Active directory WSO2:连接到ldap失败
我正在遵循WSO2 Identity manager(独立版本)上针对Active Directory的WSO2指南。我正在尝试将我的WSO2服务器与公司LDAP连接。我将管理员用户名/密码设置为现有用户,设置连接属性(从apache directory studio我可以访问active directory),设置获取用户的查询,但出现以下错误:Active directory WSO2:连接到ldap失败,active-directory,wso2,wso2-am,Active Directory,Wso2,Wso2 Am,我正在遵循WSO2 Identity manager(独立版本)上针对Active Directory的WSO2指南。我正在尝试将我的WSO2服务器与公司LDAP连接。我将管理员用户名/密码设置为现有用户,设置连接属性(从apache directory studio我可以访问active directory),设置获取用户的查询,但出现以下错误: 13.6.2017 13:24:12[2017-06-13 11:24:12,318] ERROR - DataEndpointConnection
13.6.2017 13:24:12[2017-06-13 11:24:12,318] ERROR - DataEndpointConnectionWorker Error while trying to connect to the endpoint. Cannot borrow client for ssl://10.42.210.146:9711
13.6.2017 13:24:12org.wso2.carbon.databridge.agent.exception.DataEndpointAuthenticationException: Cannot borrow client for ssl://10.42.210.146:9711
13.6.2017 13:24:12 at org.wso2.carbon.databridge.agent.endpoint.DataEndpointConnectionWorker.connect(DataEndpointConnectionWorker.java:99)
13.6.2017 13:24:12 at org.wso2.carbon.databridge.agent.endpoint.DataEndpointConnectionWorker.run(DataEndpointConnectionWorker.java:42)
13.6.2017 13:24:12 at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511)
13.6.2017 13:24:12 at java.util.concurrent.FutureTask.run(FutureTask.java:266)
13.6.2017 13:24:12 at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
13.6.2017 13:24:12 at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
13.6.2017 13:24:12 at java.lang.Thread.run(Thread.java:745)
13.6.2017 13:24:12Caused by: org.wso2.carbon.databridge.agent.exception.DataEndpointAuthenticationException: Error while trying to login to data receiver :/10.42.210.146:9711
13.6.2017 13:24:12 at org.wso2.carbon.databridge.agent.endpoint.binary.BinaryDataEndpoint.login(BinaryDataEndpoint.java:47)
13.6.2017 13:24:12 at org.wso2.carbon.databridge.agent.endpoint.DataEndpointConnectionWorker.connect(DataEndpointConnectionWorker.java:93)
13.6.2017 13:24:12 ... 6 more
13.6.2017 13:24:12Caused by: org.wso2.carbon.databridge.commons.exception.AuthenticationException: wrong userName or password
13.6.2017 13:24:12 at sun.reflect.GeneratedConstructorAccessor207.newInstance(Unknown Source)
13.6.2017 13:24:12 at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45)
13.6.2017 13:24:12 at java.lang.reflect.Constructor.newInstance(Constructor.java:423)
13.6.2017 13:24:12 at org.wso2.carbon.databridge.agent.endpoint.binary.BinaryEventSender.processResponse(BinaryEventSender.java:162)
13.6.2017 13:24:12 at org.wso2.carbon.databridge.agent.endpoint.binary.BinaryDataEndpoint.login(BinaryDataEndpoint.java:42)
13.6.2017 13:24:12 ... 7 more
<UserManager>
<Realm>
<Configuration>
<AddAdmin>false</AddAdmin>
<AdminRole>admin</AdminRole>
<AdminUser>
<UserName>it\wso2system</UserName>
<Password>mypassword</Password>
</AdminUser>
<EveryOneRoleName>everyone</EveryOneRoleName>
<!-- By default users in this role sees the registry root -->
<Property name="isCascadeDeleteEnabled">true</Property>
<Property name="initializeNewClaimManager">true</Property>
<Property name="dataSource">jdbc/WSO2CarbonDB</Property>
</Configuration>
假的
管理
it\WSO2系统
我的密码
每个人
真的
真的
jdbc/WSO2CarbonDB
<UserStoreManager class="org.wso2.carbon.user.core.ldap.ActiveDirectoryUserStoreManager">
<Property name="TenantManager">org.wso2.carbon.user.core.tenant.CommonHybridLDAPTenantManager</Property>
<Property name="ConnectionURL">ldap://activedirectory.local:389</Property>
<Property name="ConnectionName">it\wso2system</Property>
<Property name="ConnectionPassword">mypassword</Property>
<Property name="AnonymousBind">false</Property>
<Property name="UserSearchBase">...my working search query from directory studio ...</Property>
<Property name="UserEntryObjectClass">user</Property>
<Property name="UserNameAttribute">cn</Property>
<Property name="UserNameSearchFilter">(&(objectCategory=Person)(sAMAccountName=*))</Property>
<Property name="UserNameListFilter">(objectClass=user)</Property>
<Property name="DisplayNameAttribute"/>
<Property name="ReadGroups">false</Property>
<Property name="WriteGroups">false</Property>
<Property name="GroupSearchBase">ou=system</Property>
<Property name="GroupEntryObjectClass">group</Property>
<Property name="GroupNameAttribute">cn</Property>
<Property name="GroupNameSearchFilter">(&(objectClass=group)(cn=?))</Property>
<Property name="GroupNameListFilter">(objectcategory=group)</Property>
<Property name="MembershipAttribute">member</Property>
<Property name="MemberOfAttribute">memberOf</Property>
<Property name="BackLinksEnabled">true</Property>
<Property name="Referral">follow</Property>
<Property name="UsernameJavaRegEx">[a-zA-Z0-9._-|//]{3,30}$</Property>
<Property name="UsernameJavaScriptRegEx">^[\S]{3,30}$</Property>
<Property name="UsernameJavaRegExViolationErrorMsg">Username pattern policy violated</Property>
<Property name="PasswordJavaRegEx">^[\S]{5,30}$</Property>
<Property name="PasswordJavaRegExViolationErrorMsg">Password length should be within 5 to 30 characters</Property>
<Property name="RolenameJavaRegEx">[a-zA-Z0-9._-|//]{3,30}$</Property>
<Property name="RolenameJavaScriptRegEx">^[\S]{3,30}$</Property>
<Property name="SCIMEnabled">false</Property>
<Property name="IsBulkImportSupported">true</Property>
<Property name="EmptyRolesAllowed">true</Property>
<Property name="PasswordHashMethod">PLAIN_TEXT</Property>
<Property name="MultiAttributeSeparator">,</Property>
<Property name="isADLDSRole">false</Property>
<Property name="userAccountControl">512</Property>
<Property name="MaxUserNameListLength">100</Property>
<Property name="MaxRoleNameListLength">100</Property>
<Property name="kdcEnabled">false</Property>
<Property name="defaultRealmName">WSO2.ORG</Property>
<Property name="UserRolesCacheEnabled">true</Property>
<Property name="ConnectionPoolingEnabled">false</Property>
<Property name="LDAPConnectionTimeout">5000</Property>
<Property name="ReadTimeout"/>
<Property name="RetryAttempts"/>
</UserStoreManager>
org.wso2.carbon.user.core.tenant.CommonHybridlDaptentManager
ldap://activedirectory.local:389
it\WSO2系统
我的密码
假的
…我的工作搜索查询来自directory studio。。。
用户
cn
(&;(objectCategory=Person)(sAMAccountName=*))
(objectClass=user)
假的
假的
ou=系统
组
cn
(&;(objectClass=group)(cn=?)
(objectcategory=组)
成员
成员
真的
跟随
[a-zA-Z0-9.|-|/][3,30}$
^[\S]{3,30}$
违反用户名模式策略
^[\S]{5,30}$
密码长度应在5到30个字符之间
[a-zA-Z0-9.|-|/][3,30}$
^[\S]{3,30}$
假的
真的
真的
纯文本
,
假的
512
100
100
假的
WSO2.ORG
真的
假的
5000
感谢您的帮助:)我的第一条建议是通过carbon添加LDAP,添加一个辅助用户存储。下面是一些关于IDs 5.3.0的信息。如果你想走这条路,你应该先把原来的管理员日志放回原处。(这样,您至少可以登录到carbon)并恢复JDBC存储
<AddAdmin>true</AddAdmin>
<AdminRole>admin</AdminRole>
<AdminUser>
<UserName>admin</UserName>
<Password>admin</Password>
</AdminUser>
也可以在密钥库下使用碳导入
对不起,我帮不上忙了 我的第一条建议是通过carbon添加LDAP,添加一个辅助用户存储。下面是一些关于IDs 5.3.0的信息。如果你想走这条路,你应该先把原来的管理员日志放回原处。(这样,您至少可以登录到carbon)并恢复JDBC存储
<AddAdmin>true</AddAdmin>
<AdminRole>admin</AdminRole>
<AdminUser>
<UserName>admin</UserName>
<Password>admin</Password>
</AdminUser>
也可以在密钥库下使用碳导入
对不起,我帮不上忙了 这个问题的解决方案有些棘手,但我们来看看:
经过几次尝试,我决定使用LDAP只读连接器将AD连接设置为辅助用户存储。我陷入了一个空点异常
我得到了wso2am的源代码并开始调试。服务器尝试打开证书链以获取加密密码的公钥。这条链条没有正确地重新系上
TID: [-1234] [] [2017-06-20 12:18:21,318] ERROR {org.apache.axis2.rpc.receivers.RPCMessageReceiver} - Exception occurred while trying
to invoke service method addUserStore {org.apache.axis2.rpc.receivers.RPCMessageReceiver}
java.lang.reflect.InvocationTargetException
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:498)
at org.apache.axis2.rpc.receivers.RPCUtil.invokeServiceClass(RPCUtil.java:212)
at org.apache.axis2.rpc.receivers.RPCMessageReceiver.invokeBusinessLogic(RPCMessageReceiver.java:117)
at org.apache.axis2.receivers.AbstractInOutMessageReceiver.invokeBusinessLogic(AbstractInOutMessageReceiver.java:40)
at org.apache.axis2.engine.AxisEngine.receive(AxisEngine.java:180)
at org.apache.axis2.transport.local.LocalTransportReceiver.processMessage(LocalTransportReceiver.java:169)
at org.apache.axis2.transport.local.LocalTransportReceiver.processMessage(LocalTransportReceiver.java:82)
at org.wso2.carbon.core.transports.local.CarbonLocalTransportSender.finalizeSendWithToAddress(CarbonLocalTransportSender.java:4
5)
at org.apache.axis2.transport.local.LocalTransportSender.invoke(LocalTransportSender.java:77)
at org.apache.axis2.engine.AxisEngine.send(AxisEngine.java:442)
at org.apache.axis2.description.OutInAxisOperationClient.send(OutInAxisOperation.java:430)
at org.apache.axis2.description.OutInAxisOperationClient.executeImpl(OutInAxisOperation.java:225)
at org.apache.axis2.client.OperationClient.execute(OperationClient.java:149)
at org.wso2.carbon.identity.user.store.configuration.stub.UserStoreConfigAdminServiceStub.addUserStore(UserStoreConfigAdminServ
iceStub.java:889)
at org.wso2.carbon.identity.user.store.configuration.ui.client.UserStoreConfigAdminServiceClient.addUserStore(UserStoreConfigAd
minServiceClient.java:95)
at org.apache.jsp.userstore_005fconfig.userstore_002dconfig_002dfinish_002dajaxprocessor_jsp._jspService(userstore_002dconfig_0
02dfinish_002dajaxprocessor_jsp.java:198)
at org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:70)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:731)
at org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:439)
at org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:395)
at org.apache.jasper.servlet.JspServlet.service(JspServlet.java:339)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:731)
at org.wso2.carbon.ui.JspServlet.service(JspServlet.java:155)
at org.wso2.carbon.ui.TilesJspServlet.service(TilesJspServlet.java:80)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:731)
at org.eclipse.equinox.http.helper.ContextPathServletAdaptor.service(ContextPathServletAdaptor.java:37)
at org.eclipse.equinox.http.servlet.internal.ServletRegistration.service(ServletRegistration.java:61)
at org.eclipse.equinox.http.servlet.internal.ProxyServlet.processAlias(ProxyServlet.java:128)
at org.eclipse.equinox.http.servlet.internal.ProxyServlet.service(ProxyServlet.java:68)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:731)
at org.wso2.carbon.tomcat.ext.servlet.DelegationServlet.service(DelegationServlet.java:68)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:303)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
at org.owasp.csrfguard.CsrfGuardFilter.doFilter(CsrfGuardFilter.java:88)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
at org.wso2.carbon.tomcat.ext.filter.CharacterSetFilter.doFilter(CharacterSetFilter.java:61)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
at org.apache.catalina.filters.HttpHeaderSecurityFilter.doFilter(HttpHeaderSecurityFilter.java:120)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:218)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:122)
at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:505)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:169)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:103)
at org.wso2.carbon.tomcat.ext.valves.CompositeValve.continueInvocation(CompositeValve.java:99)
at org.wso2.carbon.tomcat.ext.valves.CarbonTomcatValve$1.invoke(CarbonTomcatValve.java:47)
at org.wso2.carbon.webapp.mgt.TenantLazyLoaderValve.invoke(TenantLazyLoaderValve.java:57)
at org.wso2.carbon.event.receiver.core.internal.tenantmgt.TenantLazyLoaderValve.invoke(TenantLazyLoaderValve.java:48)
at org.wso2.carbon.tomcat.ext.valves.TomcatValveContainer.invokeValves(TomcatValveContainer.java:47)
at org.wso2.carbon.tomcat.ext.valves.CompositeValve.invoke(CompositeValve.java:62)
at org.wso2.carbon.tomcat.ext.valves.CarbonStuckThreadDetectionValve.invoke(CarbonStuckThreadDetectionValve.java:159)
at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:958)
at org.wso2.carbon.tomcat.ext.valves.CarbonContextCreatorValve.invoke(CarbonContextCreatorValve.java:57)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:116)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:452)
at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1087)
at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:637)
at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1756)
at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.run(NioEndpoint.java:1715)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
at java.lang.Thread.run(Thread.java:745)
Caused by: java.lang.NullPointerException
at org.wso2.carbon.identity.user.store.configuration.utils.SecondaryUserStoreConfigurationUtil.initializeKeyStore(SecondaryUserStoreConfigurationUtil.java:82)
at org.wso2.carbon.identity.user.store.configuration.utils.SecondaryUserStoreConfigurationUtil.encryptPlainText(SecondaryUserStoreConfigurationUtil.java:125)
at org.wso2.carbon.identity.user.store.configuration.UserStoreConfigAdminService.addProperties(UserStoreConfigAdminService.java:569)
at org.wso2.carbon.identity.user.store.configuration.UserStoreConfigAdminService.writeUserMgtXMLFile(UserStoreConfigAdminService.java:812)
at org.wso2.carbon.identity.user.store.configuration.UserStoreConfigAdminService.addUserStore(UserStoreConfigAdminService.java:270)
... 76 more
为了解决这个问题,我提取了代码并将其放入一个独立的程序中
我发现,这条链没有充分地装入密钥库。为了创建一个工作密钥库,我遵循了Non的答案
我得到
- 我的服务器证书(PEM)
- go-daddy捆绑包证书,包括根目录(PEM)
- go-daddy安全服务器证书(PEM)
- certiface密钥(CSR中的密钥文件)
了解这三个证书
按照上面提到的帖子回答我做了
> cat server.crt bundle-g2-g1.crt gdig2.crt >combined.crt
> openssl pkcs12 -export -chain -in server.crt -inkey server.key -out keystore.p12 -name wso2carbon -CAfile combined.crt
> keytool -importkeystore -destkeystore wso2carbon.jks -srckeystore keystore.p12 -alias wso2carbon
创建的密钥库成功通过了我的测试程序。已安装的wso2实例成功保存了我的AD连接,并且没有产生任何SSL问题
PS:我还从PKCS12格式的操作中获得了密钥库。无法将其转换为jks密钥库,血腥的密钥工具会掉落链 这个问题的解决方案有些棘手,但我们来看看:
经过几次尝试,我决定使用LDAP只读连接器将AD连接设置为辅助用户存储。我陷入了一个空点异常
我得到了wso2am的源代码并开始调试。服务器尝试打开证书链以获取加密密码的公钥。这条链条没有正确地重新系上
TID: [-1234] [] [2017-06-20 12:18:21,318] ERROR {org.apache.axis2.rpc.receivers.RPCMessageReceiver} - Exception occurred while trying
to invoke service method addUserStore {org.apache.axis2.rpc.receivers.RPCMessageReceiver}
java.lang.reflect.InvocationTargetException
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:498)
at org.apache.axis2.rpc.receivers.RPCUtil.invokeServiceClass(RPCUtil.java:212)
at org.apache.axis2.rpc.receivers.RPCMessageReceiver.invokeBusinessLogic(RPCMessageReceiver.java:117)
at org.apache.axis2.receivers.AbstractInOutMessageReceiver.invokeBusinessLogic(AbstractInOutMessageReceiver.java:40)
at org.apache.axis2.engine.AxisEngine.receive(AxisEngine.java:180)
at org.apache.axis2.transport.local.LocalTransportReceiver.processMessage(LocalTransportReceiver.java:169)
at org.apache.axis2.transport.local.LocalTransportReceiver.processMessage(LocalTransportReceiver.java:82)
at org.wso2.carbon.core.transports.local.CarbonLocalTransportSender.finalizeSendWithToAddress(CarbonLocalTransportSender.java:4
5)
at org.apache.axis2.transport.local.LocalTransportSender.invoke(LocalTransportSender.java:77)
at org.apache.axis2.engine.AxisEngine.send(AxisEngine.java:442)
at org.apache.axis2.description.OutInAxisOperationClient.send(OutInAxisOperation.java:430)
at org.apache.axis2.description.OutInAxisOperationClient.executeImpl(OutInAxisOperation.java:225)
at org.apache.axis2.client.OperationClient.execute(OperationClient.java:149)
at org.wso2.carbon.identity.user.store.configuration.stub.UserStoreConfigAdminServiceStub.addUserStore(UserStoreConfigAdminServ
iceStub.java:889)
at org.wso2.carbon.identity.user.store.configuration.ui.client.UserStoreConfigAdminServiceClient.addUserStore(UserStoreConfigAd
minServiceClient.java:95)
at org.apache.jsp.userstore_005fconfig.userstore_002dconfig_002dfinish_002dajaxprocessor_jsp._jspService(userstore_002dconfig_0
02dfinish_002dajaxprocessor_jsp.java:198)
at org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:70)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:731)
at org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:439)
at org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:395)
at org.apache.jasper.servlet.JspServlet.service(JspServlet.java:339)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:731)
at org.wso2.carbon.ui.JspServlet.service(JspServlet.java:155)
at org.wso2.carbon.ui.TilesJspServlet.service(TilesJspServlet.java:80)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:731)
at org.eclipse.equinox.http.helper.ContextPathServletAdaptor.service(ContextPathServletAdaptor.java:37)
at org.eclipse.equinox.http.servlet.internal.ServletRegistration.service(ServletRegistration.java:61)
at org.eclipse.equinox.http.servlet.internal.ProxyServlet.processAlias(ProxyServlet.java:128)
at org.eclipse.equinox.http.servlet.internal.ProxyServlet.service(ProxyServlet.java:68)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:731)
at org.wso2.carbon.tomcat.ext.servlet.DelegationServlet.service(DelegationServlet.java:68)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:303)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
at org.owasp.csrfguard.CsrfGuardFilter.doFilter(CsrfGuardFilter.java:88)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
at org.wso2.carbon.tomcat.ext.filter.CharacterSetFilter.doFilter(CharacterSetFilter.java:61)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
at org.apache.catalina.filters.HttpHeaderSecurityFilter.doFilter(HttpHeaderSecurityFilter.java:120)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:218)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:122)
at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:505)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:169)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:103)
at org.wso2.carbon.tomcat.ext.valves.CompositeValve.continueInvocation(CompositeValve.java:99)
at org.wso2.carbon.tomcat.ext.valves.CarbonTomcatValve$1.invoke(CarbonTomcatValve.java:47)
at org.wso2.carbon.webapp.mgt.TenantLazyLoaderValve.invoke(TenantLazyLoaderValve.java:57)
at org.wso2.carbon.event.receiver.core.internal.tenantmgt.TenantLazyLoaderValve.invoke(TenantLazyLoaderValve.java:48)
at org.wso2.carbon.tomcat.ext.valves.TomcatValveContainer.invokeValves(TomcatValveContainer.java:47)
at org.wso2.carbon.tomcat.ext.valves.CompositeValve.invoke(CompositeValve.java:62)
at org.wso2.carbon.tomcat.ext.valves.CarbonStuckThreadDetectionValve.invoke(CarbonStuckThreadDetectionValve.java:159)
at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:958)
at org.wso2.carbon.tomcat.ext.valves.CarbonContextCreatorValve.invoke(CarbonContextCreatorValve.java:57)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:116)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:452)
at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1087)
at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:637)
at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1756)
at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.run(NioEndpoint.java:1715)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
at java.lang.Thread.run(Thread.java:745)
Caused by: java.lang.NullPointerException
at org.wso2.carbon.identity.user.store.configuration.utils.SecondaryUserStoreConfigurationUtil.initializeKeyStore(SecondaryUserStoreConfigurationUtil.java:82)
at org.wso2.carbon.identity.user.store.configuration.utils.SecondaryUserStoreConfigurationUtil.encryptPlainText(SecondaryUserStoreConfigurationUtil.java:125)
at org.wso2.carbon.identity.user.store.configuration.UserStoreConfigAdminService.addProperties(UserStoreConfigAdminService.java:569)
at org.wso2.carbon.identity.user.store.configuration.UserStoreConfigAdminService.writeUserMgtXMLFile(UserStoreConfigAdminService.java:812)
at org.wso2.carbon.identity.user.store.configuration.UserStoreConfigAdminService.addUserStore(UserStoreConfigAdminService.java:270)
... 76 more
为了解决这个问题,我提取了代码并将其放入一个独立的程序中
我发现,这条链没有充分地装入密钥库。为了创建一个工作密钥库,我遵循了Non的答案
我得到
- 我的服务器证书(PEM)
- go-daddy捆绑包证书,包括根目录(PEM)
- go-daddy安全服务器证书(PEM)
- certiface密钥(CSR中的密钥文件)
了解这三个证书
按照上面提到的帖子回答我做了
> cat server.crt bundle-g2-g1.crt gdig2.crt >combined.crt
> openssl pkcs12 -export -chain -in server.crt -inkey server.key -out keystore.p12 -name wso2carbon -CAfile combined.crt
> keytool -importkeystore -destkeystore wso2carbon.jks -srckeystore keystore.p12 -alias wso2carbon
创建的密钥库成功通过了我的测试程序。已安装的wso2实例成功保存了我的AD连接,并且没有产生任何SSL问题
PS:我还从PKCS12格式的操作中获得了密钥库。无法将其转换为jks密钥库,血腥的密钥工具会掉落链