<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
</head>
<body text="#000000" bgcolor="#FFFFFF">
<p>Hi Eric,</p>
<p>just to explain as I have not much midPoint+docker experience
(nor using MySQL that often):</p>
<p>- when midPoint starts for the very first time and there is no
keystore.jceks, it will be created with a random key<br>
</p>
<p>- when midPoint starts, it will populate the repository with the
initial objects (such as administrator) if such objects don't
already exist (it will NOT overwrite). Any password (such as
administrator) will be encrypted using the keystore key that is
set as default</p>
<p>- by default there is only one key entry in the keystore.jceks
and the key is referenced in the config.xml ("default)"</p>
<p>So the issue should be caused by the password in the database
encrypted by a different key. Or using different midpoint.home
directory. I've had similar error only when I installed midPoint
correctly and then removed the keystore...<br>
</p>
<p>Sorry but I don't have time to replicate the process via docker.</p>
<p>Best regards,</p>
<p>Ivan<br>
</p>
<div class="moz-cite-prefix">On 16. 10. 2018 22:28, Solberg, Eric
wrote:<br>
</div>
<blockquote type="cite"
cite="mid:0B97D97E-8EC7-45FB-ADF4-8A2EF2F4DBEE@solberg.com">
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<meta name="Generator" content="Microsoft Word 15 (filtered
medium)">
<!--[if !mso]><style>v\:* {behavior:url(#default#VML);}
o\:* {behavior:url(#default#VML);}
w\:* {behavior:url(#default#VML);}
.shape {behavior:url(#default#VML);}
</style><![endif]-->
<style><!--
/* Font Definitions */
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri",sans-serif;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
p.msonormal0, li.msonormal0, div.msonormal0
{mso-style-name:msonormal;
mso-margin-top-alt:auto;
margin-right:0in;
mso-margin-bottom-alt:auto;
margin-left:0in;
font-size:11.0pt;
font-family:"Calibri",sans-serif;}
p.emailquote, li.emailquote, div.emailquote
{mso-style-name:emailquote;
mso-margin-top-alt:auto;
margin-right:0in;
mso-margin-bottom-alt:auto;
margin-left:1.0pt;
border:none;
padding:0in;
font-size:11.0pt;
font-family:"Calibri",sans-serif;}
span.EmailStyle19
{mso-style-type:personal-reply;
font-family:"Calibri",sans-serif;}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
<div class="WordSection1">
<p class="MsoNormal">Thanks Colin. It looks like the keystore
that was created when the midpoint started has only one entry:<o:p></o:p></p>
<p class="MsoNormal">Your keystore contains 1 entry<o:p></o:p></p>
<p class="MsoNormal">default, Oct 16, 2018, SecretKeyEntry,<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">So if I’m understanding correctly, I’m
missing the administrator here. Perhaps the administrator
account/password is only created automatically in demo mode? I
imagine it’s a simple process to add it. The instructions in
the config.xml show how to create a new keystore, but I’m not
sure what it should be populated with, or how. <o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">I suspect I can copy the keystore from the
demo system to get the admin password in here. I’ll try that
next but if I’m going about it wrong let me know. Thanks
again.<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">Eric<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<div style="border:none;border-top:solid #B5C4DF
1.0pt;padding:3.0pt 0in 0in 0in">
<p class="MsoNormal"><b><span
style="font-size:12.0pt;color:black">From: </span></b><span
style="font-size:12.0pt;color:black">midPoint
<a class="moz-txt-link-rfc2396E" href="mailto:midpoint-bounces@lists.evolveum.com"><midpoint-bounces@lists.evolveum.com></a> on behalf of
Colin Thompson <a class="moz-txt-link-rfc2396E" href="mailto:cthompson31@ucmerced.edu"><cthompson31@ucmerced.edu></a><br>
<b>Reply-To: </b>midPoint General Discussion
<a class="moz-txt-link-rfc2396E" href="mailto:midpoint@lists.evolveum.com"><midpoint@lists.evolveum.com></a><br>
<b>Date: </b>Tuesday, October 16, 2018 at 12:54 PM<br>
<b>To: </b>midPoint General Discussion
<a class="moz-txt-link-rfc2396E" href="mailto:midpoint@lists.evolveum.com"><midpoint@lists.evolveum.com></a><br>
<b>Subject: </b>Re: [midPoint] config.xml during
installation<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
<div>
<div>
<p class="MsoNormal" style="margin-bottom:12.0pt"><span
style="font-family:"Arial",sans-serif;color:black">Sounds
like a missing/incorrect keystore.jceks issue. I believe
the administrator password, among other things, is
stored encrypted in the database, and the key by which
it is encrypted is stored in the keystore.jceks file in
/opt/midpoint/var/. Ive found that when the
administrator password doesn't match (assuming you're
typing it correctly), it's usually because you're not
using the key/keystore it was created with.<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal" style="margin-bottom:12.0pt"><span
style="font-family:"Arial",sans-serif;color:black">There
are instructions in the default config.xml file for how
to create the keystore if you want to customize things.<o:p></o:p></span></p>
</div>
<div>
<div>
<p class="MsoNormal"><span
style="font-family:"Arial",sans-serif;color:black">Get
<a href="https://aka.ms/ghei36" moz-do-not-send="true">Outlook
for Android</a><o:p></o:p></span></p>
</div>
<p class="MsoNormal"><span
style="font-family:"Arial",sans-serif;color:black"><o:p> </o:p></span></p>
</div>
<div class="MsoNormal" style="text-align:center"
align="center">
<hr width="98%" size="2" align="center"></div>
<div id="x_divRplyFwdMsg">
<p class="MsoNormal"><b><span style="color:black">From:</span></b><span
style="color:black"> midPoint
<a class="moz-txt-link-rfc2396E" href="mailto:midpoint-bounces@lists.evolveum.com"><midpoint-bounces@lists.evolveum.com></a> on behalf of
Solberg, Eric <a class="moz-txt-link-rfc2396E" href="mailto:eric@solberg.com"><eric@solberg.com></a><br>
<b>Sent:</b> Tuesday, October 16, 2018 1:11:16 PM<br>
<b>To:</b> midPoint General Discussion<br>
<b>Subject:</b> [midPoint] config.xml during
installation</span> <o:p></o:p></p>
<div>
<p class="MsoNormal"> <o:p></o:p></p>
</div>
</div>
</div>
<div>
<p class="MsoNormal">I'm installing MySQL drivers for my
Midpoint setup, and have updated config.xml. I've got
connectivity to the database, but am encountering a problem
logging in as administrator. I'm just starting to evaluate
this, but I'm not 100% confident I followed the right
process for setting up config.xml.<br>
<br>
Here's what I did:<br>
- Installed the midpoint demo with embedded database. Made a
copy of the generated config.xml.<br>
- Deleted this demo instance<br>
- Setup a MySQL instance, created midpoint user &
database, imported mysql-3.8-all.sql<br>
- Modified the config.xml to include <repository>
settings for mysql<br>
- Modified the Dockerfile to copy config.xml to
${MP_DIR}/var/<br>
- Also modified the Dockerfile to install the SQL driver<br>
- Built the Docker image and deployed to my VM<br>
<br>
This is working and I have connectivity to the database.
This setup is pretty slow, but I'm not tuning yet... The
problem I'm having is I can't log in as administrator
(5ecr3t password).<br>
<br>
Here's what I got in midpoint.log:<br>
018-10-16 16:44:02,824 [] [http-nio-8080-exec-4] ERROR
(com.evolveum.midpoint.model.impl.sec<br>
urity.AuthenticationEvaluatorImpl): Error dealing with
credentials of user "administrator" cr<br>
edentials: No key mapped to key digest
FbJhcZYWk/Q3KnAucPQgRSxD/QM= could be found in the key<br>
store. Keys digests must be recomputed during initialization<br>
<br>
I'm guessing it's one of 3 things:<br>
- Was I supposed to copy config.xml from the demo? Or should
I create a new config.xml with only the repository settings
and let midpoint recreate everything else?<br>
- Or should I also copy the other files from the demo
/opt/midpoint/var directory?<br>
- Or is there some other step to recompute key digests?<br>
<br>
Any suggestions?<br>
<br>
Thanks,<br>
Eric<br>
<br>
<br>
_______________________________________________<br>
midPoint mailing list<br>
<a class="moz-txt-link-abbreviated" href="mailto:midPoint@lists.evolveum.com">midPoint@lists.evolveum.com</a><br>
<a
href="http://lists.evolveum.com/mailman/listinfo/midpoint"
moz-do-not-send="true">http://lists.evolveum.com/mailman/listinfo/midpoint</a><o:p></o:p></p>
</div>
<p class="MsoNormal">_______________________________________________
midPoint mailing list <a class="moz-txt-link-abbreviated" href="mailto:midPoint@lists.evolveum.com">midPoint@lists.evolveum.com</a>
<a class="moz-txt-link-freetext" href="http://lists.evolveum.com/mailman/listinfo/midpoint">http://lists.evolveum.com/mailman/listinfo/midpoint</a> <o:p></o:p></p>
</div>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<pre class="moz-quote-pre" wrap="">_______________________________________________
midPoint mailing list
<a class="moz-txt-link-abbreviated" href="mailto:midPoint@lists.evolveum.com">midPoint@lists.evolveum.com</a>
<a class="moz-txt-link-freetext" href="http://lists.evolveum.com/mailman/listinfo/midpoint">http://lists.evolveum.com/mailman/listinfo/midpoint</a>
</pre>
</blockquote>
<pre class="moz-signature" cols="72">--
Ivan Noris
Senior Identity Engineer
evolveum.com
</pre>
</body>
</html>