在 wso2-IoT 上更改 IP 和证书时出错
Error when changing IP and certificate on wso2-IoT
我刚刚安装了新版本的wso2-iot(3.1.0)。
我为了远程使用它,我已经用脚本 /scripts/change-ip.sh.
将 IP 从本地主机更改为我服务器的 IP 地址
似乎一切正常,但是当我登录 https://IP:9443/devicemgr 时,我收到以下消息:
An Error Occurred!
HTTP Status : 500
org.wso2.carbon.apimgt.integration.client.exception.APIMClientOAuthException: failed to retrieve oauth token using jwt
有人遇到过同样的问题吗?
有解决办法吗?
谢谢
我尝试在 3 台服务器上安装 wso2-iot :
- 它适用于带有 openjdk 版本“1.8.0_141”的 Debian 9.1
- 我在 openjdk 版本“1.8.0_141”的 Debian 8.8 上失败了
- 它在 java 版本“1.8.0_144”
的 Debian 8.7 上失败
问题的一个原因是 IoT_Home/conf/identity/identity-providers/iot_default.xml 中没有正确的证书。请确保正确添加。
原因可能是在 change-ip.sh 脚本中 "sed -e" 在某些 linux os 版本上不起作用。
当我 运行 io-server.sh 脚本时,我收到 java 下面的消息
[2017-09-04 09:25:05,244] [IoT-Core] INFO - {org.wso2.carbon.ui.internal.CarbonUIServiceComponent} Mgt Console URL : https://10.5.0.68:9443/carbon/
[2017-09-04 09:25:11,654] [IoT-Core] ERROR - {org.apache.synapse.transport.passthru.TargetHandler} I/O error: Host name verification failed for host : ducky.domaine-mairie.lan
javax.net.ssl.SSLException: Host name verification failed for host : ducky.domaine-mairie.lan
at org.apache.synapse.transport.http.conn.ClientSSLSetupHandler.verify(ClientSSLSetupHandler.java:171)
at org.apache.http.nio.reactor.ssl.SSLIOSession.doHandshake(SSLIOSession.java:308)
at org.apache.http.nio.reactor.ssl.SSLIOSession.isAppInputReady(SSLIOSession.java:410)
at org.apache.http.impl.nio.reactor.AbstractIODispatch.inputReady(AbstractIODispatch.java:119)
at org.apache.http.impl.nio.reactor.BaseIOReactor.readable(BaseIOReactor.java:159)
at org.apache.http.impl.nio.reactor.AbstractIOReactor.processEvent(AbstractIOReactor.java:338)
at org.apache.http.impl.nio.reactor.AbstractIOReactor.processEvents(AbstractIOReactor.java:316)
at org.apache.http.impl.nio.reactor.AbstractIOReactor.execute(AbstractIOReactor.java:277)
at org.apache.http.impl.nio.reactor.BaseIOReactor.execute(BaseIOReactor.java:105)
at org.apache.http.impl.nio.reactor.AbstractMultiworkerIOReactor$Worker.run(AbstractMultiworkerIOReactor.java:586)
at java.lang.Thread.run(Thread.java:748)
[2017-09-04 09:25:11,726] [IoT-Core] WARN - {org.apache.synapse.endpoints.EndpointContext} Endpoint : AnonymousEndpoint with address https://{uri.var.hostname}:{uri.var.portnum}/oauth2/token will be marked SUSPENDED as it failed
[2017-09-04 09:25:11,728] [IoT-Core] WARN - {org.apache.synapse.endpoints.EndpointContext} Suspending endpoint : AnonymousEndpoint with address https://{uri.var.hostname}:{uri.var.portnum}/oauth2/token - current suspend duration is : 30000ms - Next retry after : Mon Sep 04 09:25:41 CEST 2017
Exception in thread "Thread-36" org.wso2.carbon.apimgt.integration.client.exception.APIMClientOAuthException: failed to retrieve oauth token using jwt
at org.wso2.carbon.apimgt.integration.client.OAuthRequestInterceptor.apply(OAuthRequestInterceptor.java:118)
at feign.SynchronousMethodHandler.targetRequest(SynchronousMethodHandler.java:158)
at feign.SynchronousMethodHandler.executeAndDecode(SynchronousMethodHandler.java:88)
at feign.SynchronousMethodHandler.invoke(SynchronousMethodHandler.java:76)
at feign.ReflectiveFeign$FeignInvocationHandler.invoke(ReflectiveFeign.java:103)
at com.sun.proxy.$Proxy40.apisGet(Unknown Source)
at org.wso2.carbon.apimgt.webapp.publisher.APIPublisherServiceImpl.publishAPI(APIPublisherServiceImpl.java:53)
at org.wso2.carbon.apimgt.webapp.publisher.APIPublisherStartupHandler.publishAPIs(APIPublisherStartupHandler.java:97)
at org.wso2.carbon.apimgt.webapp.publisher.APIPublisherStartupHandler.access0(APIPublisherStartupHandler.java:30)
at org.wso2.carbon.apimgt.webapp.publisher.APIPublisherStartupHandler.run(APIPublisherStartupHandler.java:69)
at java.lang.Thread.run(Thread.java:748)
Caused by: org.wso2.carbon.identity.jwt.client.extension.exception.JWTClientException: Error when parsing the response <am:fault xmlns:am="http://wso2.org/apimanager"><am:code>101500</am:code><am:type>Status report</am:type><am:message>Runtime Error</am:message><am:description>Error in Sender</am:description></am:fault>
at org.wso2.carbon.identity.jwt.client.extension.JWTClient.getTokenInfo(JWTClient.java:169)
at org.wso2.carbon.identity.jwt.client.extension.JWTClient.getAccessToken(JWTClient.java:79)
at org.wso2.carbon.apimgt.integration.client.OAuthRequestInterceptor.apply(OAuthRequestInterceptor.java:99)
... 10 more
Caused by: Unexpected character (<) at position 0.
at org.json.simple.parser.Yylex.yylex(Unknown Source)
at org.json.simple.parser.JSONParser.nextToken(Unknown Source)
at org.json.simple.parser.JSONParser.parse(Unknown Source)
at org.json.simple.parser.JSONParser.parse(Unknown Source)
at org.json.simple.parser.JSONParser.parse(Unknown Source)
at org.wso2.carbon.identity.jwt.client.extension.JWTClient.getTokenInfo(JWTClient.java:153)
... 12 more
其中 10.5.0.68 是我的服务器的 IP,ducky.domaine-mairie.lan 是服务器的名称。显然,该脚本试图使用 dns 名称而不是 IP。
我希望这将有助于解决问题。
change-ip.sh不合我口味定稿。缺少信息
讨论了类似的问题
问题的一个原因可能是 /etc/hosts 文件中的条目将机器 IP 指向主机名。即使 IP 指向 localhost 也可能导致此问题。
当验证证书的公用名时会发生这种情况,它指向主机名。由于证书的通用名称是本地 IP(由 change-ip.sh 脚本创建),当从具有相同 IP 的 /etc/hosts 文件中找到主机名时,将导致 host名称验证失败。这将导致上述问题,无法检索 JWT 令牌。报告了类似的问题 here
我刚刚安装了新版本的wso2-iot(3.1.0)。
我为了远程使用它,我已经用脚本 /scripts/change-ip.sh.
将 IP 从本地主机更改为我服务器的 IP 地址似乎一切正常,但是当我登录 https://IP:9443/devicemgr 时,我收到以下消息:
An Error Occurred!
HTTP Status : 500
org.wso2.carbon.apimgt.integration.client.exception.APIMClientOAuthException: failed to retrieve oauth token using jwt
有人遇到过同样的问题吗? 有解决办法吗?
谢谢
我尝试在 3 台服务器上安装 wso2-iot :
- 它适用于带有 openjdk 版本“1.8.0_141”的 Debian 9.1
- 我在 openjdk 版本“1.8.0_141”的 Debian 8.8 上失败了
- 它在 java 版本“1.8.0_144” 的 Debian 8.7 上失败
问题的一个原因是 IoT_Home/conf/identity/identity-providers/iot_default.xml 中没有正确的证书。请确保正确添加。 原因可能是在 change-ip.sh 脚本中 "sed -e" 在某些 linux os 版本上不起作用。
当我 运行 io-server.sh 脚本时,我收到 java 下面的消息
[2017-09-04 09:25:05,244] [IoT-Core] INFO - {org.wso2.carbon.ui.internal.CarbonUIServiceComponent} Mgt Console URL : https://10.5.0.68:9443/carbon/
[2017-09-04 09:25:11,654] [IoT-Core] ERROR - {org.apache.synapse.transport.passthru.TargetHandler} I/O error: Host name verification failed for host : ducky.domaine-mairie.lan
javax.net.ssl.SSLException: Host name verification failed for host : ducky.domaine-mairie.lan
at org.apache.synapse.transport.http.conn.ClientSSLSetupHandler.verify(ClientSSLSetupHandler.java:171)
at org.apache.http.nio.reactor.ssl.SSLIOSession.doHandshake(SSLIOSession.java:308)
at org.apache.http.nio.reactor.ssl.SSLIOSession.isAppInputReady(SSLIOSession.java:410)
at org.apache.http.impl.nio.reactor.AbstractIODispatch.inputReady(AbstractIODispatch.java:119)
at org.apache.http.impl.nio.reactor.BaseIOReactor.readable(BaseIOReactor.java:159)
at org.apache.http.impl.nio.reactor.AbstractIOReactor.processEvent(AbstractIOReactor.java:338)
at org.apache.http.impl.nio.reactor.AbstractIOReactor.processEvents(AbstractIOReactor.java:316)
at org.apache.http.impl.nio.reactor.AbstractIOReactor.execute(AbstractIOReactor.java:277)
at org.apache.http.impl.nio.reactor.BaseIOReactor.execute(BaseIOReactor.java:105)
at org.apache.http.impl.nio.reactor.AbstractMultiworkerIOReactor$Worker.run(AbstractMultiworkerIOReactor.java:586)
at java.lang.Thread.run(Thread.java:748)
[2017-09-04 09:25:11,726] [IoT-Core] WARN - {org.apache.synapse.endpoints.EndpointContext} Endpoint : AnonymousEndpoint with address https://{uri.var.hostname}:{uri.var.portnum}/oauth2/token will be marked SUSPENDED as it failed
[2017-09-04 09:25:11,728] [IoT-Core] WARN - {org.apache.synapse.endpoints.EndpointContext} Suspending endpoint : AnonymousEndpoint with address https://{uri.var.hostname}:{uri.var.portnum}/oauth2/token - current suspend duration is : 30000ms - Next retry after : Mon Sep 04 09:25:41 CEST 2017
Exception in thread "Thread-36" org.wso2.carbon.apimgt.integration.client.exception.APIMClientOAuthException: failed to retrieve oauth token using jwt
at org.wso2.carbon.apimgt.integration.client.OAuthRequestInterceptor.apply(OAuthRequestInterceptor.java:118)
at feign.SynchronousMethodHandler.targetRequest(SynchronousMethodHandler.java:158)
at feign.SynchronousMethodHandler.executeAndDecode(SynchronousMethodHandler.java:88)
at feign.SynchronousMethodHandler.invoke(SynchronousMethodHandler.java:76)
at feign.ReflectiveFeign$FeignInvocationHandler.invoke(ReflectiveFeign.java:103)
at com.sun.proxy.$Proxy40.apisGet(Unknown Source)
at org.wso2.carbon.apimgt.webapp.publisher.APIPublisherServiceImpl.publishAPI(APIPublisherServiceImpl.java:53)
at org.wso2.carbon.apimgt.webapp.publisher.APIPublisherStartupHandler.publishAPIs(APIPublisherStartupHandler.java:97)
at org.wso2.carbon.apimgt.webapp.publisher.APIPublisherStartupHandler.access0(APIPublisherStartupHandler.java:30)
at org.wso2.carbon.apimgt.webapp.publisher.APIPublisherStartupHandler.run(APIPublisherStartupHandler.java:69)
at java.lang.Thread.run(Thread.java:748)
Caused by: org.wso2.carbon.identity.jwt.client.extension.exception.JWTClientException: Error when parsing the response <am:fault xmlns:am="http://wso2.org/apimanager"><am:code>101500</am:code><am:type>Status report</am:type><am:message>Runtime Error</am:message><am:description>Error in Sender</am:description></am:fault>
at org.wso2.carbon.identity.jwt.client.extension.JWTClient.getTokenInfo(JWTClient.java:169)
at org.wso2.carbon.identity.jwt.client.extension.JWTClient.getAccessToken(JWTClient.java:79)
at org.wso2.carbon.apimgt.integration.client.OAuthRequestInterceptor.apply(OAuthRequestInterceptor.java:99)
... 10 more
Caused by: Unexpected character (<) at position 0.
at org.json.simple.parser.Yylex.yylex(Unknown Source)
at org.json.simple.parser.JSONParser.nextToken(Unknown Source)
at org.json.simple.parser.JSONParser.parse(Unknown Source)
at org.json.simple.parser.JSONParser.parse(Unknown Source)
at org.json.simple.parser.JSONParser.parse(Unknown Source)
at org.wso2.carbon.identity.jwt.client.extension.JWTClient.getTokenInfo(JWTClient.java:153)
... 12 more
其中 10.5.0.68 是我的服务器的 IP,ducky.domaine-mairie.lan 是服务器的名称。显然,该脚本试图使用 dns 名称而不是 IP。 我希望这将有助于解决问题。
change-ip.sh不合我口味定稿。缺少信息
讨论了类似的问题
问题的一个原因可能是 /etc/hosts 文件中的条目将机器 IP 指向主机名。即使 IP 指向 localhost 也可能导致此问题。 当验证证书的公用名时会发生这种情况,它指向主机名。由于证书的通用名称是本地 IP(由 change-ip.sh 脚本创建),当从具有相同 IP 的 /etc/hosts 文件中找到主机名时,将导致 host名称验证失败。这将导致上述问题,无法检索 JWT 令牌。报告了类似的问题 here