Fatal编程技术网
  • wso2/
  • 错误{org.wso2.carbon.idp.mgt.util.IdPManagementUtil}-访问租户的IdentityProviderManager时出错

错误{org.wso2.carbon.idp.mgt.util.IdPManagementUtil}-访问租户的IdentityProviderManager时出错

wso2

错误{org.wso2.carbon.idp.mgt.util.IdPManagementUtil}-访问租户的IdentityProviderManager时出错,wso2,wso2is,wso2carbon,Wso2,Wso2is,Wso2carbon,在登录时在WSO2IS 5.1.0中获取此异常 [2017-01-28 20:12:22,384] ERROR {org.wso2.carbon.idp.mgt.util.IdPManagementUtil} - Error when accessing the IdentityProviderManager for tenant : xyz.com org.wso2.carbon.idp.mgt.IdentityProviderManagementException: Error retri

在登录时在WSO2IS 5.1.0中获取此异常

[2017-01-28 20:12:22,384] ERROR {org.wso2.carbon.idp.mgt.util.IdPManagementUtil} -  Error when accessing the IdentityProviderManager for tenant : xyz.com org.wso2.carbon.idp.mgt.IdentityProviderManagementException: Error retrieving primary certificate for tenant : xyz.com
        at org.wso2.carbon.idp.mgt.IdentityProviderManager.getResidentIdP(IdentityProviderManager.java:214)
        at org.wso2.carbon.idp.mgt.util.IdPManagementUtil.getRememberMeTimeout(IdPManagementUtil.java:98)
        at org.wso2.carbon.identity.application.authentication.framework.handler.request.impl.DefaultAuthenticationRequestHandler.setAuthCookie(DefaultAuthenticationRequestHandler.java:347)
        at org.wso2.carbon.identity.application.authentication.framework.handler.request.impl.DefaultAuthenticationRequestHandler.concludeFlow(DefaultAuthenticationRequestHandler.java:284)
        at org.wso2.carbon.identity.application.authentication.framework.handler.request.impl.DefaultAuthenticationRequestHandler.handle(DefaultAuthenticationRequestHandler.java:120)
        at org.wso2.carbon.identity.application.authentication.framework.handler.request.impl.DefaultRequestCoordinator.handle(DefaultRequestCoordinator.java:135)
        at org.wso2.carbon.identity.application.authentication.framework.servlet.CommonAuthenticationServlet.doPost(CommonAuthenticationServlet.java:53)
        at javax.servlet.http.HttpServlet.service(HttpServlet.java:646)
        at javax.servlet.http.HttpServlet.service(HttpServlet.java:727)
        at org.eclipse.equinox.http.helper.ContextPathServletAdaptor.service(ContextPathServletAdaptor.java:37)
        at org.eclipse.equinox.http.servlet.internal.ServletRegistration.service(ServletRegistration.java:61)
        at org.eclipse.equinox.http.servlet.internal.ProxyServlet.processAlias(ProxyServlet.java:128)
        at org.eclipse.equinox.http.servlet.internal.ProxyServlet.service(ProxyServlet.java:60)
        at javax.servlet.http.HttpServlet.service(HttpServlet.java:727)
        at org.wso2.carbon.tomcat.ext.servlet.DelegationServlet.service(DelegationServlet.java:68)
        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:303)
        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
        at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)
        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
        at org.wso2.carbon.ui.filters.CSRFPreventionFilter.doFilter(CSRFPreventionFilter.java:88)
        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
        at org.wso2.carbon.ui.filters.CRLFPreventionFilter.doFilter(CRLFPreventionFilter.java:59)
        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
        at org.wso2.carbon.tomcat.ext.filter.CharacterSetFilter.doFilter(CharacterSetFilter.java:61)
        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
        at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:220)
        at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:122)
        at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:504)
        at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:170)
        at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:103)
        at org.wso2.carbon.tomcat.ext.valves.CompositeValve.continueInvocation(CompositeValve.java:99)
        at org.wso2.carbon.tomcat.ext.valves.CarbonTomcatValve$1.invoke(CarbonTomcatValve.java:47)
        at org.wso2.carbon.webapp.mgt.TenantLazyLoaderValve.invoke(TenantLazyLoaderValve.java:57)
        at org.wso2.carbon.tomcat.ext.valves.TomcatValveContainer.invokeValves(TomcatValveContainer.java:47)
        at org.wso2.carbon.tomcat.ext.valves.CompositeValve.invoke(CompositeValve.java:62)
        at org.wso2.carbon.tomcat.ext.valves.CarbonStuckThreadDetectionValve.invoke(CarbonStuckThreadDetectionValve.java:159)
        at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:950)
        at org.wso2.carbon.tomcat.ext.valves.CarbonContextCreatorValve.invoke(CarbonContextCreatorValve.java:57)
        at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:116)
        at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:421)
        at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1074)
        at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:611)
        at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1739)
        at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.run(NioEndpoint.java:1698)
        at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
        at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
        at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
        at java.lang.Thread.run(Thread.java:745)
我检查了与错误相关的源代码[1]。根据这一点,当它试图初始化注册表时,问题就来了[2]

创建租户时,服务器将为该租户创建密钥库,并将其存储在以下注册表路径中

/_系统/治理/存储库/安全性/密钥存储/

如果租户名称为xyz.com,则在上面的注册表路径中,它将创建一个名为xyz-com.jks的java密钥库文件

注册表对象存储在后端数据库中。因此,是否存在找不到上述密钥库文件或无法访问注册表文件路径的可能性

[1]

[2]

我检查了与错误相关的源代码[1]。根据这一点,当它试图初始化注册表时,问题就来了[2]

创建租户时,服务器将为该租户创建密钥库,并将其存储在以下注册表路径中

/_系统/治理/存储库/安全性/密钥存储/

如果租户名称为xyz.com,则在上面的注册表路径中,它将创建一个名为xyz-com.jks的java密钥库文件

注册表对象存储在后端数据库中。因此,是否存在找不到上述密钥库文件或无法访问注册表文件路径的可能性

[1]

[2]

这段代码的编写方式有点麻烦。创建租户时,将创建默认密钥存储并存储在注册表中。您显然不希望这样,因此最终将通过更新te注册表并上载新密钥库来替换密钥库。技巧是创建密钥库的方法,下面是您需要做的

  • 租户域:“xyz.com”
  • 密钥库的名称:“xyz com.jks”
  • 私钥条目别名的名称:“xyz.com”
现在一切都正常了。

这段代码的编写方式有点麻烦。创建租户时,将创建默认密钥存储并存储在注册表中。您显然不希望这样,因此最终将通过更新te注册表并上载新密钥库来替换密钥库。技巧是创建密钥库的方法,下面是您需要做的

  • 租户域:“xyz.com”
  • 密钥库的名称:“xyz com.jks”
  • 私钥条目别名的名称:“xyz.com”
现在一切都正常了。

问题在于client-truststore.jks

第一步 将wso2appm-1.2.1-SNAPSHOT/repository/resources/security/wso2carbon.jks替换为从pfx文件生成的jks文件(提供程序发送的SSL文件)

更改carbon.xml中的jks文件名、密钥库密码和别名

将client-truststore.jks替换为您在文件夹wso2appm-1.2.1-SNAPSHOT/repository/resources/security/client-truststore.jks中创建的一个

要创建client-truststore.jks文件,请执行以下步骤

keytool-export-alias-certalas-keystore-yourjks.jks-file.pem

这将生成.pem文件

如果您不知道certalias名称,请按照以下步骤查找,并使用正确的别名运行abve命令

在Linux上

keytool-list-v-keystore your_jks.jks | grep“别名\|创建日期”

在窗户上

keytool-list-v-keystore您的_jks.jks | findstr“别名创建”

步骤2 keytool-import-alias-certalas-file.pem-keystore-client-truststore.jks-storepass wso2carbon

这将生成client-truststore.jks,并将旧的(wso2appm-1.2.1-SNAPSHOT/repository/resources/security/client-truststore.jks)替换为

现在更改carbon.xml中的密钥库别名(wso2appm-1.2.1-SNAPSHOT/repository/conf/carbon.xml)

运行应用程序并检查

如果仍然出现错误,请更改“repository/deployment/server/jaggeryapps/publisher/controllers/acs.jag”下一行中的标识

var identityAlias=configs.ssoConfiguration.identityAlias

改为
var identityAlias=“您的身份别名”

问题在于client-truststore.jks

第一步 将wso2appm-1.2.1-SNAPSHOT/repository/resources/security/wso2carbon.jks替换为从pfx文件生成的jks文件(提供程序发送的SSL文件)

更改carbon.xml中的jks文件名、密钥库密码和别名

将client-truststore.jks替换为您在文件夹wso2appm-1.2.1-SNAPSHOT/repository/resources/security/client-truststore.jks中创建的一个

要创建client-truststore.jks文件,请执行以下步骤

keytool-export-alias-certalas-keystore-yourjks.jks-file.pem

这将生成.pem文件

如果您不知道certalias名称,请按照以下步骤查找,并使用正确的别名运行abve命令

在Linux上

keytool-list-v-keystore your_jks.jks | grep“别名\|创建日期”

在窗户上

keytool-list-v-keystore您的_jks.jks | findstr“别名创建”

步骤2 keytool-import-alias-certalas-file.pem-keystore-client-truststore.jks-storepass wso2carbon

这将生成client-truststore.jks,并将旧的(wso2appm-1.2.1-SNAPSHOT/repository/resources/security/client-truststore.jks)替换为

现在更改carbon.xml中的密钥库别名(wso2appm-1.2.1-SNAPSHOT/repository/conf/carbon.xml)

运行应用程序并检查

如果仍然出现错误,请更改“repository/deployment/server/jaggeryapps/publisher/controllers/acs.jag”下一行中的标识

var identityAlias=configs.ssoConfiguration.identityAlias

改为 var identityAlias=“您的身份别名”