I am trying to use the migration tool utility from within PingFederate but I keep getting the following error:
List adapters... Downloading adapter index from source... ERROR: Unable to download from source. java.security.NoSuchAlgorithmException: E rror constructing implementation (algorithm: Default, provider: SunJSSE, class: sun.security.ssl.SSLContextImpl$DefaultSSLContext) Done.
From the configcopy.log:
Caused by: java.net.SocketException: java.security.NoSuchAlgorithmException
Caused by: java.security.NoSuchAlgorithmException: Error constructing implementation
Caused by: java.io.IOException: Invalid keystore format
Windows 7 Professional SP1
java version "1.8.0_144" Java(TM) SE Runtime Environment (build 1.8.0_144-b01) Java HotSpot(TM) 64-Bit Server VM (build 25.144-b01, mixed mode)
PingFederate: 8.4.2
I am attempting this because we want to automate a deployment process which has currently been manual. I am only trying to use the listadapters.conf template and have set the source.conf to output to a file. The command I am entering is:
configcopy.bat -Dconfigcopy.conf.file=configcopy_templates\\source.conf;configcopy_templates\
\listadapters.conf
and I am running this from the <PF_HOME>/bin directory. The contents of the two files I mentioned are:
source.conf
source.connection.management.service.url = <my local install url on port 9999>/pf-mgmt-ws/ws/ConnectionMigrationMgr
source.connection.management.service.user = Administrator
source.connection.management.service.password = OBF:JWE:eyJhbGciOiJkaXIiLCJlbmMiOiJBMTI4Q0JDLUhTMjU2Iiwia2lkIjoibGJhaGtDZlNiSiIsInZlcnNpb24iOiI4LjQuMi4wIn0..ryNLCcpzwEx6KGzXi1FboA.34NbypXUud45R77TLwMvjg.dQFNb9NpbDY_EWIePb9hMA
configcopy.connection.trust.keystore = C:\Program Files\Ping Identity\pingfederate-8.4.2\pingfederate\server\default\data\pf.jwk
output.file = c:\temp\pf-config.txt
The Administrator is the default one from install with all three roles added to it and the password was obfuscated using obfuscate.bat in the bin directory.
listadapters.conf
cmd=listadapters
debug=true
select.adapter.role = idp
Even though it doesn't look like it above all backslashes are escaped that just hasn't come through here.
I have tried:
- removing the path to the keystore altogether
ERROR: Unable to download from source. sun.security.validator.ValidatorException : PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target Done.
- Setting the path to cacerts in jre/lib (same error as above)
I have installed the data.zip from the DotNet-Integration-Kit-2-5-2.zip and that is the only set up on this PC. (my dev box)
The integration kit puts two certificates (maybe the same one twice, not sure) that can be viewed through
- Server Configuration > Trusted CAs
- Server Configuration > SSL Server Certificates
And I have also added one into
- Server Configuration > SSL Client Keys & Certificates
The kits certs show as RSA1024 and the one I created shows as RSA2048.
Questions:
- Why does the error state algorithm:default (key store format?)
- Is there a setting I am missing that would change it from default
- Does anyone know of any docs other than the admin manual (almost know it by heart now)
- Why is pf.jwk the wrong format
Any other ideas at all please.
[update] Dam, I have been trying to use the migration utility but as I am on a version over 7.2 I should be using the administrative API. Back to the drawing board. Still looking for advice though!
