Version 8

     

    Summary

     

    Occasionally the following errors may be seen in the logs, most commonly after migrating a database from one instance to another. You will need to reset the SAML keystore in your instance to resolve the issue.

     

    These instructions are intended for customers who are hosting Jive on premise.  If you believe you are running into one of these errors in a Hosted or Cloud site, please open a new support case and Jive Support will work with you to resolve the issue.

     

     

    Example Errors & Symptoms

     

    Error 1:

    2013-02-08 09:54:01,036 [main] [::] ERROR com.jivesoftware.community.aaa.sso.saml.EOSKeyStoreManager - Keystore exists, but keystore password is blank.

      

     

    Error 2:

    Unable to retrieve keystore entry for entityID (keystore alias): sbs

    java.security.KeyStoreException: Uninitialized keystore

      at java.security.KeyStore.getEntry(KeyStore.java:1288)

      at com.jivesoftware.community.aaa.sso.saml.JiveKeyStoreCredentialResolver.resolveFromSource(JiveKeyStoreCredentialResolver.java:133)

      at org.opensaml.xml.security.credential.AbstractCriteriaFilteringCredentialResolver.resolve(AbstractCriteriaFilteringCredentialResolver.java:57)

      

     

    Error 3

    [main] ERROR org.apache.catalina.core.ContainerBase... org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'metadataManager' defined in class path resource [com/jivesoftware/community/aaa/sso/saml/spring-samlContext.xml]: Invocation of init method failed; nested exception is org.opensaml.common.SAMLRuntimeException: Can't obtain SP signing key.

      

    Versions

    • Applies to Jive 6, 7, 8 (On Premise)

     

    Solution

     

    The solution is fairly straightforward but differs depending on the type of storage provider being used.

     

    1.  Delete the saml keystore password from the jiveproperty table:

    #delete from jiveproperty where name='saml.keystore.password';

      

     

    2.  Delete the saml keystore:

         a) If using database storage provider:

    #delete from jivebinstore where binkey='saml.keystore';

      

     

         b) If using file system storage provider the process is a little more involved.  Essentially you'll want to find the root directory for file storage if you don't already know it, then go into the storage provider and delete the two keystore files.  You'll essentially want to take the following steps:

     

     

    To find binstore location from database:

    #select * from jiveproperty where name='jive.storageprovider.FileStorageProvider.rootDirectory';

    jive.storageprovider.FileStorageProvider.rootDirectory | /binstorelocation

     

    From web app node:

    $ cd /binstorelocation/jiveSBS/e/r/o

    $rm erotsyek64lmas.bin

    $rm erotsyek64lmas.key

      

     

    3.  Delete the cache file if present:

    From web app nodes

         $cd /usr/local/jive/applications/<app name>/home/cache/jiveSBS

         $rm <saml file if present>

      

     

    4. Restart the Jive instance (A Rolling Restart will suffice)