10 Replies Latest reply on Jul 8, 2016 6:26 PM by Kaial

    Exception when calling TAPScheme

    Kaial

      Hi all,

       

      I am having the following exception and error page when accessing a resource protected by TAPScheme. The integration between OAM and OAAM is in default stage.

       

      ADFC-50018

       

      ADFc: No exception handler was found for an application exception.

      Supplemental Detail javax.faces.FacesException: Broken pipe

      at oracle.adfinternal.view.faces.lifecycle.LifecycleImpl._renderResponse(LifecycleImpl.java:988)

      at oracle.adfinternal.view.faces.lifecycle.LifecycleImpl._executePhase(LifecycleImpl.java:408)

      at oracle.adfinternal.view.faces.lifecycle.LifecycleImpl.render(LifecycleImpl.java:237)

      at javax.faces.webapp.FacesServlet.service(FacesServlet.java:266)

      at weblogic.servlet.internal.StubSecurityHelper$ServletServiceAction.run(StubSecurityHelper.java:227)

       

      errorPage.png

       

      The URL that is called is : http://snelnxi41.internal.timbrasil.com.br:10201/oaam_server/loginPage.jsp/obrareq.cgi?encquery%3DiIVyEo5E7%2FDij8INaOcGghuUromnfmGdf0X1Aq%2BFh9kpqlTTX%2FLvkhpktqUe6UUvGscqIV%2BSd2SdaoIBlk8WvKYGcTHiaTN4BCWg77lDlPObI%2BeOF4tWc2dHuB3c%2FNmrWbuisMzwy1LhHOZbo02POEBaKCgLZQkU3pFGcm7XCcyciOSEkrNW%2Bv10EEqRTNuOUK%2BzS297lFoARXUMgY7jss5KoZtj%2FGv9%2Bs7OnWO%2B2GtPF2PEC8LTgUT65zc4TyIr83yejKKRjeCHTfgJWGPSWoATvwFNfR71IwgthV5wYwhdBcGX4Ld8Ii0Sghwmhsaf6%2Fa0x2J7na5bvT9wWq1SfxmywVl3B4hnOEFUhdX%2FyEc%3D%20agentid%3DIdentityManager_Agent%20ver%3D1%20crmethod%3D2

       

       

      Anyone can help with this problem?

       

      Thanks in advance

        • 1. Re: Exception when calling TAPScheme
          amey g

          Hello,

           

          Is this fresh installation? Are you getting this problem after first start?

           

          Are you using same MW_HOME was used for OID  and for OAM?

           

          Please check Oracle Fusion Middleware Security: Domain Architecture and Middleware Homes Revisited

           

          Thanks,

          Amey

          • 2. Re: Exception when calling TAPScheme
            Kaial

            Hi Amey,

             

            Yes, this is a fresh instalation. I have copied the properties of Authentication Scheme from another environment (that works) to this one and now i am getting the following error.

             

            Authentication Scheme configuration:

             

            authenticationScheme.png

             

            Error Log

             

            [2016-06-06T16:32:27.030-03:00] [oam_server1] [WARNING] [] [oracle.oam.commonutil] [tid: [ACTIVE].ExecuteThread: '1' for queue: 'weblogic.kernel.Default (self-tuning)'] [userId: <anonymous>] [ecid: 005DA4Xu_F20FwX5LvWBye0001^W00004y,0:1] [APP: oam_server#11.1.2.0.0] OAM-02071

            [2016-06-06T16:32:27.047-03:00] [oam_server1] [ERROR] [OAM-00002] [oracle.oam.binding] [tid: [ACTIVE].ExecuteThread: '1' for queue: 'weblogic.kernel.Default (self-tuning)'] [userId: <anonymous>] [ecid: 005DA4Xu_F20FwX5LvWBye0001^W00004y,0:1] [APP: oam_server#11.1.2.0.0] Error occurred while handling the request.[[

            oracle.security.am.common.utilities.exception.AmRuntimeException: OAM-02070

              at oracle.security.am.controller.util.ControllerUtil.lookupBaseURL(ControllerUtil.java:231)

              at oracle.security.am.controller.util.ControllerUtil.getCredentialChallengeURL(ControllerUtil.java:171)

              at oracle.security.am.engines.enginecontroller.CredCollectEngineController.handleCollectCredentials(CredCollectEngineController.java:1321)

              at oracle.security.am.engines.enginecontroller.CredCollectEngineController.processEvent(CredCollectEngineController.java:266)

              at oracle.security.am.controller.MasterController.processEvent(MasterController.java:596)

              at oracle.security.am.controller.MasterController.processRequest(MasterController.java:788)


            Error Page


            errorPageDefautl.png

             

            The URL that is in error page is: https://authsandbox.tim.com.br/oam/server/obrareq.cgi?encquery%3D7UQ3I01ImwgkYHJWS6kRvKmSm%2BSV1Rj013bytqAGE%2FS2km%2FAR…


            Can anyone help me solve this problem?

             

            Thanks in advance.

            • 3. Re: Exception when calling TAPScheme
              handat

              Did you run registerThirdPartyTAPPartner? In addition to setting the correct values in the authentication scheme, it also specifies which keystore to use with it.

              1 person found this helpful
              • 4. Re: Exception when calling TAPScheme
                Kaial

                Hi guys,

                 

                I have had a little progress in this case. first of all, i made the registration as Handat sugested, but now i have another problem. When i request for an protected URL (By TAPScheme), my user is not being identified, since i was authenticated (not by TAPScheme).

                For example, i access another resource and authenticate with success, if i request an TAPScheme protected URL, the OAAM is asking to authenticate again, showing the message below in log:

                 

                FREFBMjVEMUZDODUxNTgzODRGMTk4REZFOTlCRTJFREQ0QUU4QjQ0Q0M0MjJCNDdCN0ZGNjQ4QjkyRTJDNzdEQkIyNDRCNTFGQkQ0QTcyQTQ0Mw==[[

                oracle.security.am.common.dap.exceptions.CryptoException: OAM-17010

                        at oracle.security.am.common.dap.util.CryptoUtil.ssoDecryptString(CryptoUtil.java:662)

                        at oracle.security.am.common.dap.util.CryptoUtil.decrypt(CryptoUtil.java:241)

                        <STACK>

                        at weblogic.servlet.internal.ServletRequestImpl.run(ServletRequestImpl.java:1491)

                        at weblogic.work.ExecuteThread.execute(ExecuteThread.java:256)

                        at weblogic.work.ExecuteThread.run(ExecuteThread.java:221)

                Caused by: javax.crypto.BadPaddingException: Given final block not properly padded

                        at com.sun.crypto.provider.CipherCore.doFinal(CipherCore.java:811)

                        at com.sun.crypto.provider.CipherCore.doFinal(CipherCore.java:676)

                        at com.sun.crypto.provider.AESCipher.engineDoFinal(AESCipher.java:313)

                        at javax.crypto.Cipher.doFinal(Cipher.java:2131)

                        at oracle.security.am.common.dap.util.CryptoUtil.ssoDecryptString(CryptoUtil.java:647)

                        ... 49 more

                ]]


                I figured out that when i insert the flag MatchLDAPAttribute=cn in TAPScheme authentication Scheme, i am having the following error page:

                 

                errorPageDefautl.png

                The log is:

                005DA4Xu_F20FwX5LvWBye0001^W00004y,0:1] [APP: oam_server#11.1.2.0.0] Error occurred while handling the request.[[

                oracle.security.am.common.utilities.exception.AmRuntimeException: OAM-02070

                  at oracle.security.am.controller.util.ControllerUtil.lookupBaseURL(ControllerUtil.java:231)

                  at oracle.security.am.controller.util.ControllerUtil.getCredentialChallengeURL(ControllerUtil.java:171)

                 

                How can i fix this problem? In all tutorials of integration between OAM and OAAM, they ask to insert the MatchLDAPAttribute flag, but it is not working. I think that if i dont pass this value, the token will not be decrypted correctly, resulting in the error shown first. So if i fix this i could get the correct scenario.


                Thanks in advance for any help.

                • 5. Re: Exception when calling TAPScheme
                  handat

                  There is an additional jdbc datasource (OAAM_SERVER_DS) that you need to assign to the oaam instance via weblogic console.

                  • 6. Re: Exception when calling TAPScheme
                    Kaial

                    Handat,

                     

                    I will check this target as soon as possible (i dont have access to the environment now).

                    Just a question, when i access the OAAM login page and enter an username, i got a redirect to the register KBA and OTP page. Since this is happening, the target of datasource is not correct?

                     

                    Thanks for the help.

                    • 7. Re: Exception when calling TAPScheme
                      Kaial

                      Hi Handat,

                       

                      As i suspected, the datasource is pointing to OAAM cluster. Any solution about the MatchLDAPAttribute flag?

                       

                      datasource.png

                       

                      Thanks in advance.

                      • 8. Re: Exception when calling TAPScheme
                        Kaial

                        Guys,

                         

                        Now i am able to put the MatchLDAPAttribute flag without getting an OAM error, but i´m still getting decryption TAP Token error. Following is the log and error page. I have done the register process but i´m still not able to make the integration with success. Any solutions?

                         

                        [2016-06-08T15:27:09.231-03:00] [oaam_server_server1] [TRACE] [] [org.apache.struts.util.ModuleUtils] [tid: [ACTIVE].ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'] [userId: <anonymous>] [ecid: 0000LKlHA3bDWb05NzS4ye1NM2r400005R,0] [APP: oaam_server#11.1.2.0.0] [SRC_CLASS: org.apache.struts.util.ModuleUtils] [SRC_METHOD: getModuleName] Get module name for path /entry.do

                        [2016-06-08T15:27:09.231-03:00] [oaam_server_server1] [TRACE] [] [org.apache.struts.util.ModuleUtils] [tid: [ACTIVE].ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'] [userId: <anonymous>] [ecid: 0000LKlHA3bDWb05NzS4ye1NM2r400005R,0] [APP: oaam_server#11.1.2.0.0] [SRC_CLASS: org.apache.struts.util.ModuleUtils] [SRC_METHOD: getModuleName] Module name found: default

                        [2016-06-08T15:27:09.232-03:00] [oaam_server_server1] [TRACE] [] [org.apache.struts.action.RequestProcessor] [tid: [ACTIVE].ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'] [userId: <anonymous>] [ecid: 0000LKlHA3bDWb05NzS4ye1NM2r400005R,0] [APP: oaam_server#11.1.2.0.0] [SRC_CLASS: org.apache.struts.action.RequestProcessor] [SRC_METHOD: process] Processing a 'GET' for path '/entry'

                        [2016-06-08T15:27:09.232-03:00] [oaam_server_server1] [TRACE] [] [org.apache.struts.action.RequestProcessor] [tid: [ACTIVE].ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'] [userId: <anonymous>] [ecid: 0000LKlHA3bDWb05NzS4ye1NM2r400005R,0] [APP: oaam_server#11.1.2.0.0] [SRC_CLASS: org.apache.struts.action.RequestProcessor] [SRC_METHOD: processLocale]  Setting user locale 'en_US'

                        [2016-06-08T15:27:09.232-03:00] [oaam_server_server1] [TRACE] [] [org.apache.struts.action.RequestProcessor] [tid: [ACTIVE].ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'] [userId: <anonymous>] [ecid: 0000LKlHA3bDWb05NzS4ye1NM2r400005R,0] [APP: oaam_server#11.1.2.0.0] [SRC_CLASS: org.apache.struts.action.RequestProcessor] [SRC_METHOD: processActionCreate]  Looking for Action instance for class com.bharosa.uio.actions.EntryAction

                        [2016-06-08T15:27:09.264-03:00] [oaam_server_server1] [TRACE] [] [TPE-default] [tid: [ACTIVE].ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'] [userId: <anonymous>] [ecid: 0000LKlHA3bDWb05NzS4ye1NM2r400005R,0] [APP: oaam_server#11.1.2.0.0] [SRC_CLASS: oracle.security.am.common.dap.util.DAPTokenUtil] [SRC_METHOD: parseOAMServerToken]  partnerId:tokenVersionOAAMTAPPartner,v2.0

                        [2016-06-08T15:27:09.266-03:00] [oaam_server_server1] [ERROR] [] [oracle.oaam] [tid: [ACTIVE].ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'] [userId: <anonymous>] [ecid: 0000LKlHA3bDWb05NzS4ye1NM2r400005R,0] [APP: oaam_server#11.1.2.0.0] Error decoding the DAPToken. oamdapToken=v2.0~OAAMTAPPartner~NEU2MzFDODhBRjc0OTEyRDM3NEIzRn40QzkyODEwOEI5NkQ5QkE5MDIyMjY5NzQ3QjY2NDhFRTAyMkM1MTJCfkM4QTg1Mzc0NjEwODJENUU0RDlEMUY0RjY1Mjc2NDUwfjRENDI2QzM3QkRCMTQwMTM5N0JDMkY4REU1MERFMDBDQTA5RkM3QjY1RjNDRjgxQkFCNTg2MDg5NDU4QUZGQzBBN0ExMURBN0NFRkNDMUM1MTdGNzczMUQ2MzcwRjkzQTUzQUEwNUREOEJBRjVGOUE0OTY4OTZFMjIwOTkyNzlEMUQwRUY0N0UwNzI0RkFFOTNCMDQyQTQ2OTlEQUI3Qzk0RDFGQ0M2Q0I4MzQ1REE0ODI3QTk3QUUxOEZGMTA2RjkwQ0ExRUQxMDgxOURCMTYwODlEREVCRkZFMkVDNkY5RjI0NzdGRjJEQTRDNjUxQTk0QkIyRkExMjI5QkM5MjQ2MjQ2NjJGRjFBREM3ODA0QzQ5QUU1QTEyODFCOTczNTI3REE3QzE2NTE1NTI3NTA2NTMxRjg3ODgxN0YxRTdCMjc4REQ3N0EyMDVFREM0OUFCMTM4OUVGOTE5MUU0NEVCQThFRTc1RDg3RDkxMkRCNkQxMkFCRDYwRTMyQUM4QkUwNEFCRkQzQURENTlENUYxNzk4RDQxMDU3QkQxMzBENDk3QjE5OEQ0QkRCNDk3OUQ1REY3NzJBQzYxNzQxNjdCOUM5OTA4RUQ5RjY3Q0NFM0Q2QTZFOTM2MzY4NjFCNEYwOUU5NDkwOTc1ODRBRDgwOEY1MzM2MUQxODUwQjYzMTM1NUFEODkyOUVDNzJGMTc2MzhCM0JDMUJGOEEyMDY1RTBEQjI5RDI5RjlDRTdCOUY3MTdDQTBBOUUxQkQyMThEMTE3OUQwNkU2REVFNTdDQkNBMDMzRjQ4QkUyMzUwOEU4MEUwQ0ZDNEU1RDczMTE2QjBCNkE4MjhGQTZBNTVEQUEwODNFNjI5OTIzRjAxQzEzMEYzQjI4RTdCQTY0QTJBNEYwMjNBOTYwMzE3NDA5RkQ2MjZGMDFGMEQzQzNBRjUyODU5MTYwNTU4NUI2MzJDRjZFOEU2Njg5MzlERTI=[[

                        oracle.security.am.common.dap.exceptions.CryptoException: OAM-17010

                          at oracle.security.am.common.dap.util.CryptoUtil.ssoDecryptString(CryptoUtil.java:662)

                          at oracle.security.am.common.dap.util.CryptoUtil.decrypt(CryptoUtil.java:241)

                          at oracle.security.am.common.dap.util.DAPTokenUtil.parseOAMServerToken(DAPTokenUtil.java:600)

                          at com.bharosa.uio.processor.integration.OAMIntegrationProcessor.onEntry(OAMIntegrationProcessor.java:123)

                        Caused by: javax.crypto.BadPaddingException: Given final block not properly padded

                          at com.sun.crypto.provider.CipherCore.doFinal(CipherCore.java:811)

                          at com.sun.crypto.provider.CipherCore.doFinal(CipherCore.java:676)

                          at com.sun.crypto.provider.AESCipher.engineDoFinal(AESCipher.java:313)

                          at javax.crypto.Cipher.doFinal(Cipher.java:2087)

                          at oracle.security.am.common.dap.util.CryptoUtil.ssoDecryptString(CryptoUtil.java:647)

                          ... 47 more

                        ]]

                         

                        Thanks for any help.

                        • 9. Re: Exception when calling TAPScheme
                          handat

                          Try changing the Token version to v2.1 instead of v2.0

                          • 10. Re: Exception when calling TAPScheme
                            Kaial

                            The problem was that i needed an restart in OAM Servers and Admin to take effect.

                            The registerThirdyParty proccess and restart has worked.

                             

                            Thanks for helping.