3

At the IS startup the following error log is given from the WSO2 IS.

TID: [-1234] [Framework Event Dispatcher: Equinox Container: d811a5a1-f0c4-4281-a1db-ce17d0928da4] ERROR {org.wso2.carbon.user.core.config.UserStoreConfigXMLProcessor} - [] encryption of Property=password failed 
org.bouncycastle.jcajce.provider.util.BadBlockException: unable to decrypt block
 at org.bouncycastle.jcajce.provider.asymmetric.rsa.CipherSpi.getOutput(Unknown Source) ~[bcprov-jdk15on-1.70.jar:1.70.0]
 at org.bouncycastle.jcajce.provider.asymmetric.rsa.CipherSpi.engineDoFinal(Unknown Source) ~[bcprov-jdk15on-1.70.jar:1.70.0]
 at javax.crypto.Cipher.doFinal(Cipher.java:2164) ~[?:1.8.0_191]
 at org.wso2.carbon.user.core.config.UserStoreConfigXMLProcessor.decryptProperty(UserStoreConfigXMLProcessor.java:469) ~[org.wso2.carbon.user.core_4.6.0.87.jar:?]
 at org.wso2.carbon.user.core.config.UserStoreConfigXMLProcessor.resolveEncryption(UserStoreConfigXMLProcessor.java:338) [org.wso2.carbon.user.core_4.6.0.87.jar:?]
...

The error log is saying that the password is not encrypted. So what are the steps that can be followed to fix this issue?

Nipuna Upeksha
  • 348
  • 3
  • 15

1 Answers1

2

To fix this issue, follow the steps given below.

1st scenario (For JDBC user stores)

  • First, try to find whether the erroneous user store is mentioned in the wso2carbon.log file.

  • If so, go to the <IS_HOME>/repository/deployment/server/userstores and open the user store .xml file.

  • Then find the <Property name="password">****</Property> This might even contain an extra attribute like encrypted="true"

  • Here, you will find the encrypted password.

  • Then change it to this and save. <Property name="password" encrypted="false">the non encrypted password</Property>

  • Make sure to add the non encrypted password between the <Property name="password">...</Property> with encrypted is set it to false.

  • And check the wso2carbon.log whether it is giving an error. If not, the issue is fixed.

2nd scenario

  • The .xml file change did not work.

  • Then start the Management Console and go to user stores and list down the user store and update the password there(You should type the non-encrypted password).

  • And check the wso2carbon.log to see whether it is giving an error. If not, the issue is fixed.

3rd scenario

  • The issue is still there even if the user store mentioned in the wso2carbon.log is gone under the 1st and 2nd scenarios.

  • Then open the Management console and list the user stores to check whether the all the user stores are there.

  • If there is a user store missing, then the error is related to that and not the one mentioned in the wso2carbon.log The wso2carbon.log is only showing a log related to the last user store.

  • The follow the steps in the scenario 2 to update the password of the user store that is not getting listed.

4th scenario

  • The scenario 1 and 2 didn't work and all the user stores are getting listed in the management console.

  • Then list the users and role and list the user stores there. If there is not a user store getting listed there then the issue is related to that.

  • Then follow the steps in the scenario 2 to fix that.

5th scenario

  • There is no <Property name="password">***</Property> in the .xml file.

  • Then the user store related to that user store can be an LDAP or AD.

  • Try finding <Property name="ConnectionPassword">****</Property> in the .xml file and follow the steps from 1 to 4.

If all of the scenarios are not working and there is a custom user store in action, get the source code of that user store and debug it.

Even if there is a custom user store in action, the above mentioned steps should help to narrow down the issue.

Nipuna Upeksha
  • 348
  • 3
  • 15