[midPoint] MidPoint + OpenLdap = InvalidKeyException
Rafael Marquez
rafael.marquez at scytl.com
Wed Apr 20 12:04:39 CEST 2016
Hi Radova,
It's solved. I've followed your recommendation and now the error doesn't appear. Thank you! :)
Best regards,
Rafael Márquez
________________________________
From: midPoint <midpoint-bounces at lists.evolveum.com> on behalf of Radovan Semancik <radovan.semancik at evolveum.com>
Sent: 19 April 2016 21:24
To: midpoint at lists.evolveum.com
Subject: Re: [midPoint] MidPoint + OpenLdap = InvalidKeyException
Hi,
So the issue is rather trivial: missing JCE unlimited policy. ConnId (and also midPoint) is using strong keys to encrypt passwords. Therefore just install the JCE Unlimited Strength Jurisdiction Policy Files to your JVM and all should work perfectly. Turns out I made the same mistake as you with my Java 8 installation.
However, I have found several error reporting bugs in 3.4-SNAPSHOT and fixed them. Therefore this was still quite useful. :-)
--
Radovan Semancik
Software Architect
evolveum.com
On 04/19/2016 06:36 PM, Radovan Semancik wrote:
Hi,
I have just noticed the same problem when running on Java 8. It looks like it is caused by some incompatibility of ConnId and Java 8. I will have a deeper look at that later: <https://jira.evolveum.com/browse/MID-2892> https://jira.evolveum.com/browse/MID-2892
In the meantime downgrading to Java 7 seems to be a workaround.
--
Radovan Semancik
Software Architect
evolveum.com
On 04/19/2016 04:08 PM, Rafael Marquez wrote:
Hi,
I'm trying to setup MidPoint with OpenLdap but when testing the resource connection the following error appears:
"Generic connector error for the resource:d0811790-1d80-11e4-86b2-3c970e467874(OpenLDAP): java.security.InvalidKeyException: Illegal key size"
Java version: 1.8.0_72
Server: Apache Tomcat 8.0.30
OS: Ubuntu 14.04 LTS 64-bit
Midpoint connectorType: com.evolveum.polygon.connector.ldap.LdapConnector
OpenLdap: Docker container using "dinkel/openldap" image using Debian “jessie” and openldap 2.4.40.
I've tested Openldap container using Apache Directory Studio and I managed to create Organizational units and People without problem. Used default password "mysecretpassword"
Any idea?
Exception output from Midpoint front end:
<operationResult xmlns="http://midpoint.evolveum.com/xml/ns/public/common/common-3"<http://midpoint.evolveum.com/xml/ns/public/common/common-3>
xmlns:q="http://prism.evolveum.com/xml/ns/public/query-3"<http://prism.evolveum.com/xml/ns/public/query-3>
xmlns:c="http://midpoint.evolveum.com/xml/ns/public/common/common-3"<http://midpoint.evolveum.com/xml/ns/public/common/common-3>
xmlns:t="http://prism.evolveum.com/xml/ns/public/types-3"<http://prism.evolveum.com/xml/ns/public/types-3>
xmlns:icfs="http://midpoint.evolveum.com/xml/ns/public/connector/icf-1/resource-schema-3"<http://midpoint.evolveum.com/xml/ns/public/connector/icf-1/resource-schema-3>
xmlns:ri="http://midpoint.evolveum.com/xml/ns/public/resource/instance-3"<http://midpoint.evolveum.com/xml/ns/public/resource/instance-3>>
<operation>com.evolveum.midpoint.provisioning.ucf.api.ConnectorInstance.configure</operation>
<status>fatal_error</status>
<params>
<entry key="configuration">
<unknownJavaObject>
<class>com.evolveum.midpoint.prism.PrismContainerValue</class>
<toString>PCV(null):[PC({<http://midpoint.evolveum.com/xml/ns/public/connector/icf-1/connector-schema-3>http://midpoint.evolveum.com/xml/ns/public/connector/icf-1/connector-schema-3}resultsHandlerConfiguration):[PCV(null):[PP({.../connector/icf-1/connector-schema-3}enableNormalizingResultsHandler):[PPV(Boolean:false)], PP({.../connector/icf-1/connector-schema-3}enableFilteredResultsHandler):[PPV(Boolean:false)], PP({.../connector/icf-1/connector-schema-3}enableAttributesToGetSearchResultsHandler):[PPV(Boolean:false)]]], PC({http://midpoint.evolveum.com/xml/ns/public/connector/icf-1/connector-schema-3}configurationProperties):[PCV(null):[PP({.../connector/icf-1/bundle/com.evolveum.polygon.connector-ldap/com.evolveum.polygon.connector.ldap.LdapConnector}bindPassword):[PPV(ProtectedStringType:ProtectedStringType(encrypted=EncryptedDataType(encryptionMethod=EncryptionMethodType(algorithm=<http://www.w3.org/2001/04/xmlenc#aes128-cbc>http://www.w3.org/2001/04/xmlenc#aes128-cbc), keyInfo=KeyInfoType(keyName=x032KTDe5pheYvv7EqrmSWu+FPI=), cipherData=CipherDataType(cipherValue=[48 bytes]))))], PP({.../connector/icf-1/bundle/com.evolveum.polygon.connector-ldap/com.evolveum.polygon.connector.ldap.LdapConnector}vlvSortOrderingRule):[PPV(String:2.5.13.3)], PP({.../connector/icf-1/bundle/com.evolveum.polygon.connector-ldap/com.evolveum.polygon.connector.ldap.LdapConnector}operationalAttributes):[PPV(String:memberOf), PPV(String:createTimestamp)], PP({.../connector/icf-1/bundle/com.evolveum.polygon.connector-ldap/com.evolveum.polygon.connector.ldap.LdapConnector}bindDn):[PPV(String:cn=admin,dc=ldap,dc=example,dc=org)], PP({.../connector/icf-1/bundle/com.evolveum.polygon.connector-ldap/com.evolveum.polygon.connector.ldap.LdapConnector}host):[PPV(String:localhost)], PP({.../connector/icf-1/bundle/com.evolveum.polygon.connector-ldap/com.evolveum.polygon.connector.ldap.LdapConnector}passwordHashAlgorithm):[PPV(String:SSHA)], PP({.../connector/icf-1/bundle/com.evolveum.polygon.connector-ldap/com.evolveum.polygon.connector.ldap.LdapConnector}vlvSortAttribute):[PPV(String:uid)], PP({.../connector/icf-1/bundle/com.evolveum.polygon.connector-ldap/com.evolveum.polygon.connector.ldap.LdapConnector}pagingStrategy):[PPV(String:auto)], PP({.../connector/icf-1/bundle/com.evolveum.polygon.connector-ldap/com.evolveum.polygon.connector.ldap.LdapConnector}port):[PPV(Integer:389)], PP({.../connector/icf-1/bundle/com.evolveum.polygon.connector-ldap/com.evolveum.polygon.connector.ldap.LdapConnector}usePermissiveModify):[PPV(String:always)], PP({.../connector/icf-1/bundle/com.evolveum.polygon.connector-ldap/com.evolveum.polygon.connector.ldap.LdapConnector}baseContext):[PPV(String:dc=ldap,dc=example,dc=org)]]]]</toString>
</unknownJavaObject>
</entry>
</params>
<token>1000000000000000216</token>
<message>java.security.InvalidKeyException: Illegal key size</message>
<details>java.lang.RuntimeException: java.security.InvalidKeyException: Illegal key size
org.identityconnectors.common.security.impl.EncryptorImpl.encrypt(EncryptorImpl.java:95)
org.identityconnectors.common.security.GuardedString.encryptBytes(GuardedString.java:266)
org.identityconnectors.common.security.GuardedString.encryptChars(GuardedString.java:242)
org.identityconnectors.common.security.GuardedString.<init>(GuardedString.java:91)
com.evolveum.midpoint.provisioning.ucf.impl.ConnectorInstanceIcfImpl.toGuardedString(ConnectorInstanceIcfImpl.java:3276)
com.evolveum.midpoint.provisioning.ucf.impl.ConnectorInstanceIcfImpl.convertToIcf(ConnectorInstanceIcfImpl.java:3234)
com.evolveum.midpoint.provisioning.ucf.impl.ConnectorInstanceIcfImpl.convertToIcfSingle(ConnectorInstanceIcfImpl.java:3213)
com.evolveum.midpoint.provisioning.ucf.impl.ConnectorInstanceIcfImpl.transformConnectorConfiguration(ConnectorInstanceIcfImpl.java:3067)
com.evolveum.midpoint.provisioning.ucf.impl.ConnectorInstanceIcfImpl.transformConnectorConfiguration(ConnectorInstanceIcfImpl.java:2997)
com.evolveum.midpoint.provisioning.ucf.impl.ConnectorInstanceIcfImpl.configure(ConnectorInstanceIcfImpl.java:290)
com.evolveum.midpoint.provisioning.impl.ConnectorManager.createConfiguredConnectorInstance(ConnectorManager.java:157)
com.evolveum.midpoint.provisioning.impl.ConnectorManager.getConfiguredConnectorInstance(ConnectorManager.java:129)
com.evolveum.midpoint.provisioning.impl.ResourceManager.getConnectorInstance(ResourceManager.java:813)
com.evolveum.midpoint.provisioning.impl.ResourceManager.completeResource(ResourceManager.java:272)
com.evolveum.midpoint.provisioning.impl.ResourceManager.loadAndCacheResource(ResourceManager.java:162)
com.evolveum.midpoint.provisioning.impl.ResourceManager.getResource(ResourceManager.java:155)
com.evolveum.midpoint.provisioning.impl.ProvisioningServiceImpl.getObject(ProvisioningServiceImpl.java:207)
com.evolveum.midpoint.model.impl.ModelObjectResolver.getObject(ModelObjectResolver.java:157)
com.evolveum.midpoint.model.impl.controller.ModelController.getObject(ModelController.java:263)
sun.reflect.GeneratedMethodAccessor527.invoke(Unknown Source)
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
java.lang.reflect.Method.invoke(Method.java:498)
org.apache.wicket.proxy.LazyInitProxyFactory$JdkHandler.invoke(LazyInitProxyFactory.java:507)
com.sun.proxy.$Proxy150.getObject(Unknown Source)
com.evolveum.midpoint.gui.api.util.WebModelServiceUtils.loadObject(WebModelServiceUtils.java:175)
com.evolveum.midpoint.web.page.admin.resources.PageResource.loadResource(PageResource.java:159)
com.evolveum.midpoint.web.page.admin.resources.PageResource.access$000(PageResource.java:86)
com.evolveum.midpoint.web.page.admin.resources.PageResource$1.load(PageResource.java:139)
com.evolveum.midpoint.web.page.admin.resources.PageResource$1.load(PageResource.java:135)
com.evolveum.midpoint.gui.api.model.LoadableModel.getObject(LoadableModel.java:58)
com.evolveum.midpoint.web.page.admin.resources.PageResource.initLayout(PageResource.java:169)
com.evolveum.midpoint.web.page.admin.resources.PageResource.initialize(PageResource.java:143)
com.evolveum.midpoint.web.page.admin.resources.PageResource.<init>(PageResource.java:124)
sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:62)
sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45)
java.lang.reflect.Constructor.newInstance(Constructor.java:423)
org.apache.wicket.session.DefaultPageFactory.newPage(DefaultPageFactory.java:171)
org.apache.wicket.session.DefaultPageFactory.newPage(DefaultPageFactory.java:99)
org.apache.wicket.DefaultMapperContext.newPageInstance(DefaultMapperContext.java:106)
org.apache.wicket.core.request.handler.PageProvider.resolvePageInstance(PageProvider.java:271)
org.apache.wicket.core.request.handler.PageProvider.getPageInstance(PageProvider.java:169)
org.apache.wicket.request.handler.render.PageRenderer.getPage(PageRenderer.java:78)
org.apache.wicket.request.handler.render.WebPageRenderer.isPageStateless(WebPageRenderer.java:287)
org.apache.wicket.request.handler.render.WebPageRenderer.shouldRenderPageAndWriteResponse(WebPageRenderer.java:329)
org.apache.wicket.request.handler.render.WebPageRenderer.respond(WebPageRenderer.java:193)
org.apache.wicket.core.request.handler.RenderPageRequestHandler.respond(RenderPageRequestHandler.java:175)
org.apache.wicket.request.cycle.RequestCycle$HandlerExecutor.respond(RequestCycle.java:865)
org.apache.wicket.request.RequestHandlerStack.execute(RequestHandlerStack.java:64)
org.apache.wicket.request.cycle.RequestCycle.execute(RequestCycle.java:265)
org.apache.wicket.request.cycle.RequestCycle.processRequest(RequestCycle.java:222)
org.apache.wicket.request.cycle.RequestCycle.processRequestAndDetach(RequestCycle.java:293)
org.apache.wicket.protocol.http.WicketFilter.processRequestCycle(WicketFilter.java:261)
org.apache.wicket.protocol.http.WicketFilter.processRequest(WicketFilter.java:203)
org.apache.wicket.protocol.http.WicketFilter.doFilter(WicketFilter.java:284)
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:239)
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:330)
org.springframework.security.web.access.intercept.FilterSecurityInterceptor.invoke(FilterSecurityInterceptor.java:118)
org.springframework.security.web.access.intercept.FilterSecurityInterceptor.doFilter(FilterSecurityInterceptor.java:84)
org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
org.springframework.security.web.access.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:113)
org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
org.springframework.security.web.session.SessionManagementFilter.doFilter(SessionManagementFilter.java:103)
org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
org.springframework.security.web.authentication.AnonymousAuthenticationFilter.doFilter(AnonymousAuthenticationFilter.java:113)
org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter.doFilter(SecurityContextHolderAwareRequestFilter.java:154)
org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
org.springframework.security.web.savedrequest.RequestCacheAwareFilter.doFilter(RequestCacheAwareFilter.java:45)
org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
org.springframework.security.web.authentication.www.BasicAuthenticationFilter.doFilter(BasicAuthenticationFilter.java:150)
org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:199)
org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
org.springframework.security.web.authentication.logout.LogoutFilter.doFilter(LogoutFilter.java:110)
org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter.doFilterInternal(WebAsyncManagerIntegrationFilter.java:50)
org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
org.springframework.security.web.session.ConcurrentSessionFilter.doFilter(ConcurrentSessionFilter.java:125)
org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:87)
org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:192)
org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:160)
org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:344)
org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:261)
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:239)
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
com.evolveum.midpoint.web.util.MidPointProfilingServletFilter.doFilter(MidPointProfilingServletFilter.java:86)
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:239)
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:212)
org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:106)
org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:502)
org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:141)
org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:79)
org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:616)
org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:88)
org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:521)
org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1096)
org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:674)
org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1500)
org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.run(NioEndpoint.java:1456)
java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
java.lang.Thread.run(Thread.java:745)
</details>
</operationResult>
Thank you in advance!
All the best,
Rafa
_______________________________________________
midPoint mailing list
midPoint at lists.evolveum.com<mailto:midPoint at lists.evolveum.com>
http://lists.evolveum.com/mailman/listinfo/midpoint
_______________________________________________
midPoint mailing list
midPoint at lists.evolveum.com<mailto:midPoint at lists.evolveum.com>
http://lists.evolveum.com/mailman/listinfo/midpoint
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20160420/3e57ea25/attachment.htm>
More information about the midPoint
mailing list