I am using the WSO2 Identity Server 5.10.0 and I am trying to implement WSO2IS with an external ADFS Server.
I have followed https://docs.wso2.com/display/IS570/Configuring+AD+FS+as+a+Federated+Authenticator example and configure my ADFS as Identity Provider from the WSO2 Admin Console.
The server is able to redirect to the ADFS login page but when the ADFS sends a callback to the WSO2IS it is throwing NullPointerException.
The complete Stack trace is as follows:
[2020-04-02 17:49:56,407] [3a9f62a7-17f1-4944-b561-e36a7b21736d] ERROR {org.wso2.carbon.identity.application.authentication.framework.handler.request.impl.DefaultRequestCoordinator} - Exception in Authentication Framework java.lang.NullPointerException
at org.wso2.carbon.identity.application.authentication.framework.AbstractApplicationAuthenticator.publishAuthenticationStepAttempt(AbstractApplicationAuthenticator.java:170)
at org.wso2.carbon.identity.application.authentication.framework.AbstractApplicationAuthenticator.process(AbstractApplicationAuthenticator.java:94)
at org.wso2.carbon.identity.application.authentication.framework.handler.step.impl.DefaultStepHandler.doAuthentication(DefaultStepHandler.java:506)
at org.wso2.carbon.identity.application.authentication.framework.handler.step.impl.DefaultStepHandler.handleResponse(DefaultStepHandler.java:480)
at org.wso2.carbon.identity.application.authentication.framework.handler.step.impl.DefaultStepHandler.handle(DefaultStepHandler.java:179)
at org.wso2.carbon.identity.application.authentication.framework.handler.sequence.impl.DefaultStepBasedSequenceHandler.handle(DefaultStepBasedSequenceHandler.java:185)
at org.wso2.carbon.identity.application.authentication.framework.handler.sequence.impl.GraphBasedSequenceHandler.handle(GraphBasedSequenceHandler.java:111)
at org.wso2.carbon.identity.application.authentication.framework.handler.request.impl.DefaultAuthenticationRequestHandler.handle(DefaultAuthenticationRequestHandler.java:158)
at org.wso2.carbon.identity.application.authentication.framework.handler.request.impl.DefaultRequestCoordinator.handle(DefaultRequestCoordinator.java:240)
at org.wso2.carbon.identity.application.authentication.framework.servlet.CommonAuthenticationServlet.doPost(CommonAuthenticationServlet.java:53)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:660)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:741)
at org.eclipse.equinox.http.helper.ContextPathServletAdaptor.service(ContextPathServletAdaptor.java:37)
at org.eclipse.equinox.http.servlet.internal.ServletRegistration.service(ServletRegistration.java:61)
at org.eclipse.equinox.http.servlet.internal.ProxyServlet.processAlias(ProxyServlet.java:128)
at org.eclipse.equinox.http.servlet.internal.ProxyServlet.service(ProxyServlet.java:60)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:741)
at org.wso2.carbon.tomcat.ext.servlet.DelegationServlet.service(DelegationServlet.java:68)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:231)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:53)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
at org.wso2.carbon.identity.captcha.filter.CaptchaFilter.doFilter(CaptchaFilter.java:66)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
at org.owasp.csrfguard.CsrfGuardFilter.doFilter(CsrfGuardFilter.java:72)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
at org.wso2.carbon.tomcat.ext.filter.CharacterSetFilter.doFilter(CharacterSetFilter.java:65)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
at org.apache.catalina.filters.HttpHeaderSecurityFilter.doFilter(HttpHeaderSecurityFilter.java:126)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:202)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:96)
at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:541)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:139)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:92)
at org.wso2.carbon.identity.context.rewrite.valve.TenantContextRewriteValve.invoke(TenantContextRewriteValve.java:86)
at org.wso2.carbon.identity.authz.valve.AuthorizationValve.invoke(AuthorizationValve.java:110)
at org.wso2.carbon.identity.auth.valve.AuthenticationValve.invoke(AuthenticationValve.java:75)
at org.wso2.carbon.tomcat.ext.valves.CompositeValve.continueInvocation(CompositeValve.java:99)
at org.wso2.carbon.tomcat.ext.valves.TomcatValveContainer.invokeValves(TomcatValveContainer.java:49)
at org.wso2.carbon.tomcat.ext.valves.CompositeValve.invoke(CompositeValve.java:62)
at org.wso2.carbon.tomcat.ext.valves.CarbonStuckThreadDetectionValve.invoke(CarbonStuckThreadDetectionValve.java:145)
at org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:688)
at org.wso2.carbon.tomcat.ext.valves.CarbonContextCreatorValve.invoke(CarbonContextCreatorValve.java:57)
at org.wso2.carbon.tomcat.ext.valves.RequestEncodingValve.invoke(RequestEncodingValve.java:49)
at org.wso2.carbon.tomcat.ext.valves.RequestCorrelationIdValve.invoke(RequestCorrelationIdValve.java:119)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:74)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:343)
at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:367)
at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:65)
at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:868)
at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1639)
at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
at java.lang.Thread.run(Thread.java:748)
The ADFS Details set in WSO:
Identity Provider Name: adfs
Uploaded valid PEM certificate
Federation Authenticators -> SAML2 Web SSO Configuration -> Enabled SAML2 Web SSO
Service Provider Entity Id : wso2is
Identity Provider Entity Id : {from ADFS metadata}
ACS URL : https:\\{ip}:9443\commonauth
SSO URL : {from ADFS metadata}
Anyone can tell if something is wrong?
This null pointer issue was already reported here and fixed in the master. But this NPE issue thrown from this line of code when there is a failure happened when there is a failure happens when processing the SAML response coming from federated IDP and the user is null. You can find that actual error in the SAML outbound component from here.
So your underlying issue seems to be the user identifier not being available in the received SAML assertion from the ADFS side. Please check on that. Please verify the saml response obtained from ADFS and check whether it is sending user information in the authentication response.
Related
I am using wso2 ID server as KM 5.10.0 with API manager 3.1.0 . This is very basic issue. In my previous attempts I was able to login to the Wso2 Id server. But by mistake I started two instances of the ID server. After that I killed both the processes which are running and tried starting only one instance. after that I am unable to login to the wso2 ID server. I tried restarting whole linux system and try to login but still I am getting the below exception.
[2020-06-23 12:02:43,999] [50882c23-5ee1-4406-ae80-0a688cb89a4e] ERROR {org.wso2.carbon.tomcat.ext.valves.CarbonContextCreatorValve} - Could not handle request: /carbon java.lang.NullPointerException
at org.wso2.carbon.tomcat.ext.internal.Utils.getAppNameFromRequest(Utils.java:101)
at org.wso2.carbon.tomcat.ext.valves.CarbonContextCreatorValve.initCarbonContext(CarbonContextCreatorValve.java:80)
at org.wso2.carbon.tomcat.ext.valves.CarbonContextCreatorValve.invoke(CarbonContextCreatorValve.java:56)
at org.wso2.carbon.tomcat.ext.valves.RequestEncodingValve.invoke(RequestEncodingValve.java:49)
at org.wso2.carbon.tomcat.ext.valves.RequestCorrelationIdValve.invoke(RequestCorrelationIdValve.java:119)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:74)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:343)
at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:367)
at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:65)
at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:868)
at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1639)
at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49)
at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1128)
at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628)
at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
at java.base/java.lang.Thread.run(Thread.java:834)
Please let me know how to resolve this issue.
I am using WSO2 Identity Server as KM 5.10.0 . I want to configure my web service as service provider and use the oauth/OIDC login provided by wso2 IS. When my web server is redirecting to wso2 for the authentication, I get the below exception.
ERROR {org.wso2.carbon.tomcat.ext.valves.CarbonContextCreatorValve} - Could not handle request: /oauth2/authorize java.lang.NullPointerException
at org.wso2.carbon.tomcat.ext.internal.Utils.getAppNameFromRequest(Utils.java:101)
at org.wso2.carbon.tomcat.ext.valves.CarbonContextCreatorValve.initCarbonContext(CarbonContextCreatorValve.java:80)
at org.wso2.carbon.tomcat.ext.valves.CarbonContextCreatorValve.invoke(CarbonContextCreatorValve.java:56)
at org.wso2.carbon.tomcat.ext.valves.RequestEncodingValve.invoke(RequestEncodingValve.java:49)
at org.wso2.carbon.tomcat.ext.valves.RequestCorrelationIdValve.invoke(RequestCorrelationIdValve.java:119)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:74)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:343)
at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:367)
at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:65)
at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:868)
at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1639)
at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49)
at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1128)
at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628)
at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
at java.base/java.lang.Thread.run(Thread.java:834)
I have correctly registered my webserver in wso2 ID server in "Add service provider section". Also generated the client secret and client key in the process. I am using authorization code grant type.
Please let me know why such exception is thrown, how to debug this
I am using WSO2 Kubernetes Artifacts to build WSO2 APIM 1.10.0 cluster.
Here is my configuration :
api-key-manager.yaml
api-publisher.yaml
api-store.yaml
gateway-manager.yaml
With the above configurations, APIM cluster works fine on my kubernetes environment. Then I want to get statistics from WSO2 DAS 3.0.1. Here is my steps.
Open admin-dashboard page.
Fill in DAS information.
Save configuration.
Publish the sample API and subscribe it.
Invoke the created API.
Though API returns the correct result, I can not see any statistics from DAS page. Table ORG_WSO2_APIMGT_STATISTICS_REQUEST is also empty. Moreover, there are some exceptions in gateway container as follows:
2017-02-02T10:17:05.119378825Z [2017-02-02 10:17:05,118] ERROR - APIMgtUsageHandler Cannot publish event. null
2017-02-02T10:17:05.119410635Z java.lang.NullPointerException
2017-02-02T10:17:05.119416221Z at org.wso2.carbon.apimgt.usage.publisher.APIMgtUsageDataBridgeDataPublisher.publishEvent(APIMgtUsageDataBridgeDataPublisher.java:124)
2017-02-02T10:17:05.119421345Z at org.wso2.carbon.apimgt.usage.publisher.APIMgtUsageHandler.handleRequest(APIMgtUsageHandler.java:169)
2017-02-02T10:17:05.119425422Z at org.apache.synapse.rest.API.process(API.java:322)
2017-02-02T10:17:05.119429269Z at org.apache.synapse.rest.RESTRequestHandler.dispatchToAPI(RESTRequestHandler.java:86)
2017-02-02T10:17:05.119432713Z at org.apache.synapse.rest.RESTRequestHandler.process(RESTRequestHandler.java:65)
2017-02-02T10:17:05.119444539Z at org.apache.synapse.core.axis2.Axis2SynapseEnvironment.injectMessage(Axis2SynapseEnvironment.java:295)
2017-02-02T10:17:05.119448051Z at org.apache.synapse.core.axis2.SynapseMessageReceiver.receive(SynapseMessageReceiver.java:83)
2017-02-02T10:17:05.119451190Z at org.apache.axis2.engine.AxisEngine.receive(AxisEngine.java:180)
2017-02-02T10:17:05.119454693Z at org.apache.synapse.transport.passthru.ServerWorker.processNonEntityEnclosingRESTHandler(ServerWorker.java:317)
2017-02-02T10:17:05.119457708Z at org.apache.synapse.transport.passthru.ServerWorker.run(ServerWorker.java:149)
2017-02-02T10:17:05.119460675Z at org.apache.axis2.transport.base.threads.NativeWorkerPool$1.run(NativeWorkerPool.java:172)
2017-02-02T10:17:05.119463755Z at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
2017-02-02T10:17:05.119466748Z at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
2017-02-02T10:17:05.119470008Z at java.lang.Thread.run(Thread.java:745)
2017-02-02T10:17:05.292159023Z [2017-02-02 10:17:05,291] ERROR - APIMgtResponseHandler Cannot publish response event. null
2017-02-02T10:17:05.292186860Z java.lang.NullPointerException
2017-02-02T10:17:05.292191607Z at org.wso2.carbon.apimgt.usage.publisher.APIMgtUsageDataBridgeDataPublisher.publishEvent(APIMgtUsageDataBridgeDataPublisher.java:140)
2017-02-02T10:17:05.292196079Z at org.wso2.carbon.apimgt.usage.publisher.APIMgtResponseHandler.mediate(APIMgtResponseHandler.java:211)
2017-02-02T10:17:05.292199487Z at org.apache.synapse.mediators.ext.ClassMediator.mediate(ClassMediator.java:84)
2017-02-02T10:17:05.292202823Z at org.apache.synapse.mediators.AbstractListMediator.mediate(AbstractListMediator.java:81)
2017-02-02T10:17:05.292206246Z at org.apache.synapse.mediators.AbstractListMediator.mediate(AbstractListMediator.java:48)
2017-02-02T10:17:05.292210195Z at org.apache.synapse.mediators.base.SequenceMediator.mediate(SequenceMediator.java:155)
2017-02-02T10:17:05.292213976Z at org.apache.synapse.rest.Resource.process(Resource.java:297)
2017-02-02T10:17:05.292216990Z at org.apache.synapse.rest.API.process(API.java:335)
2017-02-02T10:17:05.292220203Z at org.apache.synapse.rest.RESTRequestHandler.dispatchToAPI(RESTRequestHandler.java:86)
2017-02-02T10:17:05.292223430Z at org.apache.synapse.rest.RESTRequestHandler.process(RESTRequestHandler.java:52)
2017-02-02T10:17:05.292226576Z at org.apache.synapse.core.axis2.Axis2SynapseEnvironment.injectMessage(Axis2SynapseEnvironment.java:295)
2017-02-02T10:17:05.292229762Z at org.apache.synapse.core.axis2.SynapseCallbackReceiver.handleMessage(SynapseCallbackReceiver.java:529)
2017-02-02T10:17:05.292232861Z at org.apache.synapse.core.axis2.SynapseCallbackReceiver.receive(SynapseCallbackReceiver.java:172)
2017-02-02T10:17:05.292236007Z at org.apache.axis2.engine.AxisEngine.receive(AxisEngine.java:180)
2017-02-02T10:17:05.292238952Z at org.apache.synapse.transport.passthru.ClientWorker.run(ClientWorker.java:251)
2017-02-02T10:17:05.292252632Z at org.apache.axis2.transport.base.threads.NativeWorkerPool$1.run(NativeWorkerPool.java:172)
2017-02-02T10:17:05.292256191Z at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
2017-02-02T10:17:05.292259335Z at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
2017-02-02T10:17:05.292262507Z at java.lang.Thread.run(Thread.java:745)
The problem may be same as this issue, but I don't see solution.
Edit 1
I also did 2 experiments as follow.
First:
Create a ubuntu pod.
Install WSO2 APIM 1.10.0 on the ubuntu pod container.
Open the admin-dashboard page and fill in DAS information.
Publish the sample API and subscribe it.
Invoke the created API.
Which works fine. I can see the statistics from DAS page.
Second :
Jump into APIM container.
Using telnet to verify thrift port of DAS cluster.
The thrift port was accessible for APIM cluster.
According to the exception, I think that might be caused by configurations missing in gateway container?
I am running WSO2 IS 5.0.0. I have the SP for IS 5.0.0 applied along with all the other security patches issued for that version for Identity Server and Carbon 4.2.0. My environment consists of 4 machines that are creating a cluster (using the WKA membership scheme and Load Balancer with sticky session). I am using MySQL(not the default H2 database). The machines on which the IS is deployed are Windows Server 2012 R2 (EC2 AWS machines).
The PRODUCT_HOME/repository/conf/identity.xml has the following configuration:
<JDBCPersistenceManager>
<DataSource>
<Name>jdbc/WSO2CarbonDB</Name>
</DataSource>
<SessionDataPersist>
<Enable>true</Enable>
<RememberMePeriod>20060</RememberMePeriod>
<CleanUp>
<Enable>true</Enable>
<Period>1440</Period>
<TimeOut>20160</TimeOut>
</CleanUp>
<Temporary>false</Temporary>
</SessionDataPersist>
</JDBCPersistenceManager>
<SessionContextCache>
<Enable>true</Enable>
<Capacity>100000</Capacity>
</SessionContextCache>
<OAuth>
<AuthorizationCodeDefaultValidityPeriod>300</AuthorizationCodeDefaultValidityPeriod>
<AccessTokenDefaultValidityPeriod>1800</AccessTokenDefaultValidityPeriod>
<UserAccessTokenDefaultValidityPeriod>1800</UserAccessTokenDefaultValidityPeriod>
<RefreshTokenValidityPeriod>31540000</RefreshTokenValidityPeriod>
<TimestampSkew>10</TimestampSkew>
<EnableOAuthCache>false</EnableOAuthCache>
<RenewRefreshTokenForRefreshGrant>true</RenewRefreshTokenForRefreshGrant>
</OAuth>
Sporadically I receive the following error in the Identity Server console log(when issuing access token using the client_credentials grant type and openid scope):
ERROR {org.wso2.carbon.identity.openidconnect.DefaultIDTokenBuilder} - Error occurred while getting access token based information
ERROR {org.wso2.carbon.identity.oauth2.OAuth2Service} - Error when issuing the access token.
org.wso2.carbon.identity.oauth2.IdentityOAuth2Exception: Error occurred while getting access token based information
at org.wso2.carbon.identity.openidconnect.DefaultIDTokenBuilder.getAccessTokenIssuedTime(DefaultIDTokenBuilder.java:348)
at org.wso2.carbon.identity.openidconnect.DefaultIDTokenBuilder.buildIDToken(DefaultIDTokenBuilder.java:141)
at org.wso2.carbon.identity.oauth2.token.AccessTokenIssuer.issue(AccessTokenIssuer.java:212)
at org.wso2.carbon.identity.oauth2.OAuth2Service.issueAccessToken(OAuth2Service.java:177)
at org.wso2.carbon.identity.oauth.endpoint.token.OAuth2TokenEndpoint.getAccessToken(OAuth2TokenEndpoint.java:233)
at org.wso2.carbon.identity.oauth.endpoint.token.OAuth2TokenEndpoint.issueAccessToken(OAuth2TokenEndpoint.java:108)
at sun.reflect.GeneratedMethodAccessor57.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:606)
at org.apache.cxf.service.invoker.AbstractInvoker.performInvocation(AbstractInvoker.java:180)
at org.apache.cxf.service.invoker.AbstractInvoker.invoke(AbstractInvoker.java:96)
at org.apache.cxf.jaxrs.JAXRSInvoker.invoke(JAXRSInvoker.java:194)
at org.apache.cxf.jaxrs.JAXRSInvoker.invoke(JAXRSInvoker.java:100)
at org.apache.cxf.interceptor.ServiceInvokerInterceptor$1.run(ServiceInvokerInterceptor.java:57)
at org.apache.cxf.interceptor.ServiceInvokerInterceptor.handleMessage(ServiceInvokerInterceptor.java:93)
at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:271)
at org.apache.cxf.transport.ChainInitiationObserver.onMessage(ChainInitiationObserver.java:121)
at org.apache.cxf.transport.http.AbstractHTTPDestination.invoke(AbstractHTTPDestination.java:239)
at org.apache.cxf.transport.servlet.ServletController.invokeDestination(ServletController.java:223)
at org.apache.cxf.transport.servlet.ServletController.invoke(ServletController.java:203)
at org.apache.cxf.transport.servlet.ServletController.invoke(ServletController.java:137)
at org.apache.cxf.transport.servlet.CXFNonSpringServlet.invoke(CXFNonSpringServlet.java:159)
at org.apache.cxf.transport.servlet.AbstractHTTPServlet.handleRequest(AbstractHTTPServlet.java:286)
at org.apache.cxf.transport.servlet.AbstractHTTPServlet.doPost(AbstractHTTPServlet.java:206)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:755)
at org.apache.cxf.transport.servlet.AbstractHTTPServlet.service(AbstractHTTPServlet.java:262)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:305)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:222)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:123)
at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:472)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:171)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:99)
at org.wso2.carbon.tomcat.ext.valves.CompositeValve.continueInvocation(CompositeValve.java:178)
at org.wso2.carbon.tomcat.ext.valves.CarbonTomcatValve$1.invoke(CarbonTomcatValve.java:47)
at org.wso2.carbon.webapp.mgt.TenantLazyLoaderValve.invoke(TenantLazyLoaderValve.java:56)
at org.wso2.carbon.tomcat.ext.valves.TomcatValveContainer.invokeValves(TomcatValveContainer.java:47)
at org.wso2.carbon.tomcat.ext.valves.CompositeValve.invoke(CompositeValve.java:141)
at org.wso2.carbon.tomcat.ext.valves.CarbonStuckThreadDetectionValve.invoke(CarbonStuckThreadDetectionValve.java:156)
at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:936)
at org.wso2.carbon.tomcat.ext.valves.CarbonContextCreatorValve.invoke(CarbonContextCreatorValve.java:52)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:118)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:407)
at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1004)
at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:589)
at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.run(NioEndpoint.java:1653)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
at java.lang.Thread.run(Thread.java:745)
I am still trying to isolate the exact scenario which is causing the system to behave this way.
When this particular error is logged in the Identity Server console log, I get the following in the http_access log (PRODUCT_HOME/repository/logs/http_access_DATE.log)
172.31.26.60 - - [09/Sep/2016:07:18:28 +0000] "POST /oauth2/token?grant_type=client_credentials&scope=openid HTTP/1.1" 400 82 "-" "-"
As end result I receive the following as response:
error: "server_error"
error_description: "Error when issuing the access token"
I tried updating the PRODUCT_HOME/repository/conf/identity.xml file by setting the EnableOAuthCache to TRUE:
<EnableOAuthCache>true</EnableOAuthCache>
Then I restarted all the Identity Server instances (as I mentioned I have 4 machines in WKA cluster). Everything was going well until one day we started receiving access token which is invalid.
After digging further into this particular issue, I was able to find out that for some reason the Identity Server was returning two access tokens. The one was valid and the other not. Still I was using the exact same POST request for retrieving access token with client_credentials grant type. Usually after issuing the access token I am executing get request to the userinfo endpoint and it turned out that only one of the access tokens is valid.
The mentioned above is also randomly happening. Usually after 10-15 mins, the invalid token is not returned anymore and the system is stabilized.
When the issue is experienced the following is logged in the Identity Server console log:
ERROR{org.wso2.carbon.identity.oauth2.dao.TokenPersistenceTask} - org.wso2.carbon.identity.oauth2.IdentityOAuth2Exception: Error when getting an Identity Persistence Store instance.
No additional information or stack trace.
Also the invalid access token which is returned does not exist in the database.
My system relies on these access tokens and when I am not able to retrieve these or I retrieve invalid token and not able to call the userinfo endpoint I am experiencing downtime. The last time it was about 15-20 mins.
So my questions are:
1. Has someone else observed such behavior or is it a known issue? If so is there a workaround for it or some sort of patch that could be applied?
2. If not do you think it might be some sort of configuration issue? If so which configuration files you think should be modified?
3. Do you think this behavior might be related to the WKA Cluster configuration?
4. Do you think this might be related to the usage of MySQL?
Thank you for your time and consideration.
It's better to use the latest release in the identity server. You can go to the WSO2 Identity Server page and download the latest version.
I've developed a JAX-WS (2.2) Web Service using OEPE (Oracle Enterprise Pack for Eclipse) with local Weblogic Server 12.1.1 instance. I'm using Java 6 on windows environment. I've added message level security to it using following policy files that come with weblogic: Wssp1.2-2007-Wss1.1-X509-Basic256.xml, Wssp1.2-2007-SignBody.xml, Wssp1.2-2007-EncryptBody.xml. I also developed client using OEPE and configured it to send required security headers. I followed this documentation to develop web service, client and to configure security in both: http://docs.oracle.com/cd/E24329_01/web.1211/e24488/message.htm
If I deploy the client on weblogic server then it works fine, but I cannot run it as a standalone client. It also fails if I deploy it on Apache Tomcat 7. Looking at exception it looks that it requires few weblogic libraries. I've copied weblogic.jar and wseeclient.jar from $WL_HOME/server/lib directory, but still can't get it to work.
This is the exception I get on tomcat:
SEVERE: Servlet.service() for servlet [jsp] in context with path [/WebserviceClient] threw exception [java.lang.NoClassDefFoundError: weblogic/utils/NestedException] with root cause
java.lang.ClassNotFoundException: weblogic.utils.NestedException
at org.apache.catalina.loader.WebappClassLoader.loadClass(WebappClassLoader.java:1720)
at org.apache.catalina.loader.WebappClassLoader.loadClass(WebappClassLoader.java:1571)
at java.lang.ClassLoader.defineClass1(Native Method)
at java.lang.ClassLoader.defineClass(Unknown Source)
at java.security.SecureClassLoader.defineClass(Unknown Source)
at org.apache.catalina.loader.WebappClassLoader.findClassInternal(WebappClassLoader.java:2957)
at org.apache.catalina.loader.WebappClassLoader.findClass(WebappClassLoader.java:1210)
at org.apache.catalina.loader.WebappClassLoader.loadClass(WebappClassLoader.java:1690)
at org.apache.catalina.loader.WebappClassLoader.loadClass(WebappClassLoader.java:1571)
at java.lang.Class.getDeclaredConstructors0(Native Method)
at java.lang.Class.privateGetDeclaredConstructors(Unknown Source)
at java.lang.Class.getConstructor0(Unknown Source)
at java.lang.Class.newInstance(Unknown Source)
at javax.xml.parsers.FactoryFinder.newInstance(Unknown Source)
at javax.xml.parsers.FactoryFinder.findJarServiceProvider(Unknown Source)
at javax.xml.parsers.FactoryFinder.find(Unknown Source)
at javax.xml.parsers.DocumentBuilderFactory.newInstance(Unknown Source)
at org.apache.jasper.xmlparser.ParserUtils.parseXMLDocument(ParserUtils.java:96)
at org.apache.jasper.compiler.JspConfig.processWebDotXml(JspConfig.java:95)
at org.apache.jasper.compiler.JspConfig.init(JspConfig.java:243)
at org.apache.jasper.compiler.JspConfig.findJspProperty(JspConfig.java:302)
at org.apache.jasper.compiler.Compiler.generateJava(Compiler.java:114)
at org.apache.jasper.compiler.Compiler.compile(Compiler.java:373)
at org.apache.jasper.compiler.Compiler.compile(Compiler.java:353)
at org.apache.jasper.compiler.Compiler.compile(Compiler.java:340)
at org.apache.jasper.JspCompilationContext.compile(JspCompilationContext.java:657)
at org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:357)
at org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:390)
at org.apache.jasper.servlet.JspServlet.service(JspServlet.java:334)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:727)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:303)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:220)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:122)
at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:501)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:170)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:98)
at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:950)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:116)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:408)
at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1040)
at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:607)
at org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:315)
at java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source)
at java.lang.Thread.run(Unknown Source)
I've been trying to solve this issue from last two days without any luck and this is driving me crazy. I'm fairly new to weblogic as well as web services so not exactly sure how to do this. Can anyone tell me exactly which jars are needed to run it on tomcat or as a standalone application?
Thanks,
AndyT
I finally copied all the jars from weblogic installation directory to my standalone client's lib and then copied some jars which didn't seem relevant. I know this is not a very good solution (as it increased the size by about 100 MB) and there are still few unnecessary jars, but it resolved my issue for now.