search

wso2 / product-apim

Welcome to the WSO2 API Manager source code! For info on working with the WSO2 API Manager repository and contributing code, click the link below.
http://wso2.github.io/
Apache License 2.0
839 stars 783 forks source link

Tenant's Admin login issue with is-as-km #12049

Open 2Ppisa opened 2 years ago

2Ppisa commented 2 years ago

Description:

Using apim integrated with is-as-km, following the documentation in https://apim.docs.wso2.com/en/latest/install-and-setup/setup/distributed-deployment/configuring-wso2-identity-server-as-a-key-manager/ I'm unable to login in /carbon apim using the admin's tenant credential.

I also tried to apply the configuration in https://github.com/wso2/product-apim/issues/10260 that is not reported in main doc.

Enabling the traces I found 2 main stacktrace that may be related to the issue. One found at apim server startup (extracted from wso2carbon_startup_server.log):

TID: [-1234] [] [2021-11-24 11:31:25,120] DEBUG {org.wso2.carbon.user.core.common.UserIdResolverCache} - Cache: user_id_from_user_name_cache which is under USER_ID_RESOLVER_CACHE_MANAGER, found the entry: 87060542-931e-431e-981a-96237d0305d4 for the key: admin successfully.
TID: [-1234] [internal/data/v1] [2021-11-24 11:31:25,057] DEBUG {org.wso2.carbon.apimgt.impl.APIAdminImpl} - Error while parsing element https://is-as-km:9443/services/ com.google.gson.JsonSyntaxException: com.google.gson.stream.MalformedJsonException: Use JsonReader.setLenient(true) to accept malformed JSON at line 1 column 7 path $
    at com.google.gson.JsonParser.parseReader(JsonParser.java:66)
    at com.google.gson.JsonParser.parseString(JsonParser.java:47)
    at com.google.gson.JsonParser.parse(JsonParser.java:98)
    at org.wso2.carbon.apimgt.impl.APIAdminImpl.getDecryptedValue_aroundBody44(APIAdminImpl.java:471)
    at org.wso2.carbon.apimgt.impl.APIAdminImpl.getDecryptedValue(APIAdminImpl.java:468)
    at org.wso2.carbon.apimgt.impl.APIAdminImpl.decryptValue_aroundBody42(APIAdminImpl.java:448)
    at org.wso2.carbon.apimgt.impl.APIAdminImpl.decryptValue(APIAdminImpl.java:445)
    at org.wso2.carbon.apimgt.impl.APIAdminImpl.decryptKeyManagerConfigurationValues_aroundBody40(APIAdminImpl.java:439)
    at org.wso2.carbon.apimgt.impl.APIAdminImpl.decryptKeyManagerConfigurationValues(APIAdminImpl.java:430)
    at org.wso2.carbon.apimgt.impl.APIAdminImpl.getKeyManagerConfigurationsByTenant_aroundBody28(APIAdminImpl.java:336)
    at org.wso2.carbon.apimgt.impl.APIAdminImpl.getKeyManagerConfigurationsByTenant(APIAdminImpl.java:315)
    at org.wso2.carbon.apimgt.internal.service.impl.KeymanagersApiServiceImpl.keymanagersGet(KeymanagersApiServiceImpl.java:46)
    at org.wso2.carbon.apimgt.internal.service.KeymanagersApi.keymanagersGet(KeymanagersApi.java:48)
    at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
    at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
    at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
    at java.base/java.lang.reflect.Method.invoke(Method.java:566)
    at org.apache.cxf.service.invoker.AbstractInvoker.performInvocation(AbstractInvoker.java:179)
    at org.apache.cxf.service.invoker.AbstractInvoker.invoke(AbstractInvoker.java:96)
    at org.apache.cxf.jaxrs.JAXRSInvoker.invoke(JAXRSInvoker.java:201)
    at org.apache.cxf.jaxrs.JAXRSInvoker.invoke(JAXRSInvoker.java:104)
    at org.apache.cxf.interceptor.ServiceInvokerInterceptor$1.run(ServiceInvokerInterceptor.java:59)
    at org.apache.cxf.interceptor.ServiceInvokerInterceptor.handleMessage(ServiceInvokerInterceptor.java:96)
    at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:308)
    at org.apache.cxf.transport.ChainInitiationObserver.onMessage(ChainInitiationObserver.java:121)
    at org.apache.cxf.transport.http.AbstractHTTPDestination.invoke(AbstractHTTPDestination.java:267)
    at org.apache.cxf.transport.servlet.ServletController.invokeDestination(ServletController.java:234)
    at org.apache.cxf.transport.servlet.ServletController.invoke(ServletController.java:208)
    at org.apache.cxf.transport.servlet.ServletController.invoke(ServletController.java:160)
    at org.apache.cxf.transport.servlet.CXFNonSpringServlet.invoke(CXFNonSpringServlet.java:225)
    at org.apache.cxf.transport.servlet.AbstractHTTPServlet.handleRequest(AbstractHTTPServlet.java:296)
    at org.apache.cxf.transport.servlet.AbstractHTTPServlet.doGet(AbstractHTTPServlet.java:220)
    at javax.servlet.http.HttpServlet.service(HttpServlet.java:634)
    at org.apache.cxf.transport.servlet.AbstractHTTPServlet.service(AbstractHTTPServlet.java:271)
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:231)
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
    at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:53)
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
    at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:202)
    at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:96)
    at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:541)
    at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:139)
    at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:92)
    at org.wso2.carbon.identity.context.rewrite.valve.TenantContextRewriteValve.invoke(TenantContextRewriteValve.java:107)
    at org.wso2.carbon.identity.authz.valve.AuthorizationValve.invoke(AuthorizationValve.java:110)
    at org.wso2.carbon.identity.auth.valve.AuthenticationValve.invoke(AuthenticationValve.java:102)
    at org.wso2.carbon.tomcat.ext.valves.CompositeValve.continueInvocation(CompositeValve.java:101)
    at org.wso2.carbon.tomcat.ext.valves.TomcatValveContainer.invokeValves(TomcatValveContainer.java:49)
    at org.wso2.carbon.tomcat.ext.valves.CompositeValve.invoke(CompositeValve.java:62)
    at org.wso2.carbon.tomcat.ext.valves.CarbonStuckThreadDetectionValve.invoke(CarbonStuckThreadDetectionValve.java:145)
    at org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:690)
    at org.wso2.carbon.tomcat.ext.valves.CarbonContextCreatorValve.invoke(CarbonContextCreatorValve.java:57)
    at org.wso2.carbon.tomcat.ext.valves.RequestCorrelationIdValve.invoke(RequestCorrelationIdValve.java:126)
    at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:74)
    at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:343)
    at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:373)
    at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:65)
    at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:868)
    at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1590)
    at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49)
    at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1128)
    at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628)
    at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
    at java.base/java.lang.Thread.run(Thread.java:829)
Caused by: com.google.gson.stream.MalformedJsonException: Use JsonReader.setLenient(true) to accept malformed JSON at line 1 column 7 path $
    at com.google.gson.stream.JsonReader.syntaxError(JsonReader.java:1564)
    at com.google.gson.stream.JsonReader.checkLenient(JsonReader.java:1405)
    at com.google.gson.stream.JsonReader.doPeek(JsonReader.java:543)
    at com.google.gson.stream.JsonReader.peek(JsonReader.java:426)
    at com.google.gson.JsonParser.parseReader(JsonParser.java:61)
    ... 64 more

<other occurences for the same stacktrace>
172.19.158.157
TID: [-1234] [internal/data/v1] [2021-11-24 11:31:25,122] DEBUG {org.wso2.carbon.apimgt.impl.APIAdminImpl} - Error while parsing element https://is-as-km:9443/oauth2/revoke com.google.gson.JsonSyntaxException: com.google.gson.stream.MalformedJsonException: Use JsonReader.setLenient(true) to accept malformed JSON at line 1 column 7 path $
TID: [-1234] [internal/data/v1] [2021-11-24 11:31:25,145] DEBUG {org.wso2.carbon.apimgt.impl.APIAdminImpl} - Error while parsing element https://is-as-km:9443/oauth2/token com.google.gson.JsonSyntaxException: com.google.gson.stream.MalformedJsonException: Use JsonReader.setLenient(true) to accept malformed JSON at line 1 column 7 path $
TID: [-1234] [internal/data/v1] [2021-11-24 11:31:25,172] DEBUG {org.wso2.carbon.apimgt.impl.APIAdminImpl} - Error while parsing element urn:ietf:params:oauth:grant-type:saml2-bearer com.google.gson.JsonSyntaxException: com.google.gson.stream.MalformedJsonException: Use JsonReader.setLenient(true) to accept malformed JSON at line 1 column 5 path $
TID: [-1234] [internal/data/v1] [2021-11-24 11:31:25,224] DEBUG {org.wso2.carbon.apimgt.impl.APIAdminImpl} - Error while parsing element iwa:ntlm com.google.gson.JsonSyntaxException: com.google.gson.stream.MalformedJsonException: Use JsonReader.setLenient(true) to accept malformed JSON at line 1 column 5 path $
TID: [-1234] [internal/data/v1] [2021-11-24 11:31:25,257] DEBUG {org.wso2.carbon.apimgt.impl.APIAdminImpl} - Error while parsing element urn:ietf:params:oauth:grant-type:jwt-bearer com.google.gson.JsonSyntaxException: com.google.gson.stream.MalformedJsonException: Use JsonReader.setLenient(true) to accept malformed JSON at line 1 column 5 path $

Another one at failed login time (extracted from wso2carbon_failed_login.log): 

TID: [1] [] [2021-11-24 10:57:48,549] DEBUG {org.wso2.carbon.core.util.CryptoUtil} - Cipher transformation for decryption : AES/GCM/NoPadding
TID: [1] [] [2021-11-24 10:57:48,549] DEBUG {org.wso2.carbon.crypto.impl.DefaultCryptoService} - Decrypting data using the algorithm 'AES/GCM/NoPadding' and the Java Security API provider 'BC'.
TID: [1] [] [2021-11-24 10:57:48,550] DEBUG {org.wso2.carbon.crypto.impl.DefaultCryptoService} - Looking for the most suitable internal crypto provider.
TID: [1] [] [2021-11-24 10:57:48,550] DEBUG {org.wso2.carbon.crypto.impl.DefaultCryptoService} - Configured internal crypto provider class name: org.wso2.carbon.crypto.provider.KeyStoreBasedInternalCryptoProvider
TID: [1] [] [2021-11-24 10:57:48,550] DEBUG {org.wso2.carbon.crypto.impl.DefaultCryptoService} - Internal providers are available. The most suitable provider is 'org.wso2.carbon.crypto.provider.KeyStoreBasedInternalCryptoProvider'
TID: [1] [] [2021-11-24 10:57:48,551] DEBUG {org.wso2.carbon.crypto.provider.KeyStoreBasedInternalCryptoProvider} - An error occurred while decrypting using the algorithm : 'AES/GCM/NoPadding', and crypto provider : 'org.wso2.carbon.crypto.provider.KeyStoreBasedInternalCryptoProvider' java.security.InvalidKeyException: Key for algorithm RSA not suitable for symmetric enryption.
    at org.bouncycastle.jcajce.provider.symmetric.util.BaseBlockCipher.engineInit(Unknown Source)
    at org.bouncycastle.jcajce.provider.symmetric.util.BaseBlockCipher.engineInit(Unknown Source)
    at java.base/javax.crypto.Cipher.init(Cipher.java:1283)
    at java.base/javax.crypto.Cipher.init(Cipher.java:1223)
    at org.wso2.carbon.crypto.provider.KeyStoreBasedInternalCryptoProvider.decrypt(KeyStoreBasedInternalCryptoProvider.java:145)
    at org.wso2.carbon.crypto.impl.DefaultCryptoService.decrypt(DefaultCryptoService.java:132)
    at org.wso2.carbon.core.util.CryptoUtil.decrypt(CryptoUtil.java:311)
    at org.wso2.carbon.core.util.CryptoUtil.base64DecodeAndDecrypt(CryptoUtil.java:431)
    at org.wso2.carbon.core.util.KeyStoreManager.getKeyStore(KeyStoreManager.java:145)
    at org.wso2.carbon.idp.mgt.IdentityProviderManager.getResidentIdP(IdentityProviderManager.java:267)
    at org.wso2.carbon.identity.governance.IdentityGovernanceServiceImpl.getConfiguration(IdentityGovernanceServiceImpl.java:95)
    at org.wso2.carbon.identity.governance.IdentityGovernanceServiceImpl.getConfiguration(IdentityGovernanceServiceImpl.java:123)
    at org.wso2.carbon.identity.handler.event.account.lock.AccountLockHandler.handleEvent(AccountLockHandler.java:148)
    at org.wso2.carbon.identity.event.services.IdentityEventServiceImpl.handleEvent(IdentityEventServiceImpl.java:56)
    at org.wso2.carbon.identity.governance.listener.IdentityMgtEventListener.handleEvent(IdentityMgtEventListener.java:1654)
    at org.wso2.carbon.identity.governance.listener.IdentityMgtEventListener.handleEvent(IdentityMgtEventListener.java:1630)
    at org.wso2.carbon.identity.governance.listener.IdentityMgtEventListener.handleEvent(IdentityMgtEventListener.java:1618)
    at org.wso2.carbon.identity.governance.listener.IdentityMgtEventListener.doPreAuthenticate(IdentityMgtEventListener.java:108)
    at org.wso2.carbon.user.core.common.AbstractUserStoreManager.authenticateInternal(AbstractUserStoreManager.java:1653)
    at org.wso2.carbon.user.core.common.AbstractUserStoreManager.authenticateInternalIteration(AbstractUserStoreManager.java:1489)
    at org.wso2.carbon.user.core.common.AbstractUserStoreManager.lambda$authenticate$1(AbstractUserStoreManager.java:1470)
    at java.base/java.security.AccessController.doPrivileged(Native Method)
    at org.wso2.carbon.user.core.common.AbstractUserStoreManager.authenticate(AbstractUserStoreManager.java:1469)
    at org.wso2.carbon.user.core.common.AbstractUserStoreManager.lambda$authenticate$0(AbstractUserStoreManager.java:1453)
    at java.base/java.security.AccessController.doPrivileged(Native Method)
    at org.wso2.carbon.user.core.common.AbstractUserStoreManager.authenticate(AbstractUserStoreManager.java:1446)
    at org.wso2.carbon.core.services.authentication.AuthenticationAdmin.login(AuthenticationAdmin.java:102)
    at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
    at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
    at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
    at java.base/java.lang.reflect.Method.invoke(Method.java:566)
    at org.apache.axis2.rpc.receivers.RPCUtil.invokeServiceClass(RPCUtil.java:212)
    at org.apache.axis2.rpc.receivers.RPCMessageReceiver.invokeBusinessLogic(RPCMessageReceiver.java:117)
    at org.apache.axis2.receivers.AbstractInOutMessageReceiver.invokeBusinessLogic(AbstractInOutMessageReceiver.java:40)
    at org.apache.axis2.receivers.AbstractMessageReceiver.receive(AbstractMessageReceiver.java:110)
    at org.apache.axis2.engine.AxisEngine.receive(AxisEngine.java:180)
    at org.apache.axis2.transport.local.LocalTransportReceiver.processMessage(LocalTransportReceiver.java:170)
    at org.apache.axis2.transport.local.LocalTransportReceiver.processMessage(LocalTransportReceiver.java:82)
    at org.wso2.carbon.core.transports.local.CarbonLocalTransportSender.finalizeSendWithToAddress(CarbonLocalTransportSender.java:45)
    at org.apache.axis2.transport.local.LocalTransportSender.invoke(LocalTransportSender.java:77)
    at org.apache.axis2.engine.AxisEngine.send(AxisEngine.java:442)
    at org.apache.axis2.description.OutInAxisOperationClient.send(OutInAxisOperation.java:446)
    at org.apache.axis2.description.OutInAxisOperationClient.executeImpl(OutInAxisOperation.java:232)
    at org.apache.axis2.client.OperationClient.execute(OperationClient.java:149)
    at org.wso2.carbon.authenticator.stub.AuthenticationAdminStub.login(AuthenticationAdminStub.java:1343)
    at org.wso2.carbon.authenticator.proxy.AuthenticationAdminClient.login(AuthenticationAdminClient.java:66)
    at org.wso2.carbon.ui.DefaultCarbonAuthenticator.doAuthentication(DefaultCarbonAuthenticator.java:119)
    at org.wso2.carbon.ui.AbstractCarbonUIAuthenticator.handleSecurity(AbstractCarbonUIAuthenticator.java:218)
    at org.wso2.carbon.ui.BasicAuthUIAuthenticator.authenticate(BasicAuthUIAuthenticator.java:83)
    at org.wso2.carbon.ui.CarbonUILoginUtil.handleLogin(CarbonUILoginUtil.java:406)
    at org.wso2.carbon.ui.CarbonSecuredHttpContext.handleSecurity(CarbonSecuredHttpContext.java:243)
    at org.eclipse.equinox.http.servlet.internal.ServletRegistration.service(ServletRegistration.java:60)
    at org.eclipse.equinox.http.servlet.internal.ProxyServlet.processAlias(ProxyServlet.java:128)
    at org.eclipse.equinox.http.servlet.internal.ProxyServlet.service(ProxyServlet.java:68)
    at javax.servlet.http.HttpServlet.service(HttpServlet.java:741)
    at org.wso2.carbon.tomcat.ext.servlet.DelegationServlet.service(DelegationServlet.java:68)
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:231)
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
    at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:53)
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
    at org.owasp.csrfguard.CsrfGuardFilter.doFilter(CsrfGuardFilter.java:88)
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
    at org.apache.catalina.filters.HttpHeaderSecurityFilter.doFilter(HttpHeaderSecurityFilter.java:126)
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
    at org.wso2.carbon.ui.filters.cache.URLBasedCachePreventionFilter.doFilter(URLBasedCachePreventionFilter.java:57)
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
    at org.wso2.carbon.tomcat.ext.filter.CharacterSetFilter.doFilter(CharacterSetFilter.java:65)
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
    at org.apache.catalina.filters.HttpHeaderSecurityFilter.doFilter(HttpHeaderSecurityFilter.java:126)
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
    at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:202)
    at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:96)
    at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:541)
    at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:139)
    at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:92)
    at org.wso2.carbon.identity.context.rewrite.valve.TenantContextRewriteValve.invoke(TenantContextRewriteValve.java:107)
    at org.wso2.carbon.identity.authz.valve.AuthorizationValve.invoke(AuthorizationValve.java:110)
    at org.wso2.carbon.identity.auth.valve.AuthenticationValve.invoke(AuthenticationValve.java:102)
    at org.wso2.carbon.tomcat.ext.valves.CompositeValve.continueInvocation(CompositeValve.java:101)
    at org.wso2.carbon.tomcat.ext.valves.TomcatValveContainer.invokeValves(TomcatValveContainer.java:49)
    at org.wso2.carbon.tomcat.ext.valves.CompositeValve.invoke(CompositeValve.java:62)
    at org.wso2.carbon.tomcat.ext.valves.CarbonStuckThreadDetectionValve.invoke(CarbonStuckThreadDetectionValve.java:145)
    at org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:690)
    at org.wso2.carbon.tomcat.ext.valves.CarbonContextCreatorValve.invoke(CarbonContextCreatorValve.java:57)
    at org.wso2.carbon.tomcat.ext.valves.RequestCorrelationIdValve.invoke(RequestCorrelationIdValve.java:126)
    at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:74)
    at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:343)
    at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:373)
    at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:65)
    at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:868)
    at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1590)
    at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49)
    at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1128)
    at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628)
    at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
    at java.base/java.lang.Thread.run(Thread.java:829)

TID: [1] [] [2021-11-24 10:57:48,558] ERROR {org.wso2.carbon.core.services.authentication.AuthenticationAdmin} - System error while Authenticating/Authorizing User : Error when handling event : PRE_AUTHENTICATION

Steps to reproduce:

Create a tenant on is-as-km: curl -k -X POST "https://is-dev.poc.acme.org/api/server/v1/tenants" -H "accept: /" -H "Content-Type: application/json" -H "Authorization: Basic YWRtaW46YWRtaW4=" -d "{\"domain\":\"orders1.acme.org\",\"owners\":[{\"username\":\"order_admin\",\"password\":\"myPwd\",\"email\":\"order_admin@orders1.acme.org\",\"firstname\":\"order_admin\",\"lastname\":\"order_admin\",\"provisioningMethod\":\"inline-password\"}]}"

Try to login to https://apimportal-dev.poc.acme.org/carbon/admin/login.jsp?loginStatus=false using the tenant admin credential: order_admin@orders1.acme.org myPwd

Got Authentication failed

Affected Product Version:

APIM container builded from https://github.com/wso2/docker-apim/blob/v4.0.0.2/dockerfiles/centos/apim/Dockerfile API IS container builded from https://github.com/wso2/docker-is/blob/v5.11.0.6/dockerfiles/jdk11/centos/is/Dockerfile

Environment details (with versions):

2Ppisa commented 2 years ago

I'm able to login to apim carbon console by using tenant's admin credentials by adding the following configuration in deplyment.toml file (some guidance on this is available on apim doc)

[encryption]
internal_crypto_provider = "org.wso2.carbon.crypto.provider.SymmetricKeyInternalCryptoProvider"
key = "<same-of-is>"

[system.parameter]
"org.wso2.CipherTransformation" = "AES/GCM/NoPadding"

Actually I don't know if there are any other implication due to this change. For example, I found the same configuration has impact on OAuth2 token