At the IS startup the following error log is given from the WSO2 IS.
TID: [-1234] [Framework Event Dispatcher: Equinox Container: d811a5a1-f0c4-4281-a1db-ce17d0928da4] ERROR {org.wso2.carbon.user.core.config.UserStoreConfigXMLProcessor} - [] encryption of Property=password failed
org.bouncycastle.jcajce.provider.util.BadBlockException: unable to decrypt block
at org.bouncycastle.jcajce.provider.asymmetric.rsa.CipherSpi.getOutput(Unknown Source) ~[bcprov-jdk15on-1.70.jar:1.70.0]
at org.bouncycastle.jcajce.provider.asymmetric.rsa.CipherSpi.engineDoFinal(Unknown Source) ~[bcprov-jdk15on-1.70.jar:1.70.0]
at javax.crypto.Cipher.doFinal(Cipher.java:2164) ~[?:1.8.0_191]
at org.wso2.carbon.user.core.config.UserStoreConfigXMLProcessor.decryptProperty(UserStoreConfigXMLProcessor.java:469) ~[org.wso2.carbon.user.core_4.6.0.87.jar:?]
at org.wso2.carbon.user.core.config.UserStoreConfigXMLProcessor.resolveEncryption(UserStoreConfigXMLProcessor.java:338) [org.wso2.carbon.user.core_4.6.0.87.jar:?]
...
The error log is saying that the password is not encrypted. So what are the steps that can be followed to fix this issue?
To fix this issue, follow the steps given below.
1st scenario (For JDBC user stores)
First, try to find whether the erroneous user store is mentioned in
the wso2carbon.log file.
If so, go to the <IS_HOME>/repository/deployment/server/userstores
and open the user store .xml file.
Then find the <Property name="password">****</Property> This might
even contain an extra attribute like encrypted="true"
Here, you will find the encrypted password.
Then change it to this and save. <Property name="password" encrypted="false">the non encrypted password</Property>
Make sure to add the non encrypted password between the <Property name="password">...</Property> with encrypted is set it to false.
And check the wso2carbon.log whether it is giving an error. If not,
the issue is fixed.
2nd scenario
The .xml file change did not work.
Then start the Management Console and go to user stores and list down the user store and update the password there(You should type the non-encrypted password).
And check the wso2carbon.log to see whether it is giving an error. If not, the issue is fixed.
3rd scenario
The issue is still there even if the user store mentioned in the wso2carbon.log is gone under the 1st and 2nd scenarios.
Then open the Management console and list the user stores to check whether the all the user stores are there.
If there is a user store missing, then the error is related to that and not the one mentioned in the wso2carbon.log The wso2carbon.log is only showing a log related to the last user store.
The follow the steps in the scenario 2 to update the password of the user store that is not getting listed.
4th scenario
The scenario 1 and 2 didn't work and all the user stores are getting listed in the management console.
Then list the users and role and list the user stores there. If there is not a user store getting listed there then the issue is related to that.
Then follow the steps in the scenario 2 to fix that.
5th scenario
There is no <Property name="password">***</Property> in the .xml file.
Then the user store related to that user store can be an LDAP or AD.
Try finding <Property name="ConnectionPassword">****</Property> in the .xml file and follow the steps from 1 to 4.
If all of the scenarios are not working and there is a custom user store in action, get the source code of that user store and debug it.
Even if there is a custom user store in action, the above mentioned steps should help to narrow down the issue.