August 11, 2017 at 1:38 pm #18436
I am trying to do the basic OpenID Connect configuration from pages like
After setup the OAuthProvider , and the agent, everythings works ok in one of my environments.
I can do the login, the page requesting consent to the Agent is shown, and the redirection occurs, ok.
But in another environment, after the page requesting consent I press Allow, it just shows “internal server error”.
Checking log in the /debug folder in server, I see that in the file IdRepo file it shows:
amSDK:08/11/2017 11:33:00:074 AM UTC: Thread[http-apr-8080-exec-6,5,main]: TransactionId[1e0b22f2-ccfc-4fca-af97-d51f8fda79b8-737]
ERROR: JCEEncryption:: failed to decrypt data
javax.crypto.BadPaddingException: Given final block not properly padded
at java.security.AccessController.doPrivileged(Native Method)
The only diference I can think it is one of my environments (where it works) is using a separate OpenDJ as DirectoryServer ; and the one where is failing is using a embbebed internal OpenDJ of OpenAM.
Any other ideas or checks, please?August 11, 2017 at 4:45 pm #18447James PhillpottsModerator
Hi, this sounds like a known issue that should have been fixed in recent versions. Can you describe what version you’re using, and what your configuration is in more detail?
JamesAugust 16, 2017 at 10:30 am #18482
Checking a file it says
“grep version serverdefaults.properties”
com.iplanet.am.version=OpenAM 13.0.0 Build 5d4589530d (2016-January-14 21:15)
-Internal embbed LDAP in OpenAM.
-OracleJDK 1.8 , also fails with OpenJDK
-The openAM server has a UMA configuration done. Using an import import-svc-cfg with a config.xml operation.
At start I thought it had something to do with the internal LDAP. But later, I discovered it is not the LDAP, because it works also with a fresh/empty openam with internal LDAP.
Now I believe it has something to do with the previous UMA configuration I did (in another realm), and later export/import in a docker environment I do.
It is posible to create a uma realm (that creates a Oauthprovider) and a basic OpenID configurator (that also creates a Oauthprovider)? Any conflict?
Any ideas are welcome, I am a little lost how to isolate the misconfiguration/conflict.October 20, 2017 at 9:50 am #19212
Finally I found out what was the problem:
I was using docker, and exporting the config of the server to a xml file (by the way, that tool is very buggy).
Until i found out that inside the big xml with all lthe configuration there were some references about password and encryption things.
So i found out, i had to not only get the xml with the config exported but also the “.keypass”, “.storepass” generated when the openam was instatiated and add them to the docker image. So other machines/instances, use the xml and its asociated crypto files.
You must be logged in to reply to this topic.