AD Password Synchronization plugin, bad padding error

This topic has 1 reply, 2 voices, and was last updated 6 years, 3 months ago by migault1990.

  • Author
  • #6522


    I want to enable password sync between OpenIDM 3.1.0 and Active Directory on Windows 2008+.

    I’ve set up the plugin using password synchronization doc. So I had to setup onCreate and onUpdate scripts on managed users in OpenIDM as described in the doc, create certificate to be used by the plugin and import it in keystore.jceks on OpenIDM, I added the CA which I used for signing it in truststore (I also tried with self-signed certificate, it didn’t work either). I’ve set up the HTTP auth way to communicate.

    It seems that there’s an issue in encryption since every changes made on users’ password lead to a 500 HTTP error:

    (Plugin logs)

    DEBUG [3080:3884]  http_post() response:
    HTTP/1.1 500 Server Error
    Content-Type: application/json;charset=UTF-8
    Cache-Control: no-cache
    Connection: close
    Server: Jetty(8.y.z-SNAPSHOT)
    {"code":500,"reason":"Internal Server Error","message":"org.forgerock.json.crypto.JsonCryptoException: javax.crypto.BadPaddingException: Decryption error"}

    (Server logs)

    PM org.forgerock.openidm.servlet.internal.ServletConnectionFactory$3 filterGenericError
    WARNING: Resource exception: 500 Internal Server Error: "org.forgerock.json.crypto.JsonCryptoException: javax.crypto.BadPaddingException: Decryption error"
    org.forgerock.json.resource.InternalServerErrorException: org.forgerock.json.crypto.JsonCryptoException: javax.crypto.BadPaddingException: Decryption error
    Caused by: org.forgerock.json.fluent.JsonException: org.forgerock.json.crypto.JsonCryptoException: javax.crypto.BadPaddingException: Decryption error
            at org.forgerock.json.crypto.JsonCryptoTransformer.transform(
            at org.forgerock.json.fluent.JsonValue.applyTransformers(
            at org.forgerock.json.fluent.JsonValue.<init>(
            at org.forgerock.json.fluent.JsonValue.get(
            at org.forgerock.json.fluent.JsonValue.copy(
            at org.forgerock.openidm.crypto.impl.CryptoServiceImpl.decrypt(
            at org.forgerock.openidm.managed.ManagedObjectSet.decrypt(
            ... 128 more
    Caused by: org.forgerock.json.crypto.JsonCryptoException: javax.crypto.BadPaddingException: Decryption error
            at org.forgerock.json.crypto.simple.SimpleDecryptor.decrypt(
            at org.forgerock.json.crypto.JsonCryptoTransformer.transform(
            ... 134 more
    Caused by: javax.crypto.BadPaddingException: Decryption error
            at com.sun.crypto.provider.RSACipher.doFinal(
            at com.sun.crypto.provider.RSACipher.engineDoFinal(
            at javax.crypto.Cipher.doFinal(
            at org.forgerock.json.crypto.simple.SimpleDecryptor.decrypt(
            ... 135 more

    I assume I did wrong in RSA keys generation nor import in keystores, but I don’t see where.

    Have you see this issue?


    I am currently experiencing that issue.

    Were you able to solve it?

Viewing 2 posts - 1 through 2 (of 2 total)

You must be logged in to reply to this topic.

©2022 ForgeRock - we provide an identity and access platform to secure every online relationship for the enterprise market, educational sector and even entire countries. Click to view our privacy policy and terms of use.

Log in with your credentials

Forgot your details?