During server start following exception is thrown: 03:28:09,722 ERROR [org.picketlink.identity.federation] (ServerService Thread Pool -- 74) PLFED000259: The provider BC could not be added: java.lang.ClassNotFoundException: org.bouncycastle.jce.provider.BouncyCastleProvider from [Module "org.picketlink:main" from local module loader @23ef55fb (finder: local module finder @35f5e42b (roots: /opt/pmacik/600DR6/soa-p/modules,/opt/pmacik/600DR6/soa-p/modules/system/layers/soa,/opt/pmacik/600DR6/soa-p/modules/system/layers/base))] at org.jboss.modules.ModuleClassLoader.findClass(ModuleClassLoader.java:196) [jboss-modules.jar:1.2.0.Final-redhat-1] at org.jboss.modules.ConcurrentClassLoader.performLoadClassUnchecked(ConcurrentClassLoader.java:444) [jboss-modules.jar:1.2.0.Final-redhat-1] at org.jboss.modules.ConcurrentClassLoader.performLoadClassChecked(ConcurrentClassLoader.java:432) [jboss-modules.jar:1.2.0.Final-redhat-1] at org.jboss.modules.ConcurrentClassLoader.performLoadClass(ConcurrentClassLoader.java:374) [jboss-modules.jar:1.2.0.Final-redhat-1] at org.jboss.modules.ConcurrentClassLoader.loadClass(ConcurrentClassLoader.java:119) [jboss-modules.jar:1.2.0.Final-redhat-1] at java.lang.Class.forName0(Native Method) [rt.jar:1.7.0_25] at java.lang.Class.forName(Class.java:190) [rt.jar:1.7.0_25] at org.picketlink.identity.federation.core.util.ProvidersUtil.addJceProvider(ProvidersUtil.java:119) [picketlink-core-2.1.6.Final-redhat-2.jar:2.1.6.Final-redhat-2] at org.picketlink.identity.federation.core.util.ProvidersUtil.access$100(ProvidersUtil.java:38) [picketlink-core-2.1.6.Final-redhat-2.jar:2.1.6.Final-redhat-2] at org.picketlink.identity.federation.core.util.ProvidersUtil$1.run(ProvidersUtil.java:51) [picketlink-core-2.1.6.Final-redhat-2.jar:2.1.6.Final-redhat-2] at org.picketlink.identity.federation.core.util.ProvidersUtil$1.run(ProvidersUtil.java:46) [picketlink-core-2.1.6.Final-redhat-2.jar:2.1.6.Final-redhat-2] at java.security.AccessController.doPrivileged(Native Method) [rt.jar:1.7.0_25] at org.picketlink.identity.federation.core.util.ProvidersUtil.ensure(ProvidersUtil.java:46) [picketlink-core-2.1.6.Final-redhat-2.jar:2.1.6.Final-redhat-2] at org.picketlink.identity.federation.core.util.XMLSignatureUtil.<clinit>(XMLSignatureUtil.java:95) [picketlink-core-2.1.6.Final-redhat-2.jar:2.1.6.Final-redhat-2] at org.picketlink.identity.federation.bindings.tomcat.sp.BaseFormAuthenticator.processConfiguration(BaseFormAuthenticator.java:488) [picketlink-jbas7-2.1.6.Final-redhat-2.jar:2.1.6.Final-redhat-2] at org.picketlink.identity.federation.bindings.tomcat.sp.BaseFormAuthenticator.startPicketLink(BaseFormAuthenticator.java:589) [picketlink-jbas7-2.1.6.Final-redhat-2.jar:2.1.6.Final-redhat-2] at org.picketlink.identity.federation.bindings.tomcat.sp.AbstractSPFormAuthenticator.startPicketLink(AbstractSPFormAuthenticator.java:102) [picketlink-jbas7-2.1.6.Final-redhat-2.jar:2.1.6.Final-redhat-2] at org.picketlink.identity.federation.bindings.tomcat.sp.ServiceProviderAuthenticator.start(ServiceProviderAuthenticator.java:20) [picketlink-jbas7-2.1.6.Final-redhat-2.jar:2.1.6.Final-redhat-2] at org.apache.catalina.core.StandardPipeline.start(StandardPipeline.java:223) [jbossweb-7.2.0.Final-redhat-1.jar:7.2.0.Final-redhat-1] at org.apache.catalina.core.StandardContext.start(StandardContext.java:3713) [jbossweb-7.2.0.Final-redhat-1.jar:7.2.0.Final-redhat-1] at org.jboss.as.web.deployment.WebDeploymentService.doStart(WebDeploymentService.java:156) [jboss-as-web-7.2.0.Final-redhat-8.jar:7.2.0.Final-redhat-8] at org.jboss.as.web.deployment.WebDeploymentService.access$000(WebDeploymentService.java:60) [jboss-as-web-7.2.0.Final-redhat-8.jar:7.2.0.Final-redhat-8] at org.jboss.as.web.deployment.WebDeploymentService$1.run(WebDeploymentService.java:93) [jboss-as-web-7.2.0.Final-redhat-8.jar:7.2.0.Final-redhat-8] at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:471) [rt.jar:1.7.0_25] at java.util.concurrent.FutureTask$Sync.innerRun(FutureTask.java:334) [rt.jar:1.7.0_25] at java.util.concurrent.FutureTask.run(FutureTask.java:166) [rt.jar:1.7.0_25] at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145) [rt.jar:1.7.0_25] at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615) [rt.jar:1.7.0_25] at java.lang.Thread.run(Thread.java:724) [rt.jar:1.7.0_25] at org.jboss.threads.JBossThread.run(JBossThread.java:122) Start command used is: $ ./standalone.sh -c standalone-full.xml -b localhost -bmanagement=localhost
The SOA version is 6.0.0.DR6
Created attachment 764457 [details] Full server log Attached the server log.
I've asked Eric to take a quick look and see what steps are missing as it seems to be related to the SSO.
It doesn't look like this is a direct consequence of the SSO integration, taking it back to investigate
Marking this as Alpha2 Blocker - not due to immediate functional impact - but we need to understand the impact before we ship alpha2
I have been trying to reproduce this locally and have failed using JDK 6 and JDK 7. What environment was this seen in? From the log it would appear to be a linux system running jdk1.7.0_25-x86_64.
I was only able to reproduce this problem by setting the logging level to DEBUG - even though the log messages related to BoucnyCastle are at the ERROR level. See attached server.log This was on RHEL6 with OpenJDK 1.7
Created attachment 766277 [details] Server log - DEBUG level
This comes from the picketlink codebase and can be ignored by SOA. The error message is also misleading as it is logged at ERROR level even though it is guarded by a check for DEBUG. In ProvidersUtil.ensure addJceProvider("BC", "org.bouncycastle.jce.provider.BouncyCastleProvider"); In ProvidersUtil.addJceProvider try { // Class<? extends Provider> clazz = Loader.loadClass(className, false, Provider.class); Class<? extends Provider> clazz = Class.forName(className).asSubclass(Provider.class); Provider provider = clazz.newInstance(); return addJceProvider(name, provider); } catch (Throwable t) { if (logger.isDebugEnabled()) { logger.jceProviderCouldNotBeLoaded(name, t); } return null; } In PicketLinkLoggerMessages @LogMessage(level = Level.ERROR) @Message(id = 259, value = "The provider %s could not be added") void jceProviderCouldNotBeLoaded(String name, @Cause Throwable t);
I forgot the comment from the ensure method // register BC provider if available (to have additional encryption algorithms, etc.) addJceProvider("BC", "org.bouncycastle.jce.provider.BouncyCastleProvider");
Reported in PicketLink/EAP
This should not be an Alpha2 blocker
Kevin will verify if it's in the current release or not.
Fixed in PicketLink 2.5.3.Final