Closed fxjordan closed 2 years ago
las2peer service logs:
2022 Sep 24 15:36:38 INFO i5.las2peer.connectors.webConnector.util.AuthenticationManager: OIDC sub found. Authenticating...
2022 Sep 24 15:36:38 INFO i5.las2peer.connectors.webConnector.util.AuthenticationManager: attempting login with id: reqbazbot
2022 Sep 24 15:36:38 FINER i5.las2peer.p2p.PastryNodeImpl: ARTIFACT_FETCH_STARTED (2060) <0x418909..>/reqbaz/137.226.232.38:9011 - - - USER_NAME-reqbazbot
2022 Sep 24 15:36:38 FINE i5.las2peer.persistency.SharedStorage: Starting latest version lookup for USER_NAME-reqbazbot at 1
2022 Sep 24 15:36:38 FINE i5.las2peer.persistency.helper.LatestArtifactVersionFinder: Looking for metadata envelope with identifier 'USER_NAME-reqbazbot' and version 1 at id F2E4B095B36F292D02F57187299993E98838FD22 ...
2022 Sep 24 15:36:38 FINE i5.las2peer.persistency.helper.LatestArtifactVersionFinder: Lookup got 0 past handles for identifier 'USER_NAME-reqbazbot' and version 1
2022 Sep 24 15:36:38 FINER i5.las2peer.p2p.PastryNodeImpl: ARTIFACT_FETCH_FAILED (-2065) <0x418909..>/reqbaz/137.226.232.38:9011 - - - USER_NAME-reqbazbot
2022 Sep 24 15:36:38 INFO i5.las2peer.connectors.webConnector.util.AuthenticationManager: OIDC sub uknown. Auto-register...
2022 Sep 24 15:36:38 SEVERE i5.las2peer.connectors.webConnector.WebConnector: Internal Server Error: Fetching OIDC user info failed
javax.ws.rs.InternalServerErrorException: Fetching OIDC user info failed
at i5.las2peer.connectors.webConnector.util.AuthenticationManager.retrieveOidcUserInfo(AuthenticationManager.java:210)
at i5.las2peer.connectors.webConnector.util.AuthenticationManager.createNewOidcAgent(AuthenticationManager.java:270)
at i5.las2peer.connectors.webConnector.util.AuthenticationManager.authenticateOIDC(AuthenticationManager.java:152)
at i5.las2peer.connectors.webConnector.util.AuthenticationManager.authenticateAgent(AuthenticationManager.java:78)
at i5.las2peer.connectors.webConnector.WebConnector.authenticateAgent(WebConnector.java:660)
at i5.las2peer.connectors.webConnector.WebConnectorRequestHandler.authenticate(WebConnectorRequestHandler.java:173)
at i5.las2peer.connectors.webConnector.WebConnectorRequestHandler.handle(WebConnectorRequestHandler.java:147)
at i5.las2peer.connectors.webConnector.WebConnectorRequestHandler.handleGET(WebConnectorRequestHandler.java:119)
at jdk.internal.reflect.GeneratedMethodAccessor46.invoke(Unknown Source)
at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.base/java.lang.reflect.Method.invoke(Method.java:564)
at org.glassfish.jersey.server.model.internal.ResourceMethodInvocationHandlerFactory.lambda$static$0(ResourceMethodInvocationHandlerFactory.java:52)
at org.glassfish.jersey.server.model.internal.AbstractJavaResourceMethodDispatcher$1.run(AbstractJavaResourceMethodDispatcher.java:124)
at org.glassfish.jersey.server.model.internal.AbstractJavaResourceMethodDispatcher.invoke(AbstractJavaResourceMethodDispatcher.java:167)
at org.glassfish.jersey.server.model.internal.JavaResourceMethodDispatcherProvider$ResponseOutInvoker.doDispatch(JavaResourceMethodDispatcherProvider.java:176)
at org.glassfish.jersey.server.model.internal.AbstractJavaResourceMethodDispatcher.dispatch(AbstractJavaResourceMethodDispatcher.java:79)
at org.glassfish.jersey.server.model.ResourceMethodInvoker.invoke(ResourceMethodInvoker.java:469)
at org.glassfish.jersey.server.model.ResourceMethodInvoker.apply(ResourceMethodInvoker.java:391)
at org.glassfish.jersey.server.model.ResourceMethodInvoker.apply(ResourceMethodInvoker.java:80)
at org.glassfish.jersey.server.ServerRuntime$1.run(ServerRuntime.java:255)
at org.glassfish.jersey.internal.Errors$1.call(Errors.java:248)
at org.glassfish.jersey.internal.Errors$1.call(Errors.java:244)
at org.glassfish.jersey.internal.Errors.process(Errors.java:292)
at org.glassfish.jersey.internal.Errors.process(Errors.java:274)
at org.glassfish.jersey.internal.Errors.process(Errors.java:244)
at org.glassfish.jersey.process.internal.RequestScope.runInScope(RequestScope.java:265)
at org.glassfish.jersey.server.ServerRuntime.process(ServerRuntime.java:234)
at org.glassfish.jersey.server.ApplicationHandler.handle(ApplicationHandler.java:680)
at org.glassfish.jersey.jdkhttp.JdkHttpHandlerContainer.handle(JdkHttpHandlerContainer.java:135)
at jdk.httpserver/com.sun.net.httpserver.Filter$Chain.doFilter(Filter.java:77)
at jdk.httpserver/sun.net.httpserver.AuthFilter.doFilter(AuthFilter.java:82)
at jdk.httpserver/com.sun.net.httpserver.Filter$Chain.doFilter(Filter.java:80)
at jdk.httpserver/sun.net.httpserver.ServerImpl$Exchange$LinkHandler.handle(ServerImpl.java:692)
at jdk.httpserver/com.sun.net.httpserver.Filter$Chain.doFilter(Filter.java:77)
at jdk.httpserver/sun.net.httpserver.ServerImpl$Exchange.run(ServerImpl.java:664)
at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1130)
at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:630)
at java.base/java.lang.Thread.run(Thread.java:832)
Caused by: javax.net.ssl.SSLHandshakeException: No subject alternative DNS name matching api.learning-layers.eu found.
at java.base/jdk.internal.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
at java.base/jdk.internal.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:62)
at java.base/jdk.internal.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45)
at java.base/java.lang.reflect.Constructor.newInstanceWithCaller(Constructor.java:500)
at java.base/java.lang.reflect.Constructor.newInstance(Constructor.java:481)
at java.base/sun.net.www.protocol.http.HttpURLConnection$10.run(HttpURLConnection.java:1982)
at java.base/sun.net.www.protocol.http.HttpURLConnection$10.run(HttpURLConnection.java:1977)
at java.base/java.security.AccessController.doPrivileged(AccessController.java:554)
at java.base/sun.net.www.protocol.http.HttpURLConnection.getChainedException(HttpURLConnection.java:1976)
at java.base/sun.net.www.protocol.http.HttpURLConnection.getInputStream0(HttpURLConnection.java:1544)
at java.base/sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:1528)
at java.base/java.net.HttpURLConnection.getResponseCode(HttpURLConnection.java:527)
at java.base/sun.net.www.protocol.https.HttpsURLConnectionImpl.getResponseCode(HttpsURLConnectionImpl.java:308)
at com.nimbusds.oauth2.sdk.http.HTTPRequest.send(HTTPRequest.java:674)
at com.nimbusds.oauth2.sdk.http.HTTPRequest.send(HTTPRequest.java:627)
at i5.las2peer.connectors.webConnector.util.AuthenticationManager.retrieveOidcUserInfo(AuthenticationManager.java:208)
... 37 more
Caused by: javax.net.ssl.SSLHandshakeException: No subject alternative DNS name matching api.learning-layers.eu found.
at java.base/sun.security.ssl.Alert.createSSLException(Alert.java:131)
at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:325)
at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:268)
at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:263)
at java.base/sun.security.ssl.CertificateMessage$T12CertificateConsumer.checkServerCerts(CertificateMessage.java:645)
at java.base/sun.security.ssl.CertificateMessage$T12CertificateConsumer.onCertificate(CertificateMessage.java:464)
at java.base/sun.security.ssl.CertificateMessage$T12CertificateConsumer.consume(CertificateMessage.java:360)
at java.base/sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396)
at java.base/sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:445)
at java.base/sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:423)
at java.base/sun.security.ssl.TransportContext.dispatch(TransportContext.java:182)
at java.base/sun.security.ssl.SSLTransport.decode(SSLTransport.java:171)
at java.base/sun.security.ssl.SSLSocketImpl.decode(SSLSocketImpl.java:1475)
at java.base/sun.security.ssl.SSLSocketImpl.readHandshakeRecord(SSLSocketImpl.java:1381)
at java.base/sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:441)
at java.base/sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:412)
at java.base/sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:567)
at java.base/sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:171)
at java.base/sun.net.www.protocol.http.HttpURLConnection.getInputStream0(HttpURLConnection.java:1600)
at java.base/sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:1528)
at java.base/sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream(HttpsURLConnectionImpl.java:224)
at com.nimbusds.oauth2.sdk.http.HTTPRequest.send(HTTPRequest.java:663)
... 39 more
Caused by: java.security.cert.CertificateException: No subject alternative DNS name matching api.learning-layers.eu found.
at java.base/sun.security.util.HostnameChecker.matchDNS(HostnameChecker.java:212)
at java.base/sun.security.util.HostnameChecker.match(HostnameChecker.java:103)
at java.base/sun.security.ssl.X509TrustManagerImpl.checkIdentity(X509TrustManagerImpl.java:452)
at java.base/sun.security.ssl.X509TrustManagerImpl.checkIdentity(X509TrustManagerImpl.java:412)
at java.base/sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:238)
at java.base/sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:132)
at java.base/sun.security.ssl.CertificateMessage$T12CertificateConsumer.checkServerCerts(CertificateMessage.java:629)
... 56 more
2022 Sep 24 15:36:38 FINER i5.las2peer.p2p.PastryNodeImpl: CONNECTOR_ERROR (-9100) <0x418909..>/reqbaz/137.226.232.38:9011 - - - WebConnector: Internal Server Error: Fetching OIDC user info failed
The oidc_provider
header does not seem to work. The frontend already sets this to https://auth.las2peer.org/o/oauth2
, so it should NOT use api.learning-layers.eu.
Upgrading to the latest las2peer version would solve the problem, because the new auth.las2peer.org domain is used by default. However, I'll first try to debug this issue
The oidc_provider
header is not working because it's removed by the Nginx reverse proxy in front of the Requirements Bazaar service (see https://github.com/rwth-acis/las2peer/issues/161).
Therefore, las2peer is falling back to the default provider, which is still api.learning-layers.eu in version 1.1.2.
Registration of new users is working again (at least on beta) with fix of #174
When will the bugfix be rolled out to the instance https://requirements-bazaar.org ?
I'll do it today. Sorry for possible inconveniences
Yes, thank you :)
The latest release is now deployed. Can you confirm your problem is solved @bjadel
When I register with a new user, the error no longer occurs. Only when I log in with an existing user the error still exists.
The issue with your bja
users seems to be something different, so I'm closing this issue (see here https://github.com/rwth-acis/RequirementsBazaar/issues/176)
After creating a new learning layers account, I experienced an error (
500 Internal Server error
) with the following response body for all API requests:Since I have not created new users for some time, this might be related to the migration of the OIDC identity server from learning-layers.eu to auth.las2peer.org. We had a similar problem in the Gamification Framework for the same reason.
TODO: add backend logs