OHDSI Home | Forums | Wiki | Github

SAML setup error

We are implementing Atlas and WebAPI individually (not using Broadsea) on AWS EKS Cluster. When enabling authentication with SAML in WebAPI by using default keystore, (as mentioned below), it is giving “Invalid Keystore Format” error while deploying it. Can someone please provide any suggestions? We tried by creating seperate keystore as well but still the same error.

Error:
2024-05-31 18:35:54.122 INFO taskScheduler-2 org.ohdsi.webapi.tag.TagService - [] - Starting tags statistics refreshing
2024-05-31 18:35:54.166 INFO main org.apache.juli.logging.DirectJDKLog - [] - Starting ProtocolHandler [“https-jsse-nio-8080”]
2024-05-31 18:35:54.656 INFO taskScheduler-5 org.ohdsi.webapi.executionengine.service.ScriptExecutionServiceImpl - [] - Invalidating execution engine based analyses
2024-05-31 18:35:54.970 ERROR main org.apache.juli.logging.DirectJDKLog - [] - Failed to start connector [Connector[HTTP/1.1-8080]]
org.apache.catalina.LifecycleException: Failed to start component [Connector[HTTP/1.1-8080]]
at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:167) ~[tomcat-embed-core-8.5.43.jar!/:8.5.43]
at org.apache.catalina.core.StandardService.addConnector(StandardService.java:225) [tomcat-embed-core-8.5.43.jar!/:8.5.43]
at org.springframework.boot.context.embedded.tomcat.TomcatEmbeddedServletContainer.addPreviouslyRemovedConnectors(TomcatEmbeddedServletContainer.java:256) [spring-boot-1.5.22.RELEASE.jar!/:1.5.22.RELEASE]
at org.springframework.boot.context.embedded.tomcat.TomcatEmbeddedServletContainer.start(TomcatEmbeddedServletContainer.java:203) [spring-boot-1.5.22.RELEASE.jar!/:1.5.22.RELEASE]
at org.springframework.boot.context.embedded.EmbeddedWebApplicationContext.startEmbeddedServletContainer(EmbeddedWebApplicationContext.java:289) [spring-boot-1.5.22.RELEASE.jar!/:1.5.22.RELEASE]
at org.springframework.boot.context.embedded.EmbeddedWebApplicationContext.finishRefresh(EmbeddedWebApplicationContext.java:145) [spring-boot-1.5.22.RELEASE.jar!/:1.5.22.RELEASE]
at org.springframework.context.support.AbstractApplicationContext.refresh(AbstractApplicationContext.java:545) [spring-context-4.3.25.RELEASE.jar!/:4.3.25.RELEASE]
at org.springframework.boot.context.embedded.EmbeddedWebApplicationContext.refresh(EmbeddedWebApplicationContext.java:123) [spring-boot-1.5.22.RELEASE.jar!/:1.5.22.RELEASE]
at org.springframework.boot.SpringApplication.refresh(SpringApplication.java:666) [spring-boot-1.5.22.RELEASE.jar!/:1.5.22.RELEASE]
at org.springframework.boot.SpringApplication.refreshContext(SpringApplication.java:353) [spring-boot-1.5.22.RELEASE.jar!/:1.5.22.RELEASE]
at org.springframework.boot.SpringApplication.run(SpringApplication.java:300) [spring-boot-1.5.22.RELEASE.jar!/:1.5.22.RELEASE]
at org.springframework.boot.builder.SpringApplicationBuilder.run(SpringApplicationBuilder.java:135) [spring-boot-1.5.22.RELEASE.jar!/:1.5.22.RELEASE]
at org.ohdsi.webapi.WebApi.main(WebApi.java:37) [classes/:?]
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) ~[?:1.8.0_342]
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) ~[?:1.8.0_342]
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) ~[?:1.8.0_342]
at java.lang.reflect.Method.invoke(Method.java:498) ~[?:1.8.0_342]
at org.springframework.boot.loader.MainMethodRunner.run(MainMethodRunner.java:48) [webapi/:?]
at org.springframework.boot.loader.Launcher.launch(Launcher.java:87) [webapi/:?]
at org.springframework.boot.loader.Launcher.launch(Launcher.java:51) [webapi/:?]
at org.springframework.boot.loader.WarLauncher.main(WarLauncher.java:59) [webapi/:?]
Caused by: org.apache.catalina.LifecycleException: Protocol handler start failed
at org.apache.catalina.connector.Connector.startInternal(Connector.java:1020) ~[tomcat-embed-core-8.5.43.jar!/:8.5.43]
at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:150) ~[tomcat-embed-core-8.5.43.jar!/:8.5.43]
… 20 more
Caused by: java.lang.IllegalArgumentException: Invalid keystore format
at org.apache.tomcat.util.net.AbstractJsseEndpoint.createSSLContext(AbstractJsseEndpoint.java:100) ~[tomcat-embed-core-8.5.43.jar!/:8.5.43]
at org.apache.tomcat.util.net.AbstractJsseEndpoint.initialiseSsl(AbstractJsseEndpoint.java:72) ~[tomcat-embed-core-8.5.43.jar!/:8.5.43]
at org.apache.tomcat.util.net.NioEndpoint.bind(NioEndpoint.java:244) ~[tomcat-embed-core-8.5.43.jar!/:8.5.43]
at org.apache.tomcat.util.net.AbstractEndpoint.start(AbstractEndpoint.java:1191) ~[tomcat-embed-core-8.5.43.jar!/:8.5.43]
at org.apache.coyote.AbstractProtocol.start(AbstractProtocol.java:591) ~[tomcat-embed-core-8.5.43.jar!/:8.5.43]
at org.apache.catalina.connector.Connector.startInternal(Connector.java:1018) ~[tomcat-embed-core-8.5.43.jar!/:8.5.43]
at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:150) ~[tomcat-embed-core-8.5.43.jar!/:8.5.43]
… 20 more
Caused by: java.io.IOException: Invalid keystore format
at sun.security.provider.JavaKeyStore.engineLoad(JavaKeyStore.java:666) ~[?:1.8.0_342]
at sun.security.provider.JavaKeyStore$JKS.engineLoad(JavaKeyStore.java:57) ~[?:1.8.0_342]
at sun.security.provider.KeyStoreDelegator.engineLoad(KeyStoreDelegator.java:224) ~[?:1.8.0_342]
at sun.security.provider.JavaKeyStore$DualFormatJKS.engineLoad(JavaKeyStore.java:71) ~[?:1.8.0_342]
at java.security.KeyStore.load(KeyStore.java:1445) ~[?:1.8.0_342]
at org.apache.tomcat.util.security.KeyStoreUtil.load(KeyStoreUtil.java:69) ~[tomcat-embed-core-8.5.43.jar!/:8.5.43]
at org.apache.tomcat.util.net.SSLUtilBase.getStore(SSLUtilBase.java:216) ~[tomcat-embed-core-8.5.43.jar!/:8.5.43]
at org.apache.tomcat.util.net.SSLHostConfigCertificate.getCertificateKeystore(SSLHostConfigCertificate.java:206) ~[tomcat-embed-core-8.5.43.jar!/:8.5.43]
at org.apache.tomcat.util.net.SSLUtilBase.getKeyManagers(SSLUtilBase.java:279) ~[tomcat-embed-core-8.5.43.jar!/:8.5.43]
at org.apache.tomcat.util.net.SSLUtilBase.createSSLContext(SSLUtilBase.java:246) ~[tomcat-embed-core-8.5.43.jar!/:8.5.43]
at org.apache.tomcat.util.net.AbstractJsseEndpoint.createSSLContext(AbstractJsseEndpoint.java:98) ~[tomcat-embed-core-8.5.43.jar!/:8.5.43]
at org.apache.tomcat.util.net.AbstractJsseEndpoint.initialiseSsl(AbstractJsseEndpoint.java:72) ~[tomcat-embed-core-8.5.43.jar!/:8.5.43]
at org.apache.tomcat.util.net.NioEndpoint.bind(NioEndpoint.java:244) ~[tomcat-embed-core-8.5.43.jar!/:8.5.43]
at org.apache.tomcat.util.net.AbstractEndpoint.start(AbstractEndpoint.java:1191) ~[tomcat-embed-core-8.5.43.jar!/:8.5.43]
at org.apache.coyote.AbstractProtocol.start(AbstractProtocol.java:591) ~[tomcat-embed-core-8.5.43.jar!/:8.5.43]
at org.apache.catalina.connector.Connector.startInternal(Connector.java:1018) ~[tomcat-embed-core-8.5.43.jar!/:8.5.43]
at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:150) ~[tomcat-embed-core-8.5.43.jar!/:8.5.43]
… 20 more
2024-05-31 18:35:55.169 INFO main org.apache.juli.logging.DirectJDKLog - [] - Pausing ProtocolHandler [“https-jsse-nio-8080”]
2024-05-31 18:35:55.173 INFO main org.apache.juli.logging.DirectJDKLog - [] - Stopping service [Tomcat]
2024-05-31 18:35:55.323 INFO main org.apache.juli.logging.DirectJDKLog - [] - The stop() method was called on component [StandardServer[-1]] after stop() had already been called. The second call will be ignored.
2024-05-31 18:35:55.325 INFO main org.apache.juli.logging.DirectJDKLog - [] - Stopping ProtocolHandler [“https-jsse-nio-8080”]
2024-05-31 18:35:55.326 INFO main org.apache.juli.logging.DirectJDKLog - [] - Destroying ProtocolHandler [“https-jsse-nio-8080”]

No longer seeing this issue if disabling ssl. Now after launching atlas, below page showing up and followed by error in the webAPI logs. Any suggestion?

2024-06-03 18:05:32.150 ERROR http-nio-8080-exec-3 org.ohdsi.webapi.shiro.filters.ExceptionHandlerFilter - [] - Error during filtering

javax.servlet.ServletException: org.pac4j.saml.exceptions.SAMLException: Assertion consumer service with sdestination https://<atlas.domain.com>/WebAPI/user/saml/callback could not be found for spDescriptor org.opensaml.saml.saml2.metadata.impl.SPSSODescriptorImpl@

t