Uploaded image for project: 'OpenAM'
  1. OpenAM
  2. OPENAM-10634

Amster should fail with more descriptive messages in case of SSL connection problems

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Resolved
    • Priority: Minor
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: 14.0.0
    • Component/s: Amster
    • Labels:
    • Target Version/s:
    • Rank:
      1|hzsxpb:

      Description

      If the Web Server (where OpenAM is running) presents a certificate which is not trusted, Amster should indicate the trust as the reason for failure. Currently, the following message is observed:

      am> connect -i https://ft-oam.test.forgerock.com:8443/openam
      Could not connect to OpenAM server at https://ft-oam.test.forgerock.com:8443/openam
      Reason: No content to map due to end-of-input
       at [Source: java.io.BufferedReader@39ad977d; line: 1, column: 0]
      

      With debug level (-d) it is possible to see the root cause of the failure:

      am> connect -i https://ft-oam.test.forgerock.com:8443/openam
      DEBUG [org.codehaus.groovy.tools.shell.InteractiveShellRunner] Read line: connect -i https://ft-oam.test.forgerock.com:8443/openam
      DEBUG [org.codehaus.groovy.tools.shell.Groovysh] Executing command(connect): org.forgerock.openam.amster.commands.ConnectCommand@78f5c518; w/args: [-i, https://ft-oam.test.forgerock.com:8443/openam]
      [main] DEBUG org.forgerock.openam.amster.authentication.ConnectionHandler - Sending request
      [main] DEBUG org.apache.http.impl.nio.client.MainClientExec - [exchange: 1] start execution
      [main] DEBUG org.apache.http.client.protocol.RequestAuthCache - Auth cache not set in the context
      [main] DEBUG org.apache.http.impl.nio.client.InternalHttpAsyncClient - [exchange: 1] Request connection for {s}->https://ft-oam.test.forgerock.com:8443
      [main] DEBUG org.apache.http.impl.nio.conn.PoolingNHttpClientConnectionManager - Connection request: [route: {s}->https://ft-oam.test.forgerock.com:8443][total kept alive: 0; route allocated: 0 of 64; total allocated: 0 of 64]
      [I/O dispatcher 1] DEBUG org.apache.http.impl.nio.conn.PoolingNHttpClientConnectionManager - Connection leased: [id: http-outgoing-0][route: {s}->https://ft-oam.test.forgerock.com:8443][total kept alive: 0; route allocated: 1 of 64; total allocated: 1 of 64]
      [I/O dispatcher 1] DEBUG org.apache.http.impl.nio.client.InternalHttpAsyncClient - [exchange: 1] Connection allocated: CPoolProxy{http-outgoing-0 [ACTIVE]}
      [I/O dispatcher 1] DEBUG org.apache.http.impl.nio.conn.ManagedNHttpClientConnectionImpl - http-outgoing-0 10.1.10.83:59484<->10.1.3.18:8443[ACTIVE][r:]: Set attribute http.nio.exchange-handler
      [I/O dispatcher 1] DEBUG org.apache.http.impl.nio.conn.ManagedNHttpClientConnectionImpl - http-outgoing-0 10.1.10.83:59484<->10.1.3.18:8443[ACTIVE][rw:]: Event set [w]
      [I/O dispatcher 1] DEBUG org.apache.http.impl.nio.conn.ManagedNHttpClientConnectionImpl - http-outgoing-0 10.1.10.83:59484<->10.1.3.18:8443[ACTIVE][rw:]: Set timeout 10000
      [I/O dispatcher 1] DEBUG org.apache.http.impl.nio.client.InternalIODispatch - http-outgoing-0 [ACTIVE]: Connected
      [I/O dispatcher 1] DEBUG org.apache.http.impl.nio.conn.ManagedNHttpClientConnectionImpl - http-outgoing-0 10.1.10.83:59484<->10.1.3.18:8443[ACTIVE][rw:]: Set attribute http.nio.http-exchange-state
      [I/O dispatcher 1] DEBUG org.apache.http.impl.nio.client.InternalHttpAsyncClient - Start connection routing
      [I/O dispatcher 1] DEBUG org.apache.http.impl.nio.conn.ManagedNHttpClientConnectionImpl - http-outgoing-0 Upgrade session 10.1.10.83:59484<->10.1.3.18:8443[ACTIVE][rw:][ACTIVE][rw][NEED_UNWRAP][0][0][246][0]
      [I/O dispatcher 1] DEBUG org.apache.http.impl.nio.client.MainClientExec - Connection route established
      [I/O dispatcher 1] DEBUG org.apache.http.impl.nio.client.MainClientExec - [exchange: 1] Attempt 1 to execute request
      [I/O dispatcher 1] DEBUG org.apache.http.impl.nio.client.MainClientExec - Target auth state: UNCHALLENGED
      [I/O dispatcher 1] DEBUG org.apache.http.impl.nio.client.MainClientExec - Proxy auth state: UNCHALLENGED
      [I/O dispatcher 1] DEBUG org.apache.http.headers - http-outgoing-0 >> POST /openam/json/authenticate?authIndexType=service&authIndexValue=adminconsoleservice HTTP/1.1
      [I/O dispatcher 1] DEBUG org.apache.http.headers - http-outgoing-0 >> Content-Length: 2
      [I/O dispatcher 1] DEBUG org.apache.http.headers - http-outgoing-0 >> Content-Type: application/json; charset=UTF-8
      [I/O dispatcher 1] DEBUG org.apache.http.headers - http-outgoing-0 >> Host: ft-oam.test.forgerock.com:8443
      [I/O dispatcher 1] DEBUG org.apache.http.headers - http-outgoing-0 >> Connection: Keep-Alive
      [I/O dispatcher 1] DEBUG org.apache.http.headers - http-outgoing-0 >> User-Agent: Apache-HttpAsyncClient/4.1.2 (Java/1.8.0_25)
      [I/O dispatcher 1] DEBUG org.apache.http.impl.nio.conn.ManagedNHttpClientConnectionImpl - http-outgoing-0 10.1.10.83:59484<->10.1.3.18:8443[ACTIVE][rw:][ACTIVE][rw][NEED_UNWRAP][0][0][246][0]: Event set [w]
      [I/O dispatcher 1] DEBUG org.apache.http.impl.nio.client.InternalIODispatch - http-outgoing-0 [ACTIVE] Exception
      javax.net.ssl.SSLHandshakeException: General SSLEngine problem
      	at sun.security.ssl.Handshaker.checkThrown(Handshaker.java:1375)
      	at sun.security.ssl.SSLEngineImpl.checkTaskThrown(SSLEngineImpl.java:529)
      	at sun.security.ssl.SSLEngineImpl.writeAppRecord(SSLEngineImpl.java:1194)
      	at sun.security.ssl.SSLEngineImpl.wrap(SSLEngineImpl.java:1166)
      	at javax.net.ssl.SSLEngine.wrap(SSLEngine.java:469)
      	at org.apache.http.nio.reactor.ssl.SSLIOSession.doWrap(SSLIOSession.java:265)
      	at org.apache.http.nio.reactor.ssl.SSLIOSession.doHandshake(SSLIOSession.java:305)
      	at org.apache.http.nio.reactor.ssl.SSLIOSession.isAppInputReady(SSLIOSession.java:509)
      	at org.apache.http.impl.nio.reactor.AbstractIODispatch.inputReady(AbstractIODispatch.java:120)
      	at org.apache.http.impl.nio.reactor.BaseIOReactor.readable(BaseIOReactor.java:162)
      	at org.apache.http.impl.nio.reactor.AbstractIOReactor.processEvent(AbstractIOReactor.java:337)
      	at org.apache.http.impl.nio.reactor.AbstractIOReactor.processEvents(AbstractIOReactor.java:315)
      	at org.apache.http.impl.nio.reactor.AbstractIOReactor.execute(AbstractIOReactor.java:276)
      	at org.apache.http.impl.nio.reactor.BaseIOReactor.execute(BaseIOReactor.java:104)
      	at org.apache.http.impl.nio.reactor.AbstractMultiworkerIOReactor$Worker.run(AbstractMultiworkerIOReactor.java:588)
      	at java.lang.Thread.run(Thread.java:745)
      Caused by: javax.net.ssl.SSLHandshakeException: General SSLEngine problem
      	at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)
      	at sun.security.ssl.SSLEngineImpl.fatal(SSLEngineImpl.java:1708)
      	at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:303)
      	at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:295)
      	at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1471)
      	at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:212)
      	at sun.security.ssl.Handshaker.processLoop(Handshaker.java:936)
      	at sun.security.ssl.Handshaker$1.run(Handshaker.java:876)
      	at sun.security.ssl.Handshaker$1.run(Handshaker.java:873)
      	at java.security.AccessController.doPrivileged(Native Method)
      	at sun.security.ssl.Handshaker$DelegatedTask.run(Handshaker.java:1313)
      	at org.apache.http.nio.reactor.ssl.SSLIOSession.doRunTask(SSLIOSession.java:283)
      	at org.apache.http.nio.reactor.ssl.SSLIOSession.doHandshake(SSLIOSession.java:353)
      	... 9 more
      Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
      	at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:387)
      	at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:292)
      	at sun.security.validator.Validator.validate(Validator.java:260)
      	at sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:324)
      	at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:281)
      	at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:136)
      	at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1458)
      	... 17 more
      Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
      	at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:145)
      	at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:131)
      	at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:280)
      	at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:382)
      	... 23 more
      [I/O dispatcher 1] DEBUG org.apache.http.impl.nio.conn.ManagedNHttpClientConnectionImpl - http-outgoing-0 10.1.10.83:59484<->10.1.3.18:8443[ACTIVE][r:r][ACTIVE][rw][NEED_WRAP][inbound done][][0][0][0][0]: Shutdown
      [I/O dispatcher 1] DEBUG org.apache.http.impl.nio.conn.ManagedNHttpClientConnectionImpl - http-outgoing-0 0.0.0.0:59484<->10.1.3.18:8443[CLOSED][][CLOSED][rw][NEED_WRAP][inbound done][][0][0][0][0]: Shutdown
      [I/O dispatcher 1] DEBUG org.apache.http.impl.nio.client.InternalHttpAsyncClient - [exchange: 1] connection aborted
      [I/O dispatcher 1] DEBUG org.apache.http.impl.nio.conn.PoolingNHttpClientConnectionManager - Releasing connection: [id: http-outgoing-0][route: {s}->https://ft-oam.test.forgerock.com:8443][total kept alive: 0; route allocated: 1 of 64; total allocated: 1 of 64]
      [I/O dispatcher 1] DEBUG org.apache.http.impl.nio.conn.PoolingNHttpClientConnectionManager - Connection released: [id: http-outgoing-0][route: {s}->https://ft-oam.test.forgerock.com:8443][total kept alive: 0; route allocated: 0 of 64; total allocated: 0 of 64]
      [I/O dispatcher 1] DEBUG org.apache.http.impl.nio.client.InternalIODispatch - http-outgoing-0 [CLOSED]: Disconnected
      [main] DEBUG org.apache.http.impl.nio.conn.PoolingNHttpClientConnectionManager - Connection manager is shutting down
      [main] DEBUG org.apache.http.impl.nio.conn.PoolingNHttpClientConnectionManager - Connection manager shut down
      Could not connect to OpenAM server at https://ft-oam.test.forgerock.com:8443/openam
      Reason: No content to map due to end-of-input
       at [Source: java.io.BufferedReader@34dc85a; line: 1, column: 0]
      DEBUG [org.codehaus.groovy.tools.shell.Groovysh] Result: null 
      

        Attachments

          Activity

            People

            Assignee:
            sean.oneill Sean ONeill [X] (Inactive)
            Reporter:
            n4al Nemanja Lukic
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved: