August 11, 2017 at 1:38 pm #18436tomokoParticipant
I am trying to do the basic OpenID Connect configuration from pages like
After setup the OAuthProvider , and the agent, everythings works ok in one of my environments.
I can do the login, the page requesting consent to the Agent is shown, and the redirection occurs, ok.
But in another environment, after the page requesting consent I press Allow, it just shows “internal server error”.
Checking log in the /debug folder in server, I see that in the file IdRepo file it shows:
amSDK:08/11/2017 11:33:00:074 AM UTC: Thread[http-apr-8080-exec-6,5,main]: TransactionId[1e0b22f2-ccfc-4fca-af97-d51f8fda79b8-737]
ERROR: JCEEncryption:: failed to decrypt data
javax.crypto.BadPaddingException: Given final block not properly padded
at java.security.AccessController.doPrivileged(Native Method)
The only diference I can think it is one of my environments (where it works) is using a separate OpenDJ as DirectoryServer ; and the one where is failing is using a embbebed internal OpenDJ of OpenAM.
Any other ideas or checks, please?August 11, 2017 at 4:45 pm #18447James PhillpottsModerator
Hi, this sounds like a known issue that should have been fixed in recent versions. Can you describe what version you’re using, and what your configuration is in more detail?
JamesAugust 16, 2017 at 10:30 am #18482tomokoParticipant
Checking a file it says
“grep version serverdefaults.properties”
com.iplanet.am.version=OpenAM 13.0.0 Build 5d4589530d (2016-January-14 21:15)
-Internal embbed LDAP in OpenAM.
-OracleJDK 1.8 , also fails with OpenJDK
-The openAM server has a UMA configuration done. Using an import import-svc-cfg with a config.xml operation.
At start I thought it had something to do with the internal LDAP. But later, I discovered it is not the LDAP, because it works also with a fresh/empty openam with internal LDAP.
Now I believe it has something to do with the previous UMA configuration I did (in another realm), and later export/import in a docker environment I do.
It is posible to create a uma realm (that creates a Oauthprovider) and a basic OpenID configurator (that also creates a Oauthprovider)? Any conflict?
Any ideas are welcome, I am a little lost how to isolate the misconfiguration/conflict.
You must be logged in to reply to this topic.