如何解决WSO2 Identity Server和Analytics无法正常运行
我尝试使用docker-compose运行WSO2身份服务器5.9.0和Analytics 5.8.0(我遵循此说明:https://github.com/wso2/docker-is/tree/5.9.x/docker-compose/is-with-analytics)
使用管理员帐户登录localhost:9443 / dashboard后,出现以下错误。
identity-server_1 | [2020-10-08 01:18:11,521] [cc08159e-92a6-41ce-a34c-f1ff61a15600] ERROR {org.wso2.carbon.databridge.agent.endpoint.DataEndpointConnectionWorker} - Error while trying to connect to the endpoint. Cannot borrow client for ssl://identity-server-analytics-worker:7712. org.wso2.carbon.databridge.agent.exception.DataEndpointLoginException: Cannot borrow client for ssl://identity-server-analytics-worker:7712.
identity-server_1 | at org.wso2.carbon.databridge.agent.endpoint.DataEndpointConnectionWorker.connect(DataEndpointConnectionWorker.java:145)
identity-server_1 | at org.wso2.carbon.databridge.agent.endpoint.DataEndpointConnectionWorker.run(DataEndpointConnectionWorker.java:59)
identity-server_1 | at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511)
identity-server_1 | at java.util.concurrent.FutureTask.run(FutureTask.java:266)
identity-server_1 | at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
identity-server_1 | at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
identity-server_1 | at java.lang.Thread.run(Thread.java:748)
identity-server_1 | Caused by: org.wso2.carbon.databridge.agent.exception.DataEndpointLoginException: Error while trying to login to the data receiver.
identity-server_1 | at org.wso2.carbon.databridge.agent.endpoint.thrift.ThriftDataEndpoint.login(ThriftDataEndpoint.java:54)
identity-server_1 | at org.wso2.carbon.databridge.agent.endpoint.DataEndpointConnectionWorker.connect(DataEndpointConnectionWorker.java:139)
identity-server_1 | ... 6 more
identity-server_1 | Caused by: org.apache.thrift.transport.TTransportException: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
identity-server_1 | at org.apache.thrift.transport.TIOStreamTransport.flush(TIOStreamTransport.java:161)
identity-server_1 | at org.apache.thrift.TServiceClient.sendBase(TServiceClient.java:73)
identity-server_1 | at org.apache.thrift.TServiceClient.sendBase(TServiceClient.java:62)
identity-server_1 | at org.wso2.carbon.databridge.commons.thrift.service.secure.ThriftSecureEventTransmissionService$Client.send_connect(ThriftSecureEventTransmissionService.java:104)
identity-server_1 | at org.wso2.carbon.databridge.commons.thrift.service.secure.ThriftSecureEventTransmissionService$Client.connect(ThriftSecureEventTransmissionService.java:95)
identity-server_1 | at org.wso2.carbon.databridge.agent.endpoint.thrift.ThriftDataEndpoint.login(ThriftDataEndpoint.java:47)
identity-server_1 | ... 7 more
identity-server_1 | Caused by: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
identity-server_1 | at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)
identity-server_1 | at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1946)
identity-server_1 | at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:316)
identity-server_1 | at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:310)
identity-server_1 | at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1639)
identity-server_1 | at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:223)
identity-server_1 | at sun.security.ssl.Handshaker.processLoop(Handshaker.java:1037)
identity-server_1 | at sun.security.ssl.Handshaker.process_record(Handshaker.java:965)
identity-server_1 | at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1064)
identity-server_1 | at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1367)
identity-server_1 | at sun.security.ssl.SSLSocketImpl.writeRecord(SSLSocketImpl.java:750)
identity-server_1 | at sun.security.ssl.AppOutputStream.write(AppOutputStream.java:123)
identity-server_1 | at java.io.BufferedOutputStream.flushBuffer(BufferedOutputStream.java:82)
identity-server_1 | at java.io.BufferedOutputStream.flush(BufferedOutputStream.java:140)
identity-server_1 | at org.apache.thrift.transport.TIOStreamTransport.flush(TIOStreamTransport.java:159)
identity-server_1 | ... 12 more
identity-server_1 | Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
identity-server_1 | at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:397)
identity-server_1 | at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:302)
identity-server_1 | at sun.security.validator.Validator.validate(Validator.java:262)
identity-server_1 | at sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:330)
identity-server_1 | at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:237)
identity-server_1 | at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:132)
identity-server_1 | at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1621)
identity-server_1 | ... 22 more
identity-server_1 | Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
identity-server_1 | at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141)
identity-server_1 | at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126)
identity-server_1 | at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:280)
identity-server_1 | at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:392)
identity-server_1 | ... 28 more
identity-server_1 |
identity-server_1 | [2020-10-08 01:18:16,164] [cc08159e-92a6-41ce-a34c-f1ff61a15600] WARN {org.apache.thrift.transport.TIOStreamTransport} - Error closing output stream. java.net.SocketException: Socket is closed
identity-server_1 | at sun.security.ssl.SSLSocketImpl.checkEOF(SSLSocketImpl.java:1524)
identity-server_1 | at sun.security.ssl.SSLSocketImpl.checkWrite(SSLSocketImpl.java:1545)
identity-server_1 | at sun.security.ssl.AppOutputStream.write(AppOutputStream.java:71)
identity-server_1 | at java.io.BufferedOutputStream.flushBuffer(BufferedOutputStream.java:82)
identity-server_1 | at java.io.BufferedOutputStream.flush(BufferedOutputStream.java:140)
identity-server_1 | at java.io.FilterOutputStream.close(FilterOutputStream.java:158)
identity-server_1 | at org.apache.thrift.transport.TIOStreamTransport.close(TIOStreamTransport.java:110)
identity-server_1 | at org.apache.thrift.transport.TSocket.close(TSocket.java:235)
identity-server_1 | at org.wso2.carbon.databridge.agent.endpoint.thrift.ThriftSecureClientPoolFactory.terminateClient(ThriftSecureClientPoolFactory.java:99)
identity-server_1 | at org.wso2.carbon.databridge.agent.client.AbstractClientPoolFactory.destroyObject(AbstractClientPoolFactory.java:71)
identity-server_1 | at org.apache.commons.pool.impl.GenericKeyedObjectPool.evict(GenericKeyedObjectPool.java:1976)
identity-server_1 | at org.apache.commons.pool.impl.GenericKeyedObjectPool$Evictor.run(GenericKeyedObjectPool.java:2350)
identity-server_1 | at java.util.TimerThread.mainLoop(Timer.java:555)
identity-server_1 | at java.util.TimerThread.run(Timer.java:505)
identity-server_1 |
此外,进入分析仪表板(https:// localhost:9643 / portal /)时出现以下错误
identity-server-analytics-dashboard_1 | [2020-10-08 01:24:22,273] ERROR {org.wso2.transport.http.netty.contractimpl.listener.WebSocketServerHandshakeHandler} - Error during WebSocket server handshake io.netty.handler.codec.DecoderException: javax.net.ssl.SSLException: Received fatal alert: bad_certificate
identity-server-analytics-dashboard_1 | at io.netty.handler.codec.ByteToMessageDecoder.callDecode(ByteToMessageDecoder.java:459)
identity-server-analytics-dashboard_1 | at io.netty.handler.codec.ByteToMessageDecoder.channelRead(ByteToMessageDecoder.java:265)
identity-server-analytics-dashboard_1 | at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:362)
identity-server-analytics-dashboard_1 | at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:348)
identity-server-analytics-dashboard_1 | at io.netty.channel.AbstractChannelHandlerContext.fireChannelRead(AbstractChannelHandlerContext.java:340)
identity-server-analytics-dashboard_1 | at io.netty.channel.DefaultChannelPipeline$HeadContext.channelRead(DefaultChannelPipeline.java:1359)
identity-server-analytics-dashboard_1 | at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:362)
identity-server-analytics-dashboard_1 | at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:348)
identity-server-analytics-dashboard_1 | at io.netty.channel.DefaultChannelPipeline.fireChannelRead(DefaultChannelPipeline.java:935)
identity-server-analytics-dashboard_1 | at io.netty.channel.nio.AbstractNioByteChannel$NioByteUnsafe.read(AbstractNioByteChannel.java:141)
identity-server-analytics-dashboard_1 | at io.netty.channel.nio.NioEventLoop.processSelectedKey(NioEventLoop.java:645)
identity-server-analytics-dashboard_1 | at io.netty.channel.nio.NioEventLoop.processSelectedKeysOptimized(NioEventLoop.java:580)
identity-server-analytics-dashboard_1 | at io.netty.channel.nio.NioEventLoop.processSelectedKeys(NioEventLoop.java:497)
identity-server-analytics-dashboard_1 | at io.netty.channel.nio.NioEventLoop.run(NioEventLoop.java:459)
identity-server-analytics-dashboard_1 | at io.netty.util.concurrent.SingleThreadEventExecutor$5.run(SingleThreadEventExecutor.java:886)
identity-server-analytics-dashboard_1 | at io.netty.util.concurrent.FastThreadLocalRunnable.run(FastThreadLocalRunnable.java:30)
identity-server-analytics-dashboard_1 | at java.lang.Thread.run(Thread.java:748)
identity-server-analytics-dashboard_1 | Caused by: javax.net.ssl.SSLException: Received fatal alert: bad_certificate
identity-server-analytics-dashboard_1 | at sun.security.ssl.Alerts.getSSLException(Alerts.java:208)
identity-server-analytics-dashboard_1 | at sun.security.ssl.SSLEngineImpl.fatal(SSLEngineImpl.java:1647)
identity-server-analytics-dashboard_1 | at sun.security.ssl.SSLEngineImpl.fatal(SSLEngineImpl.java:1615)
identity-server-analytics-dashboard_1 | at sun.security.ssl.SSLEngineImpl.recvAlert(SSLEngineImpl.java:1781)
identity-server-analytics-dashboard_1 | at sun.security.ssl.SSLEngineImpl.readRecord(SSLEngineImpl.java:1070)
identity-server-analytics-dashboard_1 | at sun.security.ssl.SSLEngineImpl.readNetRecord(SSLEngineImpl.java:896)
identity-server-analytics-dashboard_1 | at sun.security.ssl.SSLEngineImpl.unwrap(SSLEngineImpl.java:766)
identity-server-analytics-dashboard_1 | at javax.net.ssl.SSLEngine.unwrap(SSLEngine.java:624)
identity-server-analytics-dashboard_1 | at io.netty.handler.ssl.SslHandler$SslEngineType$3.unwrap(SslHandler.java:292)
identity-server-analytics-dashboard_1 | at io.netty.handler.ssl.SslHandler.unwrap(SslHandler.java:1248)
identity-server-analytics-dashboard_1 | at io.netty.handler.ssl.SslHandler.decodeJdkCompatible(SslHandler.java:1159)
identity-server-analytics-dashboard_1 | at io.netty.handler.ssl.SslHandler.decode(SslHandler.java:1194)
identity-server-analytics-dashboard_1 | at io.netty.handler.codec.ByteToMessageDecoder.decodeRemovalReentryProtection(ByteToMessageDecoder.java:489)
identity-server-analytics-dashboard_1 | at io.netty.handler.codec.ByteToMessageDecoder.callDecode(ByteToMessageDecoder.java:428)
identity-server-analytics-dashboard_1 | ... 16 more
identity-server-analytics-dashboard_1 |
并且分析的仪表板未检测到Identity Server的登录日志。我想正确使用分析功能,并清楚地检测出登录日志。
我正在使用Ubuntu 18.04 LTS。我该如何解决?
解决方法
查看堆栈跟踪,似乎您的Analytics Server的公共证书没有导入到Identity Server的client-truststore.jks中。 (需要重新启动)
使用以下命令导出Analytics服务器的公共证书。
keytool -exportcert -keystore wso2carbon.jks -alias [alias] -file cert.cer
使用以下命令将提取的证书导入到Identity Server的客户端信任库中。
keytool -importcert -file cert.cer -keystore client-truststore.jks -alias wso2-analytics
重新启动Identity Server。
PS
要查找第一个命令的alias值,您可能必须使用以下命令列出Analytics Server的wso2carbon.jks的所有证书,并找到表示为PrivateKeyEntry的证书。使用该证书的别名。
keytool -list -v -keystore wso2carbon.jks
版权声明:本文内容由互联网用户自发贡献,该文观点与技术仅代表作者本人。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌侵权/违法违规的内容, 请发送邮件至 dio@foxmail.com 举报,一经查实,本站将立刻删除。
