Exception when calling TAPScheme

Kaial

    Hi all,

     

    I am having the following exception and error page when accessing a resource protected by TAPScheme. The integration between OAM and OAAM is in default stage.

     

    ADFC-50018

     

    ADFc: No exception handler was found for an application exception.

    Supplemental Detail javax.faces.FacesException: Broken pipe

    at oracle.adfinternal.view.faces.lifecycle.LifecycleImpl._renderResponse(LifecycleImpl.java:988)

    at oracle.adfinternal.view.faces.lifecycle.LifecycleImpl._executePhase(LifecycleImpl.java:408)

    at oracle.adfinternal.view.faces.lifecycle.LifecycleImpl.render(LifecycleImpl.java:237)

    at javax.faces.webapp.FacesServlet.service(FacesServlet.java:266)

    at weblogic.servlet.internal.StubSecurityHelper$ServletServiceAction.run(StubSecurityHelper.java:227)

     

    errorPage.png

     

    The URL that is called is : http://snelnxi41.internal.timbrasil.com.br:10201/oaam_server/loginPage.jsp/obrareq.cgi?encquery%3DiIVyEo5E7%2FDij8INaOcGghuUromnfmGdf0X1Aq%2BFh9kpqlTTX%2FLvkhpktqUe6UUvGscqIV%2BSd2SdaoIBlk8WvKYGcTHiaTN4BCWg77lDlPObI%2BeOF4tWc2dHuB3c%2FNmrWbuisMzwy1LhHOZbo02POEBaKCgLZQkU3pFGcm7XCcyciOSEkrNW%2Bv10EEqRTNuOUK%2BzS297lFoARXUMgY7jss5KoZtj%2FGv9%2Bs7OnWO%2B2GtPF2PEC8LTgUT65zc4TyIr83yejKKRjeCHTfgJWGPSWoATvwFNfR71IwgthV5wYwhdBcGX4Ld8Ii0Sghwmhsaf6%2Fa0x2J7na5bvT9wWq1SfxmywVl3B4hnOEFUhdX%2FyEc%3D%20agentid%3DIdentityManager_Agent%20ver%3D1%20crmethod%3D2

     

     

    Anyone can help with this problem?

     

    Thanks in advance

      • 1. Re: Exception when calling TAPScheme
        amey g

        Hello,

         

        Is this fresh installation? Are you getting this problem after first start?

         

        Are you using same MW_HOME was used for OID  and for OAM?

         

        Please check Oracle Fusion Middleware Security: Domain Architecture and Middleware Homes Revisited

         

        Thanks,

        Amey

        • 2. Re: Exception when calling TAPScheme
          Kaial

          Hi Amey,

           

          Yes, this is a fresh instalation. I have copied the properties of Authentication Scheme from another environment (that works) to this one and now i am getting the following error.

           

          Authentication Scheme configuration:

           

          authenticationScheme.png

           

          Error Log

           

          [2016-06-06T16:32:27.030-03:00] [oam_server1] [WARNING] [] [oracle.oam.commonutil] [tid: [ACTIVE].ExecuteThread: '1' for queue: 'weblogic.kernel.Default (self-tuning)'] [userId: <anonymous>] [ecid: 005DA4Xu_F20FwX5LvWBye0001^W00004y,0:1] [APP: oam_server#11.1.2.0.0] OAM-02071

          [2016-06-06T16:32:27.047-03:00] [oam_server1] [ERROR] [OAM-00002] [oracle.oam.binding] [tid: [ACTIVE].ExecuteThread: '1' for queue: 'weblogic.kernel.Default (self-tuning)'] [userId: <anonymous>] [ecid: 005DA4Xu_F20FwX5LvWBye0001^W00004y,0:1] [APP: oam_server#11.1.2.0.0] Error occurred while handling the request.[[

          oracle.security.am.common.utilities.exception.AmRuntimeException: OAM-02070

            at oracle.security.am.controller.util.ControllerUtil.lookupBaseURL(ControllerUtil.java:231)

            at oracle.security.am.controller.util.ControllerUtil.getCredentialChallengeURL(ControllerUtil.java:171)

            at oracle.security.am.engines.enginecontroller.CredCollectEngineController.handleCollectCredentials(CredCollectEngineController.java:1321)

            at oracle.security.am.engines.enginecontroller.CredCollectEngineController.processEvent(CredCollectEngineController.java:266)

            at oracle.security.am.controller.MasterController.processEvent(MasterController.java:596)

            at oracle.security.am.controller.MasterController.processRequest(MasterController.java:788)


          Error Page


          errorPageDefautl.png

           

          The URL that is in error page is: https://authsandbox.tim.com.br/oam/server/obrareq.cgi?encquery%3D7UQ3I01ImwgkYHJWS6kRvKmSm%2BSV1Rj013bytqAGE%2FS2km%2FAR…


          Can anyone help me solve this problem?

           

          Thanks in advance.

          • 3. Re: Exception when calling TAPScheme
            handat

            Did you run registerThirdPartyTAPPartner? In addition to setting the correct values in the authentication scheme, it also specifies which keystore to use with it.

            1 位用户发现它有用
            • 4. Re: Exception when calling TAPScheme
              Kaial

              Hi guys,

               

              I have had a little progress in this case. first of all, i made the registration as Handat sugested, but now i have another problem. When i request for an protected URL (By TAPScheme), my user is not being identified, since i was authenticated (not by TAPScheme).

              For example, i access another resource and authenticate with success, if i request an TAPScheme protected URL, the OAAM is asking to authenticate again, showing the message below in log:

               

              FREFBMjVEMUZDODUxNTgzODRGMTk4REZFOTlCRTJFREQ0QUU4QjQ0Q0M0MjJCNDdCN0ZGNjQ4QjkyRTJDNzdEQkIyNDRCNTFGQkQ0QTcyQTQ0Mw==[[

              oracle.security.am.common.dap.exceptions.CryptoException: OAM-17010

                      at oracle.security.am.common.dap.util.CryptoUtil.ssoDecryptString(CryptoUtil.java:662)

                      at oracle.security.am.common.dap.util.CryptoUtil.decrypt(CryptoUtil.java:241)

                      <STACK>

                      at weblogic.servlet.internal.ServletRequestImpl.run(ServletRequestImpl.java:1491)

                      at weblogic.work.ExecuteThread.execute(ExecuteThread.java:256)

                      at weblogic.work.ExecuteThread.run(ExecuteThread.java:221)

              Caused by: javax.crypto.BadPaddingException: Given final block not properly padded

                      at com.sun.crypto.provider.CipherCore.doFinal(CipherCore.java:811)

                      at com.sun.crypto.provider.CipherCore.doFinal(CipherCore.java:676)

                      at com.sun.crypto.provider.AESCipher.engineDoFinal(AESCipher.java:313)

                      at javax.crypto.Cipher.doFinal(Cipher.java:2131)

                      at oracle.security.am.common.dap.util.CryptoUtil.ssoDecryptString(CryptoUtil.java:647)

                      ... 49 more

              ]]


              I figured out that when i insert the flag MatchLDAPAttribute=cn in TAPScheme authentication Scheme, i am having the following error page:

               

              errorPageDefautl.png

              The log is:

              005DA4Xu_F20FwX5LvWBye0001^W00004y,0:1] [APP: oam_server#11.1.2.0.0] Error occurred while handling the request.[[

              oracle.security.am.common.utilities.exception.AmRuntimeException: OAM-02070

                at oracle.security.am.controller.util.ControllerUtil.lookupBaseURL(ControllerUtil.java:231)

                at oracle.security.am.controller.util.ControllerUtil.getCredentialChallengeURL(ControllerUtil.java:171)

               

              How can i fix this problem? In all tutorials of integration between OAM and OAAM, they ask to insert the MatchLDAPAttribute flag, but it is not working. I think that if i dont pass this value, the token will not be decrypted correctly, resulting in the error shown first. So if i fix this i could get the correct scenario.


              Thanks in advance for any help.

              • 5. Re: Exception when calling TAPScheme
                handat

                There is an additional jdbc datasource (OAAM_SERVER_DS) that you need to assign to the oaam instance via weblogic console.

                • 6. Re: Exception when calling TAPScheme
                  Kaial

                  Handat,

                   

                  I will check this target as soon as possible (i dont have access to the environment now).

                  Just a question, when i access the OAAM login page and enter an username, i got a redirect to the register KBA and OTP page. Since this is happening, the target of datasource is not correct?

                   

                  Thanks for the help.

                  • 7. Re: Exception when calling TAPScheme
                    Kaial

                    Hi Handat,

                     

                    As i suspected, the datasource is pointing to OAAM cluster. Any solution about the MatchLDAPAttribute flag?

                     

                    datasource.png

                     

                    Thanks in advance.

                    • 8. Re: Exception when calling TAPScheme
                      Kaial

                      Guys,

                       

                      Now i am able to put the MatchLDAPAttribute flag without getting an OAM error, but i´m still getting decryption TAP Token error. Following is the log and error page. I have done the register process but i´m still not able to make the integration with success. Any solutions?

                       

                      [2016-06-08T15:27:09.231-03:00] [oaam_server_server1] [TRACE] [] [org.apache.struts.util.ModuleUtils] [tid: [ACTIVE].ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'] [userId: <anonymous>] [ecid: 0000LKlHA3bDWb05NzS4ye1NM2r400005R,0] [APP: oaam_server#11.1.2.0.0] [SRC_CLASS: org.apache.struts.util.ModuleUtils] [SRC_METHOD: getModuleName] Get module name for path /entry.do

                      [2016-06-08T15:27:09.231-03:00] [oaam_server_server1] [TRACE] [] [org.apache.struts.util.ModuleUtils] [tid: [ACTIVE].ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'] [userId: <anonymous>] [ecid: 0000LKlHA3bDWb05NzS4ye1NM2r400005R,0] [APP: oaam_server#11.1.2.0.0] [SRC_CLASS: org.apache.struts.util.ModuleUtils] [SRC_METHOD: getModuleName] Module name found: default

                      [2016-06-08T15:27:09.232-03:00] [oaam_server_server1] [TRACE] [] [org.apache.struts.action.RequestProcessor] [tid: [ACTIVE].ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'] [userId: <anonymous>] [ecid: 0000LKlHA3bDWb05NzS4ye1NM2r400005R,0] [APP: oaam_server#11.1.2.0.0] [SRC_CLASS: org.apache.struts.action.RequestProcessor] [SRC_METHOD: process] Processing a 'GET' for path '/entry'

                      [2016-06-08T15:27:09.232-03:00] [oaam_server_server1] [TRACE] [] [org.apache.struts.action.RequestProcessor] [tid: [ACTIVE].ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'] [userId: <anonymous>] [ecid: 0000LKlHA3bDWb05NzS4ye1NM2r400005R,0] [APP: oaam_server#11.1.2.0.0] [SRC_CLASS: org.apache.struts.action.RequestProcessor] [SRC_METHOD: processLocale]  Setting user locale 'en_US'

                      [2016-06-08T15:27:09.232-03:00] [oaam_server_server1] [TRACE] [] [org.apache.struts.action.RequestProcessor] [tid: [ACTIVE].ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'] [userId: <anonymous>] [ecid: 0000LKlHA3bDWb05NzS4ye1NM2r400005R,0] [APP: oaam_server#11.1.2.0.0] [SRC_CLASS: org.apache.struts.action.RequestProcessor] [SRC_METHOD: processActionCreate]  Looking for Action instance for class com.bharosa.uio.actions.EntryAction

                      [2016-06-08T15:27:09.264-03:00] [oaam_server_server1] [TRACE] [] [TPE-default] [tid: [ACTIVE].ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'] [userId: <anonymous>] [ecid: 0000LKlHA3bDWb05NzS4ye1NM2r400005R,0] [APP: oaam_server#11.1.2.0.0] [SRC_CLASS: oracle.security.am.common.dap.util.DAPTokenUtil] [SRC_METHOD: parseOAMServerToken]  partnerId:tokenVersionOAAMTAPPartner,v2.0

                      [2016-06-08T15:27:09.266-03:00] [oaam_server_server1] [ERROR] [] [oracle.oaam] [tid: [ACTIVE].ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'] [userId: <anonymous>] [ecid: 0000LKlHA3bDWb05NzS4ye1NM2r400005R,0] [APP: oaam_server#11.1.2.0.0] Error decoding the DAPToken. oamdapToken=v2.0~OAAMTAPPartner~NEU2MzFDODhBRjc0OTEyRDM3NEIzRn40QzkyODEwOEI5NkQ5QkE5MDIyMjY5NzQ3QjY2NDhFRTAyMkM1MTJCfkM4QTg1Mzc0NjEwODJENUU0RDlEMUY0RjY1Mjc2NDUwfjRENDI2QzM3QkRCMTQwMTM5N0JDMkY4REU1MERFMDBDQTA5RkM3QjY1RjNDRjgxQkFCNTg2MDg5NDU4QUZGQzBBN0ExMURBN0NFRkNDMUM1MTdGNzczMUQ2MzcwRjkzQTUzQUEwNUREOEJBRjVGOUE0OTY4OTZFMjIwOTkyNzlEMUQwRUY0N0UwNzI0RkFFOTNCMDQyQTQ2OTlEQUI3Qzk0RDFGQ0M2Q0I4MzQ1REE0ODI3QTk3QUUxOEZGMTA2RjkwQ0ExRUQxMDgxOURCMTYwODlEREVCRkZFMkVDNkY5RjI0NzdGRjJEQTRDNjUxQTk0QkIyRkExMjI5QkM5MjQ2MjQ2NjJGRjFBREM3ODA0QzQ5QUU1QTEyODFCOTczNTI3REE3QzE2NTE1NTI3NTA2NTMxRjg3ODgxN0YxRTdCMjc4REQ3N0EyMDVFREM0OUFCMTM4OUVGOTE5MUU0NEVCQThFRTc1RDg3RDkxMkRCNkQxMkFCRDYwRTMyQUM4QkUwNEFCRkQzQURENTlENUYxNzk4RDQxMDU3QkQxMzBENDk3QjE5OEQ0QkRCNDk3OUQ1REY3NzJBQzYxNzQxNjdCOUM5OTA4RUQ5RjY3Q0NFM0Q2QTZFOTM2MzY4NjFCNEYwOUU5NDkwOTc1ODRBRDgwOEY1MzM2MUQxODUwQjYzMTM1NUFEODkyOUVDNzJGMTc2MzhCM0JDMUJGOEEyMDY1RTBEQjI5RDI5RjlDRTdCOUY3MTdDQTBBOUUxQkQyMThEMTE3OUQwNkU2REVFNTdDQkNBMDMzRjQ4QkUyMzUwOEU4MEUwQ0ZDNEU1RDczMTE2QjBCNkE4MjhGQTZBNTVEQUEwODNFNjI5OTIzRjAxQzEzMEYzQjI4RTdCQTY0QTJBNEYwMjNBOTYwMzE3NDA5RkQ2MjZGMDFGMEQzQzNBRjUyODU5MTYwNTU4NUI2MzJDRjZFOEU2Njg5MzlERTI=[[

                      oracle.security.am.common.dap.exceptions.CryptoException: OAM-17010

                        at oracle.security.am.common.dap.util.CryptoUtil.ssoDecryptString(CryptoUtil.java:662)

                        at oracle.security.am.common.dap.util.CryptoUtil.decrypt(CryptoUtil.java:241)

                        at oracle.security.am.common.dap.util.DAPTokenUtil.parseOAMServerToken(DAPTokenUtil.java:600)

                        at com.bharosa.uio.processor.integration.OAMIntegrationProcessor.onEntry(OAMIntegrationProcessor.java:123)

                      Caused by: javax.crypto.BadPaddingException: Given final block not properly padded

                        at com.sun.crypto.provider.CipherCore.doFinal(CipherCore.java:811)

                        at com.sun.crypto.provider.CipherCore.doFinal(CipherCore.java:676)

                        at com.sun.crypto.provider.AESCipher.engineDoFinal(AESCipher.java:313)

                        at javax.crypto.Cipher.doFinal(Cipher.java:2087)

                        at oracle.security.am.common.dap.util.CryptoUtil.ssoDecryptString(CryptoUtil.java:647)

                        ... 47 more

                      ]]

                       

                      Thanks for any help.

                      • 9. Re: Exception when calling TAPScheme
                        handat

                        Try changing the Token version to v2.1 instead of v2.0

                        • 10. Re: Exception when calling TAPScheme
                          Kaial

                          The problem was that i needed an restart in OAM Servers and Admin to take effect.

                          The registerThirdyParty proccess and restart has worked.

                           

                          Thanks for helping.