Environment
Advanced Authentication 6.3.5
Situation
Errors attempting to login to the new enrollment portal
OAuth/OpenID event failures
SAML event failure
Installed New AAF server with 6.3.0 download
Logged into appliance 9443 console
Registered new appliance
Applied all latest patches and updates to bring server to version 6.3.5
After update one or more symptoms are seen
- New Enrollment portal displays errors indicating that the name or service cannot be found
- Web Auth logs report an error - No such file or directory
- Logs display error message:
Log Data: Failed to start: Tenant[Bootstrap Authentication (id=bootstrap)]: internal.osp.framework.exception.OSPKeyStoreUnavailableException: Unable to read key store: /usr/local/tomcat/conf/osp-bootstrap-keystore.ks
=>java.security.KeyStoreException: Key protection algorithm not found: java.security.UnrecoverableKeyException: Encrypt Private Key failed: unrecognized algorithm name: PBEWithSHA1AndDESede
=>java.security.UnrecoverableKeyException: Encrypt Private Key failed: unrecognized algorithm name: PBEWithSHA1AndDESede
=>java.security.NoSuchAlgorithmException: unrecognized algorithm name: PBEWithSHA1AndDESede
Resolution
This issue can be resolved by installing new servers with the following steps.
- Install new AAF server with 6.3.0 download
- Login to the Admin portal and configure server
- Register new appliance
- Apply all latest patches
Cause
This issue is caused during the upgrade process when no AAF
configuration is found. By configuring the AAF server prior to upgrading
the server to 6.3.5, the issue will no longer occur.
This upgrade issue will be resolved when version 6.3.5.1 or later is released. Additional Information
Notes:
- After upgrading a server and restarting, it is normal for the server to take up to 5 minutes before it is completely functional. This delay is required to completely load and initialize the new server configuration.
- The new enrollment portal is enabled in the admin portal under the enrollment policy.
