Uploaded image for project: 'OpenAM'
  1. OpenAM
  2. OPENAM-10965

Stateless OAuth2 can't verify access and refresh token

    Details

    • Sprint:
      AM Sustaining Sprint 36
    • Story Points:
      2
    • Support Ticket IDs:

      Description

      Description

      When verifying a stateless refresh token signed with RSA or EC, AM is trying to load the private key instead of the public key and failed to validate a refresh token.

      It prevent using stateless refresh token.

      OAuth2Provider:03/24/2017 12:02:45:774 AM UTC: Thread[http-bio-8080-exec-9,5,main]: TransactionId[48d06887-4d6f-41d3-8d13-d1a0b6a749d6-123] 
      WARNING: Unhandled exception: Internal Server Error (500) - The server encountered an unexpected condition which prevented it from fulfilling the request 
      Internal Server Error (500) - The server encountered an unexpected condition which prevented it from fulfilling the request 
      at org.restlet.resource.ServerResource.doHandle(ServerResource.java:539) 
      at org.restlet.resource.ServerResource.post(ServerResource.java:1377) 
      at org.restlet.resource.ServerResource.doHandle(ServerResource.java:620) 
      at org.restlet.resource.ServerResource.doNegotiatedHandle(ServerResource.java:678) 
      at org.restlet.resource.ServerResource.doConditionalHandle(ServerResource.java:356) 
      at org.restlet.resource.ServerResource.handle(ServerResource.java:1043) 
      at org.restlet.resource.Finder.handle(Finder.java:236) 
      at org.restlet.routing.Filter.doHandle(Filter.java:150) 
      at org.restlet.routing.Filter.handle(Filter.java:197) 
      at org.restlet.routing.Filter.doHandle(Filter.java:150) 
      at org.restlet.routing.Filter.handle(Filter.java:197) 
      at org.restlet.routing.Filter.doHandle(Filter.java:150) 
      at org.restlet.routing.Filter.handle(Filter.java:197) 
      at org.restlet.routing.Router.doHandle(Router.java:422) 
      at org.forgerock.openam.rest.service.RestletRealmRouter.doHandle(RestletRealmRouter.java:121) 
      at org.restlet.routing.Router.handle(Router.java:639) 
      at org.restlet.routing.Filter.doHandle(Filter.java:150) 
      at org.restlet.routing.Filter.handle(Filter.java:197) 
      at org.restlet.routing.Filter.doHandle(Filter.java:150) 
      at org.restlet.routing.Filter.handle(Filter.java:197) 
      at org.restlet.routing.Filter.doHandle(Filter.java:150) 
      at org.restlet.engine.application.StatusFilter.doHandle(StatusFilter.java:140) 
      at org.restlet.routing.Filter.handle(Filter.java:197) 
      at org.restlet.routing.Filter.doHandle(Filter.java:150) 
      at org.restlet.routing.Filter.handle(Filter.java:197) 
      at org.restlet.engine.CompositeHelper.handle(CompositeHelper.java:202) 
      at org.restlet.engine.application.ApplicationHelper.handle(ApplicationHelper.java:75) 
      at org.restlet.Application.handle(Application.java:385) 
      at org.restlet.routing.Filter.doHandle(Filter.java:150) 
      at org.restlet.routing.Filter.handle(Filter.java:197) 
      at org.restlet.routing.Router.doHandle(Router.java:422) 
      at org.restlet.routing.Router.handle(Router.java:639) 
      at org.restlet.routing.Filter.doHandle(Filter.java:150) 
      at org.restlet.routing.Filter.handle(Filter.java:197) 
      at org.restlet.routing.Router.doHandle(Router.java:422) 
      at org.restlet.routing.Router.handle(Router.java:639) 
      at org.restlet.routing.Filter.doHandle(Filter.java:150) 
      at org.restlet.routing.Filter.handle(Filter.java:197) 
      at org.restlet.engine.CompositeHelper.handle(CompositeHelper.java:202) 
      at org.restlet.Component.handle(Component.java:408) 
      at org.restlet.Server.handle(Server.java:507) 
      at org.restlet.engine.connector.ServerHelper.handle(ServerHelper.java:63) 
      at org.restlet.engine.adapter.HttpServerHelper.handle(HttpServerHelper.java:143) 
      at org.restlet.ext.servlet.ServerServlet.service(ServerServlet.java:1117) 
      at org.forgerock.openam.rest.RestEndpointServlet.service(RestEndpointServlet.java:130) 
      at javax.servlet.http.HttpServlet.service(HttpServlet.java:731) 
      at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:303) 
      at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208) 
      at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52) 
      at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241) 
      at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208) 
      at org.forgerock.openam.validation.ResponseValidationFilter.doFilter(ResponseValidationFilter.java:44) 
      at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241) 
      at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208) 
      at com.sun.identity.setup.AMSetupFilter.doFilter(AMSetupFilter.java:111) 
      at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241) 
      at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208) 
      at org.forgerock.openam.audit.context.AuditContextFilter.doFilter(AuditContextFilter.java:51) 
      at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241) 
      at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208) 
      at org.forgerock.openam.cors.CORSFilter.doFilter(CORSFilter.java:120) 
      at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241) 
      at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208) 
      at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:218) 
      at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:122) 
      at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:505) 
      at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:169) 
      at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:103) 
      at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:958) 
      at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:116) 
      at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:452) 
      at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1087) 
      at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:637) 
      at org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:316) 
      at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145) 
      at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615) 
      at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61) 
      at java.lang.Thread.run(Thread.java:745) 
      Caused by: org.forgerock.oauth2.restlet.OAuth2RestletException: RSA requires public key for signature verification. 
      at org.forgerock.oauth2.restlet.RefreshTokenResource.token(RefreshTokenResource.java:87) 
      at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) 
      at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57) 
      at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) 
      at java.lang.reflect.Method.invoke(Method.java:606) 
      at org.restlet.resource.ServerResource.doHandle(ServerResource.java:520) 
      ... 77 more
      

        Attachments

          Activity

            People

            • Assignee:
              quentin.castel Quentin CASTEL [X] (Inactive)
              Reporter:
              quentin.castel Quentin CASTEL [X] (Inactive)
            • Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: