Hi, Ideally this should be fixed in kernel as we mentioned above. But we have fixed this and released carbon-identity 5.0.7
@Product teams, Please update your carbon-identity version to 5.0.7 Thanks, Maduranga. On Mon, Dec 21, 2015 at 11:58 AM, Sanjeewa Malalgoda <sanje...@wso2.com> wrote: > > > On Mon, Dec 21, 2015 at 11:48 AM, Maduranga Siriwardena < > madura...@wso2.com> wrote: > >> Hi Sanjeewa, >> >> We tried to reproduce the issue with IS 5.1.0 RC1 and we couldn't >> reproduce. >> >> Further we investigated and observed that the problem seems to be in >> KeyStoreManager in kernel [1]. In KeyStoreManager, primaryKeyStore is >> initialized from getPrimaryKeyStore() [2]. For IS getPrimaryKeyStore() is >> called from one of our components [3] and so primaryKeyStore is getting >> initialized. But for APIM this is not happening. As a workaround you can do >> the same from one of your components. >> >> [1] >> https://github.com/wso2/carbon-kernel/blob/v4.4.3/core/org.wso2.carbon.core/src/main/java/org/wso2/carbon/core/util/KeyStoreManager.java >> [2] >> https://github.com/wso2/carbon-kernel/blob/v4.4.3/core/org.wso2.carbon.core/src/main/java/org/wso2/carbon/core/util/KeyStoreManager.java#L328 >> [3] >> https://github.com/wso2/carbon-identity/blob/v5.0.5/components/sts/org.wso2.carbon.sts/src/main/java/org/wso2/carbon/sts/STSDeploymentInterceptor.java#L157 >> > > If this key store initializing is required for OAuth endpoint and OAuth > service why don't we initialize from oauth components? > As i understood this issue is not happening in IS because some other > component initialize this instead of OAuth endpoint or service. > Let say we fixed it in our components(APIM), but still if someone > installed OAuth features into kernal or any other server they still see > same issue. > So i think its better to add this to OAuth component itself. > >> >> Thanks, >> Maduranga. >> >> On Mon, Dec 21, 2015 at 10:03 AM, Sanjeewa Malalgoda <sanje...@wso2.com> >> wrote: >> >>> Hi Team, >>> While requesting access tokens with openid scope(see curl request[1]) >>> i'm getting following error[2]. >>> I tested this with carbon-identity 5.0.5 based AM build and i don't >>> think 5.0.6 do not have changes related to this use case. >>> I tested this with another white listed scopes to confirm this happen >>> due to white listed scopes or specific to openId. >>> We were able to get access tokens for normal white listed scopes but not >>> for openid scope. >>> Generate access tokens with openid scope is very common use case for all >>> API manager clients. >>> Did i missed anything here or we need to fix it (since this is NPE i >>> think we should fix this)? >>> >>> [1]curl -k -d >>> "grant_type=password&username=admin&password=admin&scope=openid" -H >>> "Authorization: Basic >>> VUFmMWFmZ3VCTzFaVE5QY0k2d2ZYbXNIQ1hVYTpUWURlT01nQjc3ME5DQ3RraTBZR3BNUVdQT2Nh" >>> https://10.100.1.65:8243/token >>> >>> [2][2015-12-21 09:46:53,812] ERROR - OAuth2Service Error occurred while >>> issuing the access token for Client ID : UAf1afguBO1ZTNPcI6wfXmsHCXUa, User >>> ID admin, Scope : [openid] and Grant Type : password >>> org.wso2.carbon.identity.oauth2.IdentityOAuth2Exception: Error while >>> obtaining private key for super tenant >>> at >>> org.wso2.carbon.identity.openidconnect.DefaultIDTokenBuilder.signJWTWithRSA(DefaultIDTokenBuilder.java:351) >>> at >>> org.wso2.carbon.identity.openidconnect.DefaultIDTokenBuilder.signJWT(DefaultIDTokenBuilder.java:514) >>> at >>> org.wso2.carbon.identity.openidconnect.DefaultIDTokenBuilder.buildIDToken(DefaultIDTokenBuilder.java:237) >>> at >>> org.wso2.carbon.identity.oauth2.token.AccessTokenIssuer.issue(AccessTokenIssuer.java:224) >>> at >>> org.wso2.carbon.identity.oauth2.OAuth2Service.issueAccessToken(OAuth2Service.java:196) >>> at >>> org.wso2.carbon.identity.oauth.endpoint.token.OAuth2TokenEndpoint.getAccessToken(OAuth2TokenEndpoint.java:245) >>> at >>> org.wso2.carbon.identity.oauth.endpoint.token.OAuth2TokenEndpoint.issueAccessToken(OAuth2TokenEndpoint.java:111) >>> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) >>> at >>> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57) >>> at >>> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) >>> at java.lang.reflect.Method.invoke(Method.java:606) >>> at >>> org.apache.cxf.service.invoker.AbstractInvoker.performInvocation(AbstractInvoker.java:188) >>> at >>> org.apache.cxf.service.invoker.AbstractInvoker.invoke(AbstractInvoker.java:104) >>> at org.apache.cxf.jaxrs.JAXRSInvoker.invoke(JAXRSInvoker.java:204) >>> at org.apache.cxf.jaxrs.JAXRSInvoker.invoke(JAXRSInvoker.java:101) >>> at >>> org.apache.cxf.interceptor.ServiceInvokerInterceptor$1.run(ServiceInvokerInterceptor.java:58) >>> at >>> org.apache.cxf.interceptor.ServiceInvokerInterceptor.handleMessage(ServiceInvokerInterceptor.java:94) >>> at >>> org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:272) >>> at >>> org.apache.cxf.transport.ChainInitiationObserver.onMessage(ChainInitiationObserver.java:121) >>> at >>> org.apache.cxf.transport.http.AbstractHTTPDestination.invoke(AbstractHTTPDestination.java:249) >>> at >>> org.apache.cxf.transport.servlet.ServletController.invokeDestination(ServletController.java:248) >>> at >>> org.apache.cxf.transport.servlet.ServletController.invoke(ServletController.java:222) >>> at >>> org.apache.cxf.transport.servlet.ServletController.invoke(ServletController.java:153) >>> at >>> org.apache.cxf.transport.servlet.CXFNonSpringServlet.invoke(CXFNonSpringServlet.java:171) >>> at >>> org.apache.cxf.transport.servlet.AbstractHTTPServlet.handleRequest(AbstractHTTPServlet.java:289) >>> at >>> org.apache.cxf.transport.servlet.AbstractHTTPServlet.doPost(AbstractHTTPServlet.java:209) >>> at javax.servlet.http.HttpServlet.service(HttpServlet.java:646) >>> at >>> org.apache.cxf.transport.servlet.AbstractHTTPServlet.service(AbstractHTTPServlet.java:265) >>> at >>> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:303) >>> at >>> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208) >>> at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52) >>> at >>> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241) >>> at >>> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208) >>> at >>> org.wso2.carbon.ui.filters.CSRFPreventionFilter.doFilter(CSRFPreventionFilter.java:88) >>> at >>> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241) >>> at >>> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208) >>> at >>> org.wso2.carbon.ui.filters.CRLFPreventionFilter.doFilter(CRLFPreventionFilter.java:59) >>> at >>> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241) >>> at >>> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208) >>> at >>> org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:220) >>> at >>> org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:122) >>> at >>> org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:504) >>> at >>> org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:170) >>> at >>> org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:103) >>> at >>> org.wso2.carbon.tomcat.ext.valves.CompositeValve.continueInvocation(CompositeValve.java:99) >>> at >>> org.wso2.carbon.tomcat.ext.valves.CarbonTomcatValve$1.invoke(CarbonTomcatValve.java:47) >>> at >>> org.wso2.carbon.webapp.mgt.TenantLazyLoaderValve.invoke(TenantLazyLoaderValve.java:57) >>> at >>> org.wso2.carbon.tomcat.ext.valves.TomcatValveContainer.invokeValves(TomcatValveContainer.java:47) >>> at >>> org.wso2.carbon.tomcat.ext.valves.CompositeValve.invoke(CompositeValve.java:62) >>> at >>> org.wso2.carbon.tomcat.ext.valves.CarbonStuckThreadDetectionValve.invoke(CarbonStuckThreadDetectionValve.java:159) >>> at >>> org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:950) >>> at >>> org.wso2.carbon.tomcat.ext.valves.CarbonContextCreatorValve.invoke(CarbonContextCreatorValve.java:57) >>> at >>> org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:116) >>> at >>> org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:421) >>> at >>> org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1074) >>> at >>> org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:611) >>> at >>> org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1739) >>> at >>> org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.run(NioEndpoint.java:1698) >>> at >>> java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145) >>> at >>> java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615) >>> at >>> org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61) >>> at java.lang.Thread.run(Thread.java:745) >>> Caused by: java.lang.NullPointerException >>> at >>> org.wso2.carbon.core.util.KeyStoreManager.getDefaultPrivateKey(KeyStoreManager.java:395) >>> at >>> org.wso2.carbon.identity.openidconnect.DefaultIDTokenBuilder.signJWTWithRSA(DefaultIDTokenBuilder.java:349) >>> ... 61 more >>> >>> Thanks, >>> sanjeewa. >>> -- >>> >>> *Sanjeewa Malalgoda* >>> WSO2 Inc. >>> Mobile : +94713068779 >>> >>> <http://sanjeewamalalgoda.blogspot.com/>blog >>> :http://sanjeewamalalgoda.blogspot.com/ >>> <http://sanjeewamalalgoda.blogspot.com/> >>> >>> >>> >>> _______________________________________________ >>> Dev mailing list >>> Dev@wso2.org >>> http://wso2.org/cgi-bin/mailman/listinfo/dev >>> >>> >> >> >> -- >> Maduranga Siriwardena >> Software Engineer >> WSO2 Inc. >> >> email: madura...@wso2.com >> mobile: +94718990591 >> > > > > -- > > *Sanjeewa Malalgoda* > WSO2 Inc. > Mobile : +94713068779 > > <http://sanjeewamalalgoda.blogspot.com/>blog > :http://sanjeewamalalgoda.blogspot.com/ > <http://sanjeewamalalgoda.blogspot.com/> > > > -- Maduranga Siriwardena Software Engineer WSO2 Inc. email: madura...@wso2.com mobile: +94718990591
_______________________________________________ Dev mailing list Dev@wso2.org http://wso2.org/cgi-bin/mailman/listinfo/dev