Layer7 API Management

Hello everyone, I have successfully logged into API Portal after having my share of issues with admin account. From the dashboard, When I click on 'Apis' tab on the left , I get an error 'Error connecting to

the server' instead of letting me publishing APIs to the gateway.

I did follow the document to integrate Portal with Gateway, by running the setup script, creating an admin account for portal in gateway, published Portal Services on Gateway, verified integration components working correctly, Prepared SSL dependencies, and Enabled Mutual Authentication.

Appreciate any insights.

Catalina.out shows:

03/18 15:04:26.555 ERROR (http-37080-1:) - [APIListXS general] -- java.net.SocketException: java.security.NoSuchAlgorithmException: Error constructing implementation (algorithm: Default, provider: SunJSSE, class: sun.security.ssl.SSLContextImpl$DefaultSSLContext)

        at javax.net.ssl.DefaultSSLSocketFactory.throwException(SSLSocketFactory.java:248)

        at javax.net.ssl.DefaultSSLSocketFactory.createSocket(SSLSocketFactory.java:255)

        at sun.net.www.protocol.https.HttpsClient.createSocket(HttpsClient.java:405)

        at sun.net.NetworkClient.doConnect(NetworkClient.java:162)

        at sun.net.www.http.HttpClient.openServer(HttpClient.java:432)

        at sun.net.www.http.HttpClient.openServer(HttpClient.java:527)

        at sun.net.www.protocol.https.HttpsClient.<init>(HttpsClient.java:264)

        at sun.net.www.protocol.https.HttpsClient.New(HttpsClient.java:367)

        at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.getNewHttpClient(AbstractDelegateHttpsURLConnection.java:191)

        at sun.net.www.protocol.http.HttpURLConnection.plainConnect0(HttpURLConnection.java:1105)

        at sun.net.www.protocol.http.HttpURLConnection.plainConnect(HttpURLConnection.java:999)

        at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:177)

        at sun.net.www.protocol.https.HttpsURLConnectionImpl.connect(HttpsURLConnectionImpl.java:153)

        at com.thelevel.lrs.gateway.LRSWrapper.processRequest(LRSWrapper.java:466)

        at com.thelevel.lrs.gateway.LRSWrapper.processRequest(LRSWrapper.java:394)

        at com.thelevel.lrs.gateway.LRSWrapper.getAPIs(LRSWrapper.java:101)

        at com.thelevel.lrs.gateway.APIListXS.getXML(APIListXS.java:161)

        at com.thelevel.cms.xmlsources.AbstractXMLSource.getXML(AbstractXMLSource.java:172)

        at com.thelevel.cms.site.PageRule.handleRequest(PageRule.java:237)

        at com.thelevel.cms.site.CMSSiteHandler.handleRequest(CMSSiteHandler.java:488)

        at com.thelevel.cms.site.CMSSiteHandler.handleRequest(CMSSiteHandler.java:439)

        at com.thelevel.cms.site.SiteServlet.processRequest(SiteServlet.java:409)

        at com.thelevel.cms.site.SiteServlet.instrumentRequest(SiteServlet.java:215)

        at com.thelevel.cms.site.SiteServlet.filterRequest(SiteServlet.java:169)

        at com.thelevel.cms.site.SiteServlet.service(SiteServlet.java:119)

        at javax.servlet.http.HttpServlet.service(HttpServlet.java:723)

        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290)

        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)

        at com.thelevel.cms.admin.JSONFilter.doFilter(JSONFilter.java:41)

        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)

        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)

        at com.thelevel.lrs.JForumFilter.doFilter(JForumFilter.java:107)

        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)

        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)

        at com.thelevel.cms.identity.AuthFilter.doFilter(AuthFilter.java:106)

        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)

        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)

        at org.picocontainer.web.PicoServletContainerFilter.doFilter(PicoServletContainerFilter.java:74)

        at com.thelevel.cms.CMSBootstrapper$ServletFilter.doFilter(CMSBootstrapper.java:649)

        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)

        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)

        at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:233)

        at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:191)

        at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)

        at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:103)

        at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)

        at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:293)

        at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:861)

        at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:606)

        at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:489)

        at java.lang.Thread.run(Thread.java:745)

Caused by: java.security.NoSuchAlgorithmException: Error constructing implementation (algorithm: Default, provider: SunJSSE, class: sun.security.ssl.SSLContextImpl$DefaultSSLContext)

        at java.security.Provider$Service.newInstance(Provider.java:1617)

        at sun.security.jca.GetInstance.getInstance(GetInstance.java:236)

        at sun.security.jca.GetInstance.getInstance(GetInstance.java:164)

        at javax.net.ssl.SSLContext.getInstance(SSLContext.java:156)

        at javax.net.ssl.SSLContext.getDefault(SSLContext.java:96)

        at javax.net.ssl.SSLSocketFactory.getDefault(SSLSocketFactory.java:122)

        at javax.net.ssl.HttpsURLConnection.getDefaultSSLSocketFactory(HttpsURLConnection.java:332)

        at javax.net.ssl.HttpsURLConnection.<init>(HttpsURLConnection.java:289)

        at sun.net.www.protocol.https.HttpsURLConnectionImpl.<init>(HttpsURLConnectionImpl.java:85)

        at sun.net.www.protocol.https.Handler.openConnection(Handler.java:62)

        at sun.net.www.protocol.https.Handler.openConnection(Handler.java:57)

        at java.net.URL.openConnection(URL.java:979)

        at com.thelevel.lrs.gateway.LRSWrapper.processRequest(LRSWrapper.java:412)

        at com.thelevel.lrs.gateway.LRSWrapper.checkOTK(LRSWrapper.java:137)

        at com.thelevel.lrs.gateway.LRSGatewayPlugin.checkOTK(LRSGatewayPlugin.java:521)

        at com.thelevel.lrs.gateway.LRSGatewayPlugin.start(LRSGatewayPlugin.java:170)

        at com.thelevel.cms.plugins.PluginManager.startPlugins(PluginManager.java:378)

        at com.thelevel.cms.plugins.PluginManager.init(PluginManager.java:87)

        at com.thelevel.cms.CMSBootstrapper.composeApplication(CMSBootstrapper.java:453)

        at com.thelevel.cms.CMSBootstrapper.contextInitialized(CMSBootstrapper.java:280)

        at org.apache.catalina.core.StandardContext.listenerStart(StandardContext.java:4210)

        at org.apache.catalina.core.StandardContext.start(StandardContext.java:4709)

        at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1057)

        at org.apache.catalina.core.StandardHost.start(StandardHost.java:822)

        at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1057)

        at org.apache.catalina.core.StandardEngine.start(StandardEngine.java:463)

        at org.apache.catalina.core.StandardService.start(StandardService.java:525)

        at org.apache.catalina.core.StandardServer.start(StandardServer.java:754)

        at org.apache.catalina.startup.Catalina.start(Catalina.java:595)

        at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)

        at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)

        at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)

        at java.lang.reflect.Method.invoke(Method.java:497)

        at org.apache.catalina.startup.Bootstrap.start(Bootstrap.java:289)

        at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:414)

Caused by: java.security.UnrecoverableKeyException: Get Key failed: null

        at sun.security.pkcs12.PKCS12KeyStore.engineGetKey(PKCS12KeyStore.java:410)

        at java.security.KeyStore.getKey(KeyStore.java:1023)

        at sun.security.ssl.SunX509KeyManagerImpl.<init>(SunX509KeyManagerImpl.java:133)

        at sun.security.ssl.KeyManagerFactoryImpl$SunX509.engineInit(KeyManagerFactoryImpl.java:70)

        at javax.net.ssl.KeyManagerFactory.init(KeyManagerFactory.java:256)

        at sun.security.ssl.SSLContextImpl$DefaultSSLContext.getDefaultKeyManager(SSLContextImpl.java:874)

        at sun.security.ssl.SSLContextImpl$DefaultSSLContext.<init>(SSLContextImpl.java:732)

        at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)

        at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:62)

        at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45)

        at java.lang.reflect.Constructor.newInstance(Constructor.java:422)

        at java.security.Provider$Service.newInstance(Provider.java:1595)

        ... 34 more

Caused by: java.lang.NullPointerException

        at sun.security.pkcs12.PKCS12KeyStore.engineGetKey(PKCS12KeyStore.java:351)

        ... 45 more

Mar 18, 2016 3:04:26 PM com.l7tech.extension.ExtensionManagerPlugin getExtension

INFO: getExtension: authenticationHandler

Mar 18, 2016 3:04:26 PM com.l7tech.extension.ExtensionManagerPlugin a

INFO: getExtension: Gateway Authentication Plugin not started. Returning null for GatewayUserManagementHandler: authenticationHandler

03/18 15:04:26.565 ERROR (http-37080-1:) - [general] -- DOCUMENT_NOT_FOUND:repository/META/PUBLISHED/resources/sites/api-portal/analytics/google.xml

03/18 15:04:26.611 DEBUG (http-37080-1:) - [XSLTUtil general] -- XSLTUtil.translate: XSLT in:204043 out:20907 time: 44 ms.

03/18 15:04:26.614 DEBUG (http-37080-1:) - [SiteServlet timings] -- Served /dashboard/apis (PUBLISHED - en)

  PRE - Threads:50 Memory max:2075918336 total:1436340224 free:537035168

  >> PageInfo (XMLDocument) in 0 ms

  >> MainContent (XMLDocument) in 0 ms

  >> MainContent (XMLLiteral) in 0 ms

  >> ReferenceContent (com.thelevel.lrs.gateway.APIListXS) in 7 ms

  >> ReferenceContent (DocumentSearch) in 6 ms

     >> DocumentSearch: 0 hits, took 6 ms

        SearchTerm: _RepositoryPath:"/sitebuilder/content/groups/APIs"

        Search:6ms  Sort:0ms  Meta:0ms  Parse:0ms  Common DocInfo:0ms

        UsedOn:0ms  Content:0ms  LockInfo:0ms  Props:0ms

  >> ReferenceContent (DocumentListing) in 0 ms

  >> ReferenceContent (XMLDocument) in 1 ms

  >> NavigationContent (XMLLiteral) in 0 ms

  >> ReferenceContent (XMLDocument) in 0 ms

  >> HeaderContent (com.thelevel.lrs.developer.ProfileManagerXMLSource) in 1 ms

  >> FooterContent (XMLDocument) in 0 ms

  >> SidebarContent (XMLLiteral) in 0 ms

  >> ReferenceContent (XMLDocument) in 1 ms

  >> PageResourceConfig (XMLDocument) in 0 ms

  >> PageResourceConfig (XMLDocument) in 0 ms

  >> ReferenceContent (DocumentListing) in 1 ms

  >> Navigation (XMLDocument) in 0 ms

  Created XML for pagerule [lrs-1628-root] in 17 ms

  XSLT in:204043 out:20907 time: 44 ms.

  Total time for XML and XSLT: 62 ms

  POST - Threads:50 Memory max:2075918336 total:1436340224 free:525407800

   Size:20907b  Type:text/html  Total Time:66 ms (65,0,1)

Ihnssa

Sam,

This is an issue with the private key being used by the API Portal. The error usually indicates 1 of 3 things (skip to #3 for the most likely scenario):

1. That the private key path and filename specified in the configuration file is not valid. Configuration file is here:

/opt/Deployments/lrs/server/webapps/ROOT/plugins/lrsgateway-conf.xml

2. The permissions and ownership of the private key (.p12 file) is not correct. This private key should be placed in this directory:

/opt/Deployments/lrs/server/conf/keys/

Permissions should be: chmod 640

Ownership should be: chown root:portalusers

However, the chances of those 2 being the issue aren't as likely since the script should take care of it. The third and most likely reason:

3. The keystore password was not entered, or was not entered correctly in the API Portal CMS. This results in the API Portal application to be unable to access/use the private key. When you exported the private key from the Policy Manager, you were prompted to give it a password and confirm the password. This is the password you need to use for the following steps:

-Navigate to the CMS of the API Portal: http://<portal hostname>/admin

-Click on "Plugin Administration" on the left

-Click on "Layer 7 Gateway"

-In the text field under "Update Portal Keystore Password", enter the keystore password (same password used to export private key).

-Click "Submit" right underneath it.

-Restart the API Portal service from the command line: service apiportal restart

-Test connectivity again.

If you didn't enter the passwords for the other fields on that page (Gateway Password, Truststore Password, etc.), I would suggest doing so. Keep in mind, for each password you enter on that page, you have to do them one-by-one, and click submit between each. You can't enter all the passwords at once. Please let us know if this resolves your issue.

--Azad

Wow, Thanks Azad. Third option worked. Is it because I missed a step as part of install?

Again,  you were quick and saved me a lot of time. Thank You.

Sam,

You're very welcome! The relevant steps are documented here:
3. Connect the API Portal to the Gateway - CA API Developer Portal - 3.5 - CA Technologies Documentation

One common issue we see with these steps is that customers will populate all the password fields at the same time and then click submit once. Unfortunately that doesn't work, and it requires you to enter each password one by one, and clicking submit between each password. That could have been what happened, or the steps were missed entirely, and lastly the password may have just been entered incorrectly initially.

--Azad

Hi Azad, Thanks again for the follow up. I followed the same doc, but I missed that step as I skipped to 'software install' and never got back up to the previous sections. Thanks for the clarification. Appreciate it.

Hi Azad,

I installed by software and ran all the installation and configuration steps, but got similar exception while trying to login the portal with admin user. I can't login and then found "java.security.UnrecoverableKeyException: Get Key failed: null" in the catalina.out during the Portal strating.

I checked the configuration is correct for the #1 and #2 you mentioned. I can't do #3 because I can't login the CMS.

There is another message "INFO: getExtension: Gateway Authentication Plugin not started. Returning null for GatewayUserManagementHandler: authenticationHandler".Not sure if the login is related with it.

Any idea?

Thanks

Yang

Hello Yang,

You have to login the CMS to complete the configuration and then you need to restart api portal.

Regards,

Mark

Hi Mark,

Thanks. But I failed to login with user "Admin", and from the catalina.out I found the message:

Oct 03, 2016 11:49:22 AM com.l7tech.extension.ExtensionManagerPlugin a
INFO: getExtension: Gateway Authentication Plugin not started. Returning null for GatewayUserManagementHandler: authenticationHandler
10/03 11:49:22.669 ERROR (http-37080-1:) - [ProfileManagerXMLSource general] -- User doesn't exist
10/03 11:49:22.722 DEBUG (http-37080-1:) - [XSLTUtil general] -- XSLTUtil.translate: XSLT in:160120 out:1550 time: 39 ms.

I checked the database and can find Admin user with SQL "select * from cmsusers".

Yang

As discussed, 

set lower_case_table_names =1 for mysql database(in my.cnf)

resolve the problem

Hi Azad,

I have the same logs that SamWalker, so I tried to solve my problem with the various solutions you have proposed.

However, I can not connect to the portal administration interface.

My credentials are apparently not answering and when I go into the log, I see the error Get Key Failed.

Is my question in relation with this problem ? Because I also opened a question here : Apache HTTPD Configuration · Portal 3.5 · Software

Thank you for your answer !

Best regards.