it's working. I had disable the key rotation. I'll try in 2-3 weeks to update to 4.1. Thank you.

Post an answer