[midPoint] MidPoint + OpenLdap = InvalidKeyException

Radovan Semancik radovan.semancik at evolveum.com
Tue Apr 19 21:24:00 CEST 2016


Hi,

So the issue is rather trivial: missing JCE unlimited policy. ConnId 
(and also midPoint) is using strong keys to encrypt passwords. Therefore 
just install the JCE Unlimited Strength Jurisdiction Policy Files to 
your JVM and all should work perfectly. Turns out I made the same 
mistake as you with my Java 8 installation.

However, I have found several error reporting bugs in 3.4-SNAPSHOT and 
fixed them. Therefore this was still quite useful. :-)

-- 
Radovan Semancik
Software Architect
evolveum.com



On 04/19/2016 06:36 PM, Radovan Semancik wrote:
> Hi,
>
> I have just noticed the same problem when running on Java 8. It looks 
> like it is caused by some incompatibility of ConnId and Java 8. I will 
> have a deeper look at that later: 
> https://jira.evolveum.com/browse/MID-2892
>
> In the meantime downgrading to Java 7 seems to be a workaround.
>
> -- 
> Radovan Semancik
> Software Architect
> evolveum.com
>
>
> On 04/19/2016 04:08 PM, Rafael Marquez wrote:
>> Hi,
>>
>> I'm trying to setup MidPoint with OpenLdap but when testing the 
>> resource connection the following error appears:
>>
>> /"Generic connector error for the 
>> resource:d0811790-1d80-11e4-86b2-3c970e467874(OpenLDAP): 
>> java.security.InvalidKeyException: Illegal key size"/
>>
>>
>> Java version: 1.8.0_72
>>
>> Server: Apache Tomcat 8.0.30
>>
>> OS: Ubuntu 14.04 LTS 64-bit
>>
>> Midpoint connectorType: com.evolveum.polygon.connector.ldap.LdapConnector
>>
>> OpenLdap: Docker container using "dinkel/openldap" image using Debian 
>> “jessie”​ and openldap 2.4.40.
>>
>>
>> I've tested Openldap container using Apache Directory Studio and I 
>> managed to create Organizational units and People without problem. 
>> Used default password "mysecretpassword"
>>
>>
>> Any idea?
>>
>>
>> Exception output from Midpoint front end:
>>
>> <operationResult 
>> xmlns="http://midpoint.evolveum.com/xml/ns/public/common/common-3"
>>                 
>>  xmlns:q="http://prism.evolveum.com/xml/ns/public/query-3"
>>                 
>>  xmlns:c="http://midpoint.evolveum.com/xml/ns/public/common/common-3"
>>                 
>>  xmlns:t="http://prism.evolveum.com/xml/ns/public/types-3"
>>  xmlns:icfs="http://midpoint.evolveum.com/xml/ns/public/connector/icf-1/resource-schema-3"
>>  xmlns:ri="http://midpoint.evolveum.com/xml/ns/public/resource/instance-3">
>>  <operation>com.evolveum.midpoint.provisioning.ucf.api.ConnectorInstance.configure</operation>
>>    <status>fatal_error</status>
>>    <params>
>>       <entry key="configuration">
>>          <unknownJavaObject>
>> <class>com.evolveum.midpoint.prism.PrismContainerValue</class>
>>             
>> <toString>PCV(null):[PC({http://midpoint.evolveum.com/xml/ns/public/connector/icf-1/connector-schema-3}resultsHandlerConfiguration):[PCV(null):[PP({.../connector/icf-1/connector-schema-3}enableNormalizingResultsHandler):[PPV(Boolean:false)], 
>> PP({.../connector/icf-1/connector-schema-3}enableFilteredResultsHandler):[PPV(Boolean:false)], 
>> PP({.../connector/icf-1/connector-schema-3}enableAttributesToGetSearchResultsHandler):[PPV(Boolean:false)]]], 
>> PC({http://midpoint.evolveum.com/xml/ns/public/connector/icf-1/connector-schema-3}configurationProperties):[PCV(null):[PP({.../connector/icf-1/bundle/com.evolveum.polygon.connector-ldap/com.evolveum.polygon.connector.ldap.LdapConnector}bindPassword):[PPV(ProtectedStringType:ProtectedStringType(encrypted=EncryptedDataType(encryptionMethod=EncryptionMethodType(algorithm=http://www.w3.org/2001/04/xmlenc#aes128-cbc), 
>> keyInfo=KeyInfoType(keyName=x032KTDe5pheYvv7EqrmSWu+FPI=), 
>> cipherData=CipherDataType(cipherValue=[48 bytes]))))], 
>> PP({.../connector/icf-1/bundle/com.evolveum.polygon.connector-ldap/com.evolveum.polygon.connector.ldap.LdapConnector}vlvSortOrderingRule):[PPV(String:2.5.13.3)], 
>> PP({.../connector/icf-1/bundle/com.evolveum.polygon.connector-ldap/com.evolveum.polygon.connector.ldap.LdapConnector}operationalAttributes):[PPV(String:memberOf), 
>> PPV(String:createTimestamp)], 
>> PP({.../connector/icf-1/bundle/com.evolveum.polygon.connector-ldap/com.evolveum.polygon.connector.ldap.LdapConnector}bindDn):[PPV(String:cn=admin,dc=ldap,dc=example,dc=org)], 
>> PP({.../connector/icf-1/bundle/com.evolveum.polygon.connector-ldap/com.evolveum.polygon.connector.ldap.LdapConnector}host):[PPV(String:localhost)], 
>> PP({.../connector/icf-1/bundle/com.evolveum.polygon.connector-ldap/com.evolveum.polygon.connector.ldap.LdapConnector}passwordHashAlgorithm):[PPV(String:SSHA)], 
>> PP({.../connector/icf-1/bundle/com.evolveum.polygon.connector-ldap/com.evolveum.polygon.connector.ldap.LdapConnector}vlvSortAttribute):[PPV(String:uid)], 
>> PP({.../connector/icf-1/bundle/com.evolveum.polygon.connector-ldap/com.evolveum.polygon.connector.ldap.LdapConnector}pagingStrategy):[PPV(String:auto)], 
>> PP({.../connector/icf-1/bundle/com.evolveum.polygon.connector-ldap/com.evolveum.polygon.connector.ldap.LdapConnector}port):[PPV(Integer:389)], 
>> PP({.../connector/icf-1/bundle/com.evolveum.polygon.connector-ldap/com.evolveum.polygon.connector.ldap.LdapConnector}usePermissiveModify):[PPV(String:always)], 
>> PP({.../connector/icf-1/bundle/com.evolveum.polygon.connector-ldap/com.evolveum.polygon.connector.ldap.LdapConnector}baseContext):[PPV(String:dc=ldap,dc=example,dc=org)]]]]</toString>
>>          </unknownJavaObject>
>>       </entry>
>>    </params>
>>    <token>1000000000000000216</token>
>>    <message>java.security.InvalidKeyException: Illegal key size</message>
>>    <details>java.lang.RuntimeException: 
>> java.security.InvalidKeyException: Illegal key size
>> org.identityconnectors.common.security.impl.EncryptorImpl.encrypt(EncryptorImpl.java:95)
>> org.identityconnectors.common.security.GuardedString.encryptBytes(GuardedString.java:266)
>> org.identityconnectors.common.security.GuardedString.encryptChars(GuardedString.java:242)
>> org.identityconnectors.common.security.GuardedString.<init>(GuardedString.java:91)
>> com.evolveum.midpoint.provisioning.ucf.impl.ConnectorInstanceIcfImpl.toGuardedString(ConnectorInstanceIcfImpl.java:3276)
>> com.evolveum.midpoint.provisioning.ucf.impl.ConnectorInstanceIcfImpl.convertToIcf(ConnectorInstanceIcfImpl.java:3234)
>> com.evolveum.midpoint.provisioning.ucf.impl.ConnectorInstanceIcfImpl.convertToIcfSingle(ConnectorInstanceIcfImpl.java:3213)
>> com.evolveum.midpoint.provisioning.ucf.impl.ConnectorInstanceIcfImpl.transformConnectorConfiguration(ConnectorInstanceIcfImpl.java:3067)
>> com.evolveum.midpoint.provisioning.ucf.impl.ConnectorInstanceIcfImpl.transformConnectorConfiguration(ConnectorInstanceIcfImpl.java:2997)
>> com.evolveum.midpoint.provisioning.ucf.impl.ConnectorInstanceIcfImpl.configure(ConnectorInstanceIcfImpl.java:290)
>> com.evolveum.midpoint.provisioning.impl.ConnectorManager.createConfiguredConnectorInstance(ConnectorManager.java:157)
>> com.evolveum.midpoint.provisioning.impl.ConnectorManager.getConfiguredConnectorInstance(ConnectorManager.java:129)
>> com.evolveum.midpoint.provisioning.impl.ResourceManager.getConnectorInstance(ResourceManager.java:813)
>> com.evolveum.midpoint.provisioning.impl.ResourceManager.completeResource(ResourceManager.java:272)
>> com.evolveum.midpoint.provisioning.impl.ResourceManager.loadAndCacheResource(ResourceManager.java:162)
>> com.evolveum.midpoint.provisioning.impl.ResourceManager.getResource(ResourceManager.java:155)
>> com.evolveum.midpoint.provisioning.impl.ProvisioningServiceImpl.getObject(ProvisioningServiceImpl.java:207)
>> com.evolveum.midpoint.model.impl.ModelObjectResolver.getObject(ModelObjectResolver.java:157)
>> com.evolveum.midpoint.model.impl.controller.ModelController.getObject(ModelController.java:263)
>> sun.reflect.GeneratedMethodAccessor527.invoke(Unknown Source)
>> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
>> java.lang.reflect.Method.invoke(Method.java:498)
>> org.apache.wicket.proxy.LazyInitProxyFactory$JdkHandler.invoke(LazyInitProxyFactory.java:507)
>> com.sun.proxy.$Proxy150.getObject(Unknown Source)
>> com.evolveum.midpoint.gui.api.util.WebModelServiceUtils.loadObject(WebModelServiceUtils.java:175)
>> com.evolveum.midpoint.web.page.admin.resources.PageResource.loadResource(PageResource.java:159)
>> com.evolveum.midpoint.web.page.admin.resources.PageResource.access$000(PageResource.java:86)
>> com.evolveum.midpoint.web.page.admin.resources.PageResource$1.load(PageResource.java:139)
>> com.evolveum.midpoint.web.page.admin.resources.PageResource$1.load(PageResource.java:135)
>> com.evolveum.midpoint.gui.api.model.LoadableModel.getObject(LoadableModel.java:58)
>> com.evolveum.midpoint.web.page.admin.resources.PageResource.initLayout(PageResource.java:169)
>> com.evolveum.midpoint.web.page.admin.resources.PageResource.initialize(PageResource.java:143)
>> com.evolveum.midpoint.web.page.admin.resources.PageResource.<init>(PageResource.java:124)
>> sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
>> sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:62)
>> sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45)
>> java.lang.reflect.Constructor.newInstance(Constructor.java:423)
>> org.apache.wicket.session.DefaultPageFactory.newPage(DefaultPageFactory.java:171)
>> org.apache.wicket.session.DefaultPageFactory.newPage(DefaultPageFactory.java:99)
>> org.apache.wicket.DefaultMapperContext.newPageInstance(DefaultMapperContext.java:106)
>> org.apache.wicket.core.request.handler.PageProvider.resolvePageInstance(PageProvider.java:271)
>> org.apache.wicket.core.request.handler.PageProvider.getPageInstance(PageProvider.java:169)
>> org.apache.wicket.request.handler.render.PageRenderer.getPage(PageRenderer.java:78)
>> org.apache.wicket.request.handler.render.WebPageRenderer.isPageStateless(WebPageRenderer.java:287)
>> org.apache.wicket.request.handler.render.WebPageRenderer.shouldRenderPageAndWriteResponse(WebPageRenderer.java:329)
>> org.apache.wicket.request.handler.render.WebPageRenderer.respond(WebPageRenderer.java:193)
>> org.apache.wicket.core.request.handler.RenderPageRequestHandler.respond(RenderPageRequestHandler.java:175)
>> org.apache.wicket.request.cycle.RequestCycle$HandlerExecutor.respond(RequestCycle.java:865)
>> org.apache.wicket.request.RequestHandlerStack.execute(RequestHandlerStack.java:64)
>> org.apache.wicket.request.cycle.RequestCycle.execute(RequestCycle.java:265)
>> org.apache.wicket.request.cycle.RequestCycle.processRequest(RequestCycle.java:222)
>> org.apache.wicket.request.cycle.RequestCycle.processRequestAndDetach(RequestCycle.java:293)
>> org.apache.wicket.protocol.http.WicketFilter.processRequestCycle(WicketFilter.java:261)
>> org.apache.wicket.protocol.http.WicketFilter.processRequest(WicketFilter.java:203)
>> org.apache.wicket.protocol.http.WicketFilter.doFilter(WicketFilter.java:284)
>> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:239)
>> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
>> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:330)
>> org.springframework.security.web.access.intercept.FilterSecurityInterceptor.invoke(FilterSecurityInterceptor.java:118)
>> org.springframework.security.web.access.intercept.FilterSecurityInterceptor.doFilter(FilterSecurityInterceptor.java:84)
>> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
>> org.springframework.security.web.access.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:113)
>> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
>> org.springframework.security.web.session.SessionManagementFilter.doFilter(SessionManagementFilter.java:103)
>> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
>> org.springframework.security.web.authentication.AnonymousAuthenticationFilter.doFilter(AnonymousAuthenticationFilter.java:113)
>> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
>> org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter.doFilter(SecurityContextHolderAwareRequestFilter.java:154)
>> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
>> org.springframework.security.web.savedrequest.RequestCacheAwareFilter.doFilter(RequestCacheAwareFilter.java:45)
>> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
>> org.springframework.security.web.authentication.www.BasicAuthenticationFilter.doFilter(BasicAuthenticationFilter.java:150)
>> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
>> org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:199)
>> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
>> org.springframework.security.web.authentication.logout.LogoutFilter.doFilter(LogoutFilter.java:110)
>> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
>> org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter.doFilterInternal(WebAsyncManagerIntegrationFilter.java:50)
>> org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
>> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
>> org.springframework.security.web.session.ConcurrentSessionFilter.doFilter(ConcurrentSessionFilter.java:125)
>> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
>> org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:87)
>> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
>> org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:192)
>> org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:160)
>> org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:344)
>> org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:261)
>> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:239)
>> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
>> com.evolveum.midpoint.web.util.MidPointProfilingServletFilter.doFilter(MidPointProfilingServletFilter.java:86)
>> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:239)
>> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
>> org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:212)
>> org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:106)
>> org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:502)
>> org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:141)
>> org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:79)
>> org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:616)
>> org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:88)
>> org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:521)
>> org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1096)
>> org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:674)
>> org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1500)
>> org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.run(NioEndpoint.java:1456)
>> java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
>> java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
>> org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
>> java.lang.Thread.run(Thread.java:745)
>> </details>
>> </operationResult>
>>
>>
>> Thank you in advance!
>>
>>
>> All the best,
>>
>> Rafa
>>
>>
>>
>> _______________________________________________
>> midPoint mailing list
>> midPoint at lists.evolveum.com
>> http://lists.evolveum.com/mailman/listinfo/midpoint
>
>
>
>
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com
> http://lists.evolveum.com/mailman/listinfo/midpoint


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20160419/69d4db3d/attachment.htm>


More information about the midPoint mailing list