cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

XSA Upgrade to 1.0.102 fails due to OIDC Error

fabian_krger
Participant

on ‎03-20-2019 8:32 AM

0 Kudos

I just wanted to upgrade XSA from 1.0.88 to 1.0.102. The upgrade fails during first boot of XSA, when xscontroller launches executes the migration (xsupdateBase_0.log):

# 
#  Started by xscontroller 
# 


2019-03-18 11:28:25:385 Skip active controller check ..
2019-03-18 11:28:29:503 xsexecagent is active ......
2019-03-18 11:28:29:504 xsuaaserver is active ......
2019-03-18 11:28:29:531 Skip step Native Container Buildpack 
2019-03-18 11:28:29:572 Skip step Node.js 4 
2019-03-18 11:28:31:174 [00] OK   : Precondition 'hdbnsutil tool' fullfilled
2019-03-18 11:28:31:199 [00] OK   : Precondition 'Check XSA admin user' fullfilled
2019-03-18 11:28:31:223 [01] Node version check as user '<sidadm>' returned version: [v8.15.0]
2019-03-18 11:28:31:234 [01] Node version check as user '<sidadm>' returned version: [v8.15.0]
2019-03-18 11:28:31:243 [01] Node version check as user '<sidadm>' returned version: [v8.15.0]
2019-03-18 11:28:42:400 [04] Clear client password(s) ( 'idps_admin') from (SYS_XS_UAA.OAUTH_CLIENT_DETAILS) ...
2019-03-18 11:28:43:926 [04] Restart UAA server
2019-03-18 11:30:11:723 [04] Setting OIDC admin secret
2019-03-18 11:30:11:760 [04] Register the OIDC redirect at UAA
2019-03-18 11:30:11:828 ---------------------------------------------------------------------------------------------------------------------------
2019-03-18 11:30:11:828 | Step                                                         |      Started |      Stopped |         Duration |   State |
2019-03-18 11:30:11:828 ---------------------------------------------------------------------------------------------------------------------------
2019-03-18 11:30:11:830 | [00] Checking preconditions                                  | 11:28:29.679 | 11:28:31.199 |           1.52 s | success |
2019-03-18 11:30:11:830 | [01] Check the cpp runtime version                           | 11:28:31.199 | 11:28:31.243 |            44 ms | success |
2019-03-18 11:30:11:830 | [02] Wait at most 5 minutes for a database connection        | 11:28:31.243 | 11:28:40.718 |           9.47 s | success |
2019-03-18 11:30:11:830 | [03] UAA broker configuration                                | 11:28:40.718 | 11:28:42.306 |           1.58 s | success |
2019-03-18 11:30:11:831 | [04] Configure the OIDC service                              | 11:28:42.306 | 11:30:11.825 |         1 m 29 s | FAILURE |
2019-03-18 11:30:11:831 | [05] Wait for at least one Execution Agent                   | 01:00:00.000 | 01:00:00.000 |             0 ns | not run |
2019-03-18 11:30:11:831 | [06] Hana-Service-Broker configuration                       | 01:00:00.000 | 01:00:00.000 |             0 ns | not run |
2019-03-18 11:30:11:831 | [07] Configure UAA SAML Trust                                | 01:00:00.000 | 01:00:00.000 |             0 ns | not run |
2019-03-18 11:30:11:832 | [08] Organizations and spaces                                | 01:00:00.000 | 01:00:00.000 |             0 ns | not run |
2019-03-18 11:30:11:832 | [26] Environment Configuration|Java Buildpack|Node.js Bui... | 01:00:00.000 | 01:00:00.000 |             0 ns | not run |
2019-03-18 11:30:11:832 |   (p) [09] Environment Configuration                         | 01:00:00.000 | 01:00:00.000 |           (0 ns) | not run |
2019-03-18 11:30:11:832 |   (p) [10] Java Buildpack                                    | 01:00:00.000 | 01:00:00.000 |           (0 ns) | not run |
2019-03-18 11:30:11:832 |   (p) [11] Node.js Buildpack                                 | 01:00:00.000 | 01:00:00.000 |           (0 ns) | not run |
2019-03-18 11:30:11:832 |   (p) [13] Python Buildpack                                  | 01:00:00.000 | 01:00:00.000 |           (0 ns) | not run |
2019-03-18 11:30:11:832 |   (p) [14] JDBC Driver v1                                    | 01:00:00.000 | 01:00:00.000 |           (0 ns) | not run |
2019-03-18 11:30:11:832 |   (p) [15] JDBC Driver v2                                    | 01:00:00.000 | 01:00:00.000 |           (0 ns) | not run |
2019-03-18 11:30:11:832 |   (p) [17] Node.js 6                                         | 01:00:00.000 | 01:00:00.000 |           (0 ns) | not run |
2019-03-18 11:30:11:832 |   (p) [18] Node.js 8                                         | 01:00:00.000 | 01:00:00.000 |           (0 ns) | not run |
2019-03-18 11:30:11:832 |   (p) [19] SAP JVM 8 JRE                                     | 01:00:00.000 | 01:00:00.000 |           (0 ns) | not run |
2019-03-18 11:30:11:832 |   (p) [20] SAP JVM 8                                         | 01:00:00.000 | 01:00:00.000 |           (0 ns) | not run |
2019-03-18 11:30:11:832 |   (p) [21] Tomcat8                                           | 01:00:00.000 | 01:00:00.000 |           (0 ns) | not run |
2019-03-18 11:30:11:832 |   (p) [22] TomEE 1.7                                         | 01:00:00.000 | 01:00:00.000 |           (0 ns) | not run |
2019-03-18 11:30:11:834 |   (p) [23] TomEE 7.0                                         | 01:00:00.000 | 01:00:00.000 |           (0 ns) | not run |
2019-03-18 11:30:11:834 |   (p) [24] Hana-Service-Broker                               | 01:00:00.000 | 01:00:00.000 |           (0 ns) | not run |
2019-03-18 11:30:11:834 |   (p) [25] UAA service broker                                | 01:00:00.000 | 01:00:00.000 |           (0 ns) | not run |
2019-03-18 11:30:11:834 | [27] Instance-Manager                                        | 01:00:00.000 | 01:00:00.000 |             0 ns | not run |
2019-03-18 11:30:11:834 | [28] Set the HANA broker default DB                          | 01:00:00.000 | 01:00:00.000 |             0 ns | not run |
2019-03-18 11:30:11:834 | [29] Audit-Log Service (DB)                                  | 01:00:00.000 | 01:00:00.000 |             0 ns | not run |
2019-03-18 11:30:11:834 | [30] Audit-Log Service (Server)                              | 01:00:00.000 | 01:00:00.000 |             0 ns | not run |
2019-03-18 11:30:11:834 | [31] Audit-Log Service (Broker)                              | 01:00:00.000 | 01:00:00.000 |             0 ns | not run |
2019-03-18 11:30:11:834 | [32] Update of Auditlog Broker bindings                      | 01:00:00.000 | 01:00:00.000 |             0 ns | not run |
2019-03-18 11:30:11:834 | [33] Deploy Service                                          | 01:00:00.000 | 01:00:00.000 |             0 ns | not run |
2019-03-18 11:30:11:834 | [34] Product Installer                                       | 01:00:00.000 | 01:00:00.000 |             0 ns | not run |
2019-03-18 11:30:11:834 | [35] Audit Log UI                                            | 01:00:00.000 | 01:00:00.000 |             0 ns | not run |
2019-03-18 11:30:11:834 | [37] Clear the XSA Secure Store                              | 01:00:00.000 | 01:00:00.000 |             0 ns | not run |
2019-03-18 11:30:11:834 | [38] Setting version                                         | 01:00:00.000 | 01:00:00.000 |             0 ns | not run |
2019-03-18 11:30:11:834 ---------------------------------------------------------------------------------------------------------------------------
2019-03-18 11:30:11:834 | Sum                                                          | 11:28:29.679 | 11:30:11.825 |         1 m 42 s |         |
2019-03-18 11:30:11:834 ---------------------------------------------------------------------------------------------------------------------------
2019-03-18 11:30:12:033 ERROR: Fatal error occurred during installation
2019-03-18 11:30:12:033 com.sap.xs2rt.core.installation.exceptions.InstExceptionBase: Configuration of the OID service failed
2019-03-18 11:30:12:033 	at com.sap.xs2rt.installation.impl.hana.content.InitializeOIDService.configureOidcService(InitializeOIDService.java:100)
2019-03-18 11:30:12:034 	at com.sap.xs2rt.installation.impl.hana.content.InitializeOIDService.install(InitializeOIDService.java:71)
2019-03-18 11:30:12:034 	at com.sap.xs2rt.installation.impl.hana.content.InitializeOIDService.update(InitializeOIDService.java:107)
2019-03-18 11:30:12:034 	at com.sap.xs2rt.installation.steps.InstallationStep.updateAndMeasure(InstallationStep.java:171)
2019-03-18 11:30:12:034 	at com.sap.xs2rt.installation.procedures.InstallationProcedure.executeStep(InstallationProcedure.java:125)
2019-03-18 11:30:12:034 	at com.sap.xs2rt.installation.procedures.InstallationProcedure.perform(InstallationProcedure.java:216)
2019-03-18 11:30:12:034 	at com.sap.xs2rt.installation.impl.hana.content.HanaContentInstallUpdateProcedure.main(HanaContentInstallUpdateProcedure.java:126)
2019-03-18 11:30:12:034 Caused by: java.io.IOException: PUT request to https://uaa-server.rbe.plus:30033/uaa-security-oidc/identity-providers/oidc/register failed with response code 500: Could not register IdpConfiguration
2019-03-18 11:30:12:034 	at com.sap.xs2rt.core.installation.utils.OidcConfigHelper.httpPUTContent(OidcConfigHelper.java:98)
2019-03-18 11:30:12:034 	at com.sap.xs2rt.core.installation.utils.OidcConfigHelper.registerCall(OidcConfigHelper.java:67)
2019-03-18 11:30:12:034 	at com.sap.xs2rt.installation.impl.hana.content.InitializeOIDService.configureOidcService(InitializeOIDService.java:98)
2019-03-18 11:30:12:034 	... 6 more

There are some details in xsoidc_0.log about this failing request:

18-Mar-2019 11:30:04.980 SEVERE [https-jsse-nio-127.0.0.1-30031-exec-6] com.sap.xs2.oidc.web.RestAPIController.registerIdP Could not register IdpConfiguration
 error="access_denied", error_description="Access token denied."
	at org.springframework.security.oauth2.client.token.OAuth2AccessTokenSupport.retrieveToken(OAuth2AccessTokenSupport.java:142)
	at org.springframework.security.oauth2.client.token.grant.client.ClientCredentialsAccessTokenProvider.obtainAccessToken(ClientCredentialsAccessTokenProvider.java:44)
	at org.springframework.security.oauth2.client.token.AccessTokenProviderChain.obtainNewAccessTokenInternal(AccessTokenProviderChain.java:148)
	at org.springframework.security.oauth2.client.token.AccessTokenProviderChain.obtainAccessToken(AccessTokenProviderChain.java:121)
...

Caused by: error="invalid_request", error_description="OAuth Error"
	at org.springframework.security.oauth2.common.exceptions.OAuth2ExceptionJackson2Deserializer.deserialize(OAuth2ExceptionJackson2Deserializer.java:119)
	at org.springframework.security.oauth2.common.exceptions.OAuth2ExceptionJackson2Deserializer.deserialize(OAuth2ExceptionJackson2Deserializer.java:33)
	at com.fasterxml.jackson.databind.ObjectMapper._readMapAndClose(ObjectMapper.java:4013)
	at com.fasterxml.jackson.databind.ObjectMapper.readValue(ObjectMapper.java:3084)

OIDC seems to be a new component which has not been there in 1.0.88. Why is it failing? What can I do? Unfortunately I have no access to "Schedule an Expert", "Expert Chat" or Incidents, since this is an HANA Express Instance (although, with paid license!) and it is not visible in the installation list in Support Launchpad.

Any help would be appreciated!

Best Regards,

Fabian

Show replies
Show replies
former_member313697
Discoverer
‎04-05-2019 11:54 AM
0 Kudos

Hello Fabian,

we have the same issue. You found something to fix the issue?

BR

Stergios

Answer

Accepted Solutions (0)

Answers (1)

Answers (1)

former_member313697
Discoverer
‎04-12-2019 8:13 AM

Hello,

if there is an entry in the parameter xsuaaserver.ini / zones.internal.hostnames, it is mandatory to set the IP address "127.0.0.1."

Otherwise the update terminates with the above error message.

BR

Stergios

Show replies
Show replies
fabian_krger
Participant
‎06-01-2019 1:45 PM
0 Kudos

Hello Stergios,

I also have an entry in the zones.internal.hostnames setting. Good hint! I will probably try the next upgrade with SPS 04 and check if this resolves my issue as well.

Thanks,

Fabian

Ask a Question