Graylog 4.0 LDAP issues

limeman38 · November 24, 2020, 7:15pm

I am having an issue setting up AD auth in Graylog 4.0 when I try to save my service account password I get this error:

020-11-24T14:13:30.068-05:00 ERROR [AESTools] Could not encrypt value.
java.security.InvalidKeyException: Illegal key size
at javax.crypto.Cipher.checkCryptoPerm(Cipher.java:1039) ~[?:1.8.0_51]
at javax.crypto.Cipher.init(Cipher.java:1393) ~[?:1.8.0_51]
at javax.crypto.Cipher.init(Cipher.java:1327) ~[?:1.8.0_51]
at org.graylog2.security.AESTools.encrypt(AESTools.java:59) [graylog.jar:?]
at org.graylog2.security.encryption.EncryptedValueService.encrypt(EncryptedValueService.java:44) [graylog.jar:?]
at org.graylog2.security.encryption.EncryptedValueDeserializer.parseSetValue(EncryptedValueDeserializer.java:119) [graylog.jar:?]
at org.graylog2.security.encryption.EncryptedValueDeserializer.deserialize(EncryptedValueDeserializer.java:61) [graylog.jar:?]
at org.graylog2.security.encryption.EncryptedValueDeserializer.deserialize(EncryptedValueDeserializer.java:31) [graylog.jar:?]
at com.fasterxml.jackson.databind.deser.impl.MethodProperty.deserializeSetAndReturn(MethodProperty.java:158) [graylog.jar:?]
at com.fasterxml.jackson.databind.deser.BuilderBasedDeserializer.deserializeFromObject(BuilderBasedDeserializer.java:314) [graylog.jar:?]
at com.fasterxml.jackson.databind.deser.BuilderBasedDeserializer.deserialize(BuilderBasedDeserializer.java:216) [graylog.jar:?]
at com.fasterxml.jackson.databind.jsontype.impl.AsPropertyTypeDeserializer._deserializeTypedForId(AsPropertyTypeDeserializer.java:130) [graylog.jar:?]
at com.fasterxml.jackson.databind.jsontype.impl.AsPropertyTypeDeserializer.deserializeTypedFromObject(AsPropertyTypeDeserializer.java:97) [graylog.jar:?]
at com.fasterxml.jackson.databind.deser.AbstractDeserializer.deserializeWithType(AbstractDeserializer.java:254) [graylog.jar:?]
at com.fasterxml.jackson.databind.deser.impl.MethodProperty.deserializeSetAndReturn(MethodProperty.java:167) [graylog.jar:?]
at com.fasterxml.jackson.databind.deser.BuilderBasedDeserializer.vanillaDeserialize(BuilderBasedDeserializer.java:269) [graylog.jar:?]
at com.fasterxml.jackson.databind.deser.BuilderBasedDeserializer.deserialize(BuilderBasedDeserializer.java:193) [graylog.jar:?]
at com.fasterxml.jackson.databind.ObjectReader._bind(ObjectReader.java:1574) [graylog.jar:?]
at com.fasterxml.jackson.databind.ObjectReader.readValue(ObjectReader.java:965) [graylog.jar:?]
at com.fasterxml.jackson.jaxrs.base.ProviderBase.readFrom(ProviderBase.java:815) [graylog.jar:?]
at org.glassfish.jersey.message.internal.ReaderInterceptorExecutor$TerminalReaderInterceptor.invokeReadFrom(ReaderInterceptorExecutor.java:233) [graylog.jar:?]
at org.glassfish.jersey.message.internal.ReaderInterceptorExecutor$TerminalReaderInterceptor.aroundReadFrom(ReaderInterceptorExecutor.java:212) [graylog.jar:?]
at org.glassfish.jersey.message.internal.ReaderInterceptorExecutor.proceed(ReaderInterceptorExecutor.java:132) [graylog.jar:?]
at org.glassfish.jersey.server.internal.MappableExceptionWrapperInterceptor.aroundReadFrom(MappableExceptionWrapperInterceptor.java:49) [graylog.jar:?]
at org.glassfish.jersey.message.internal.ReaderInterceptorExecutor.proceed(ReaderInterceptorExecutor.java:132) [graylog.jar:?]
at org.glassfish.jersey.message.internal.MessageBodyFactory.readFrom(MessageBodyFactory.java:1072) [graylog.jar:?]
at org.glassfish.jersey.message.internal.InboundMessageContext.readEntity(InboundMessageContext.java:885) [graylog.jar:?]
at org.glassfish.jersey.server.ContainerRequest.readEntity(ContainerRequest.java:274) [graylog.jar:?]
at org.glassfish.jersey.server.internal.inject.EntityParamValueParamProvider$EntityValueSupplier.apply(EntityParamValueParamProvider.java:73) [graylog.jar:?]
at org.glassfish.jersey.server.internal.inject.EntityParamValueParamProvider$EntityValueSupplier.apply(EntityParamValueParamProvider.java:56) [graylog.jar:?]
at org.glassfish.jersey.server.spi.internal.ParamValueFactoryWithSource.apply(ParamValueFactoryWithSource.java:50) [graylog.jar:?]
at org.glassfish.jersey.server.spi.internal.ParameterValueHelper.getParameterValues(ParameterValueHelper.java:68) [graylog.jar:?]
at org.glassfish.jersey.server.model.internal.JavaResourceMethodDispatcherProvider$AbstractMethodParamInvoker.getParamValues(JavaResourceMethodDispatcherProvider.java:109) [graylog.jar:?]
at org.glassfish.jersey.server.model.internal.JavaResourceMethodDispatcherProvider$ResponseOutInvoker.doDispatch(JavaResourceMethodDispatcherProvider.java:176) [graylog.jar:?]
at org.glassfish.jersey.server.model.internal.AbstractJavaResourceMethodDispatcher.dispatch(AbstractJavaResourceMethodDispatcher.java:79) [graylog.jar:?]
at org.glassfish.jersey.server.model.ResourceMethodInvoker.invoke(ResourceMethodInvoker.java:469) [graylog.jar:?]
at org.glassfish.jersey.server.model.ResourceMethodInvoker.apply(ResourceMethodInvoker.java:391) [graylog.jar:?]
at org.glassfish.jersey.server.model.ResourceMethodInvoker.apply(ResourceMethodInvoker.java:80) [graylog.jar:?]
at org.glassfish.jersey.server.ServerRuntime$1.run(ServerRuntime.java:253) [graylog.jar:?]
at org.glassfish.jersey.internal.Errors$1.call(Errors.java:248) [graylog.jar:?]
at org.glassfish.jersey.internal.Errors$1.call(Errors.java:244) [graylog.jar:?]
at org.glassfish.jersey.internal.Errors.process(Errors.java:292) [graylog.jar:?]
at org.glassfish.jersey.internal.Errors.process(Errors.java:274) [graylog.jar:?]
at org.glassfish.jersey.internal.Errors.process(Errors.java:244) [graylog.jar:?]
at org.glassfish.jersey.process.internal.RequestScope.runInScope(RequestScope.java:265) [graylog.jar:?]
at org.glassfish.jersey.server.ServerRuntime.process(ServerRuntime.java:232) [graylog.jar:?]
at org.glassfish.jersey.server.ApplicationHandler.handle(ApplicationHandler.java:680) [graylog.jar:?]
at org.glassfish.jersey.grizzly2.httpserver.GrizzlyHttpContainer.service(GrizzlyHttpContainer.java:356) [graylog.jar:?]
at org.glassfish.grizzly.http.server.HttpHandler$1.run(HttpHandler.java:200) [graylog.jar:?]
at com.codahale.metrics.InstrumentedExecutorService$InstrumentedRunnable.run(InstrumentedExecutorService.java:180) [graylog.jar:?]
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142) [?:1.8.0_51]
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617) [?:1.8.0_51]
at java.lang.Thread.run(Thread.java:745) [?:1.8.0_51]

shoothub · November 25, 2020, 3:16pm

Your java version is very very old: 1.8.0_51 (update 51), latest is 1.8.0_272 (update 272), first try to update it. How did you install java?

limeman38 · November 25, 2020, 4:41pm

Updating to newer OpenJDK fix it for me:

yum install java-11-openjdk java-11-openjdk-headless

Than I ran:

update-alternatives --config java

Change my JDK to be OpenJDK 11 logoff and log on to my server and restarted Graylog. Than I was able to save my service account users password for AD lookups and it works now.

Thanks,
Nick

system · December 9, 2020, 4:41pm

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Graylog AESTools Graylog Central (peer support)	5	998	April 15, 2021
Cannot connect to LDAPS Graylog Central (peer support)	10	1732	March 4, 2022
LDAP auth broken with recent patch? FIPS mode breaks openjdk crypto Graylog Central (peer support)	28	1731	January 1, 2022
Upgrade from 3.3.9 to Graylog 4.0 failed Graylog Central (peer support)	7	1262	December 22, 2020
Graylog not accepting messages over encrypted GELF Graylog Central (peer support)	2	980	June 20, 2018

Graylog 4.0 LDAP issues

Related Topics