WSO2 iOT iOS Agent cannot login

Question

We are facing an issue with IOS device enrollment to wso2 IoT server 3.3.0 . We installed IOS featured and MDM certificates by following this doc https://docs.wso2.com/display/IOTS330/iOS+Configurations. But when enrolling from IOS without using the agent from safari it throwing 500 error

HTTP Status 500 - org.mozilla.javascript.JavaScriptException: Error: {/app/modules/oauth/token-handlers.js} Could not set up access token pair by password grant type. Encoded client credentials are missing - setupTokenPairByPasswordGrantType(x, y) (/ios-web-agent/app/modules/oauth/token-handlers.js#44)
Status report
org.mozilla.javascript.JavaScriptException: Error: {/app/modules/oauth/token-handlers.js} Could not set up access token pair by password grant type. Encoded client credentials are missing - setupTokenPairByPasswordGrantType(x, y) (/ios-web-agent/app/modules/oauth/token-handlers.js#44)
description
The server encountered an internal error that prevented it from fulfilling this request.
Apache Tomcat/7.0.85

We tried by creating new tenant and user, but no luck. Please see the wso2carbon.log below. It seems like the API call https://IOT-SERVER:9443/api-application-registration/register/tenants?tenantDomain=carbon.super&applicationName=ios-webapp-carbon.super is failing with 401. Could you please help us to solve this?

0 bytes written {org.apache.http.nio.reactor.ssl.SSLIOSession}

[2018-08-28 00:34:45,784] DEBUG -  http-outgoing-397: Produce output {org.apache.synapse.transport.http.conn.LoggingNHttpClientConnection}

[2018-08-28 00:34:45,784] DEBUG -  I/O session http-outgoing-397-250 192.168.3.216:54504<->192.168.3.216:9443[ACTIVE][rw:w][ACTIVE][rw][NOT_HANDSHAKING][0][0][1189][0]: 1105 bytes written {org.apache.http.nio.reactor.ssl.SSLIOSession}

[2018-08-28 00:34:45,785] DEBUG -  HTTPS-Sender I/O dispatcher-4 << "POST /api-application-registration/register/tenants?tenantDomain=carbon.super&applicationName=ios-webapp-carbon.super HTTP/1.1[\r][\n]" {org.apache.synapse.transport.http.wire}

[2018-08-28 00:34:45,785] DEBUG -  HTTPS-Sender I/O dispatcher-4 << "X-JWT-Assertion: eyJhbGciOiJSUzI1NiJ9.eyJzdWIiOi************************************kbWluQGNhcmJvbi5zdXBlciIsImV4cCI6MTUzNTUwMTY4NSwiaWF0IjoxNTM1NDQxNjg1LCJqdGkiOiIxNTM1NDQxNjg1NjkwMTQ5NTMwODMxNyJ9.jvxyzu4CwQKKJy2HL-H48PxP-9jOR1qC_ca_I3WbU3EuBe4yYw6RxYuWZOsNLJWsy77S_KPl3WlV4gUGnd4IsQHEnMARv_dYCtsEqpxAcT6Ga2ysfwCCtsuitgb_va65QmbYsBiMz2TOS-dVzzrdcbmljnTwUybvkAvCRY-R-ym16WgY7LY-mV2P5q-2q-DTeor6uGHFYrbuWaYIP3WlcoWByzIlsKbKnMGRTfal5bEIMmDg77Ah73CKj1V2NX0PugywEUmplEXAICBzvGlw4Ee5NuvllqDiNtER1fKkWnGgrZt561bi2D1436MQi4Tpy1dm_Qh2P0wMKQD6-FmNtw[\r][\n]" {org.apache.synapse.transport.http.wire}

[2018-08-28 00:34:45,785] DEBUG -  HTTPS-Sender I/O dispatcher-4 << "Content-Type: application/json; charset=UTF-8[\r][\n]" {org.apache.synapse.transport.http.wire}

[2018-08-28 00:34:45,785] DEBUG -  HTTPS-Sender I/O dispatcher-4 << "Transfer-Encoding: chunked[\r][\n]" {org.apache.synapse.transport.http.wire}

[2018-08-28 00:34:45,785] DEBUG -  HTTPS-Sender I/O dispatcher-4 << "Host: IOT server:9443[\r][\n]" {org.apache.synapse.transport.http.wire}

[2018-08-28 00:34:45,785] DEBUG -  HTTPS-Sender I/O dispatcher-4 << "Connection: Keep-Alive[\r][\n]" {org.apache.synapse.transport.http.wire}

[2018-08-28 00:34:45,785] DEBUG -  HTTPS-Sender I/O dispatcher-4 << "User-Agent: Synapse-PT-HttpComponents-NIO[\r][\n]" {org.apache.synapse.transport.http.wire}

[2018-08-28 00:34:45,785] DEBUG -  HTTPS-Sender I/O dispatcher-4 << "[\r][\n]" {org.apache.synapse.transport.http.wire}

[2018-08-28 00:34:45,785] DEBUG -  HTTPS-Sender I/O dispatcher-4 << "0[\r][\n]" {org.apache.synapse.transport.http.wire}

[2018-08-28 00:34:45,785] DEBUG -  HTTPS-Sender I/O dispatcher-4 << "[\r][\n]" {org.apache.synapse.transport.http.wire}

[2018-08-28 00:34:45,786] DEBUG -  I/O session http-outgoing-397-250 192.168.3.216:54504<->192.168.3.216:9443[ACTIVE][rw:w][ACTIVE][rw][NOT_HANDSHAKING][0][0][1189][0]: Clear event [w] {org.apache.http.nio.reactor.ssl.SSLIOSession}

[2018-08-28 00:34:45,786] DEBUG -  Adding tenant: -1234, isTenantLoaded: false {org.wso2.carbon.registry.indexing.internal.IndexingServiceComponent}

[2018-08-28 00:34:45,786] DEBUG -  Size of initializedTenants after adding tenant -1234: 1 {org.wso2.carbon.registry.indexing.internal.IndexingServiceComponent}

[2018-08-28 00:34:45,788] DEBUG -  Failed to authorize incoming request , API : %2Fapi-application-registration%2Fregister%2Ftenants {org.wso2.carbon.webapp.authenticator.framework.WebappAuthenticationValve}

[2018-08-28 00:34:45,788] DEBUG -  http-outgoing-397: Consume input {org.apache.synapse.transport.http.conn.LoggingNHttpClientConnection}

[2018-08-28 00:34:45,788] DEBUG -  I/O session http-outgoing-397-250 192.168.3.216:54504<->192.168.3.216:9443[ACTIVE][r:r][ACTIVE][r][NOT_HANDSHAKING][0][0][0][0]: 195 bytes read {org.apache.http.nio.reactor.ssl.SSLIOSession}

[2018-08-28 00:34:45,789] DEBUG -  HTTPS-Sender I/O dispatcher-4 >> "HTTP/1.1 401 Unauthorized[\r][\n]" {org.apache.synapse.transport.http.wire}

[2018-08-28 00:34:45,789] DEBUG -  HTTPS-Sender I/O dispatcher-4 >> "Content-Type: application/xml;charset=UTF-8[\r][\n]" {org.apache.synapse.transport.http.wire}

[2018-08-28 00:34:45,789] DEBUG -  HTTPS-Sender I/O dispatcher-4 >> "Content-Length: 36[\r][\n]" {org.apache.synapse.transport.http.wire}

[2018-08-28 00:34:45,789] DEBUG -  HTTPS-Sender I/O dispatcher-4 >> "Date: Tue, 28 Aug 2018 07:34:45 GMT[\r][\n]" {org.apache.synapse.transport.http.wire}

[2018-08-28 00:34:45,789] DEBUG -  HTTPS-Sender I/O dispatcher-4 >> "Server: WSO2 Carbon Server[\r][\n]" {org.apache.synapse.transport.http.wire}

[2018-08-28 00:34:45,789] DEBUG -  HTTPS-Sender I/O dispatcher-4 >> "[\r][\n]" {org.apache.synapse.transport.http.wire}

[2018-08-28 00:34:45,789] DEBUG -  HTTPS-Sender I/O dispatcher-4 >> "Failed to authorize incoming request" {org.apache.synapse.transport.http.wire}

[2018-08-28 00:34:45,789] DEBUG -  http-outgoing-397 << HTTP/1.1 401 Unauthorized {org.apache.synapse.transport.http.headers}

[2018-08-28 00:34:45,789] DEBUG -  http-outgoing-397 << Content-Type: application/xml;charset=UTF-8 {org.apache.synapse.transport.http.headers}

[2018-08-28 00:34:45,789] DEBUG -  http-outgoing-397 << Content-Length: 36 {org.apache.synapse.transport.http.headers}

[2018-08-28 00:34:45,790] DEBUG -  http-outgoing-397 << Date: Tue, 28 Aug 2018 07:34:45 GMT {org.apache.synapse.transport.http.headers}

[2018-08-28 00:34:45,790] DEBUG -  http-outgoing-397 << Server: WSO2 Carbon Server {org.apache.synapse.transport.http.headers}

[2018-08-28 00:34:45,790] DEBUG -  I/O session http-outgoing-397-250 192.168.3.216:54504<->192.168.3.216:9443[ACTIVE][r:r][ACTIVE][r][NOT_HANDSHAKING][0][0][0][0]: Set attribute RES_HEADER_ARRIVAL_TIME {org.apache.http.nio.reactor.ssl.SSLIOSession}

[2018-08-28 00:34:45,790] DEBUG -  I/O session http-outgoing-397-250 192.168.3.216:54504<->192.168.3.216:9443[ACTIVE][r:r][ACTIVE][r][NOT_HANDSHAKING][0][0][0][0]: Set attribute RES_FROM_BACKEND_READ_START_TIME {org.apache.http.nio.reactor.ssl.SSLIOSession}

[2018-08-28 00:34:45,790] DEBUG -  I/O session http-incoming-860-249 192.168.3.216:8243<->192.168.3.216:41245[ACTIVE][:r][ACTIVE][][NOT_HANDSHAKING][0][0][0][0]: Set attribute CLIENT_WORKER_INIT_TIME {org.apache.http.nio.reactor.ssl.SSLIOSession}

[2018-08-28 00:34:45,790] DEBUG -  getAction (null) from org.apache.axis2.client.Options@5314693d {org.apache.axis2.client.Options}

[2018-08-28 00:34:45,790] DEBUG -  Old SoapAction is (null) {org.apache.axis2.context.MessageContext}

Answer 1

The error throwing was: Mobile app side error

HTTP Status 500 - org.mozilla.javascript.JavaScriptException: Error: {/app/modules/oauth/token-handlers.js} Could not set up access token pair by password grant type. Encoded client credentials are missing - setupTokenPairByPasswordGrantType(x, y) (/ios-web-agent/app/modules/oauth/token-handlers.js#44) Status report org.mozilla.javascript.JavaScriptException: Error: {/app/modules/oauth/token-handlers.js} Could not set up access token pair by password grant type. Encoded client credentials are missing - setupTokenPairByPasswordGrantType(x, y) (/ios-web-agent/app/modules/oauth/token-handlers.js#44) description The server encountered an internal error that prevented it from fulfilling this request. Apache Tomcat/7.0.85

Server wso2carbon.log :

0 bytes written {org.apache.http.nio.reactor.ssl.SSLIOSession}

[2018-08-28 00:34:45,784] DEBUG -  http-outgoing-397: Produce output 
{org.apache.synapse.transport.http.conn.LoggingNHttpClientConnection}

[2018-08-28 00:34:45,784] DEBUG -  I/O session http-outgoing-397-250
192.168.3.216:54504<->192.168.3.216:9443[ACTIVE][rw:w][ACTIVE][rw] . 
[NOT_HANDSHAKING][0][0][1189][0]: 1105 bytes written 
{org.apache.http.nio.reactor.ssl.SSLIOSession}

[2018-08-28 00:34:45,785] DEBUG -  HTTPS-Sender I/O dispatcher-4 << "POST 
/api-application-registration/register/tenants?            
tenantDomain=carbon.super&applicationName=ios-webapp-carbon.super 
HTTP/1.1[\r][\n]" {org.apache.synapse.transport.http.wire}

[2018-08-28 00:34:45,785] DEBUG -  HTTPS-Sender I/O dispatcher-4 << "X-JWT- 
Assertion: eyJhbGciOiJSUzI1NiJ9.eyJzdWI7LY-mV2P5q-2q-  
{org.apache.synapse.transport.http.wire}

[2018-08-28 00:34:45,785] DEBUG -  HTTPS-Sender I/O dispatcher-4 << "Content- 
Type: application/json; charset=UTF-8[\r][\n]" 
{org.apache.synapse.transport.http.wire}

[2018-08-28 00:34:45,785] DEBUG -  HTTPS-Sender I/O dispatcher-4 << 
"Transfer-Encoding: chunked[\r][\n]" {org.apache.synapse.transport.http.wire}

[2018-08-28 00:34:45,785] DEBUG -  HTTPS-Sender I/O dispatcher-4 << "Host: 
IOT server:9443[\r][\n]" {org.apache.synapse.transport.http.wire}

[2018-08-28 00:34:45,785] DEBUG -  HTTPS-Sender I/O dispatcher-4 << 
"Connection: Keep-Alive[\r][\n]" {org.apache.synapse.transport.http.wire}

[2018-08-28 00:34:45,785] DEBUG -  HTTPS-Sender I/O dispatcher-4 << "User- 
Agent: Synapse-PT-HttpComponents-NIO[\r][\n]" 
{org.apache.synapse.transport.http.wire}

[2018-08-28 00:34:45,785] DEBUG -  HTTPS-Sender I/O dispatcher-4 << "[\r] . 
[\n]" {org.apache.synapse.transport.http.wire}

[2018-08-28 00:34:45,785] DEBUG -  HTTPS-Sender I/O dispatcher-4 << "0[\r] . 
[\n]" {org.apache.synapse.transport.http.wire}

[2018-08-28 00:34:45,785] DEBUG -  HTTPS-Sender I/O dispatcher-4 << "[\r] . 
[\n]" {org.apache.synapse.transport.http.wire}

[2018-08-28 00:34:45,786] DEBUG -  I/O session http-outgoing-397-250
192.168.3.216:54504<->192.168.3.216:9443[ACTIVE][rw:w][ACTIVE][rw] . 
[NOT_HANDSHAKING][0][0][1189][0]: Clear event [w] 
{org.apache.http.nio.reactor.ssl.SSLIOSession}

[2018-08-28 00:34:45,786] DEBUG -  Adding tenant: -1234, isTenantLoaded: 
false {org.wso2.carbon.registry.indexing.internal.IndexingServiceComponent}

[2018-08-28 00:34:45,786] DEBUG -  Size of initializedTenants after adding 
tenant -1234: 1 
{org.wso2.carbon.registry.indexing.internal.IndexingServiceComponent}

[2018-08-28 00:34:45,788] DEBUG -  Failed to authorize incoming request , API 
: %2Fapi-application-registration%2Fregister%2Ftenants 
{org.wso2.carbon.webapp.authenticator.framework.WebappAuthenticationValve}

[2018-08-28 00:34:45,788] DEBUG -  http-outgoing-397: Consume input 
{org.apache.synapse.transport.http.conn.LoggingNHttpClientConnection}

[2018-08-28 00:34:45,788] DEBUG -  I/O session http-outgoing-397-250
192.168.3.216:54504<->192.168.3.216:9443[ACTIVE][r:r][ACTIVE][r] . 
[NOT_HANDSHAKING][0][0][0][0]: 195 bytes read 
{org.apache.http.nio.reactor.ssl.SSLIOSession}

[2018-08-28 00:34:45,789] DEBUG -  HTTPS-Sender I/O dispatcher-4 >> "HTTP/1.1 
401 Unauthorized[\r][\n]" {org.apache.synapse.transport.http.wire}

[2018-08-28 00:34:45,789] DEBUG -  HTTPS-Sender I/O dispatcher-4 >> "Content- 
Type: application/xml;charset=UTF-8[\r][\n]" 
{org.apache.synapse.transport.http.wire}

[2018-08-28 00:34:45,789] DEBUG -  HTTPS-Sender I/O dispatcher-4 >> "Content- 
Length: 36[\r][\n]" {org.apache.synapse.transport.http.wire}

[2018-08-28 00:34:45,789] DEBUG -  HTTPS-Sender I/O dispatcher-4 >> "Date: 
Tue, 28 Aug 2018 07:34:45 GMT[\r][\n]" 
{org.apache.synapse.transport.http.wire}

[2018-08-28 00:34:45,789] DEBUG -  HTTPS-Sender I/O dispatcher-4 >> "Server: 
WSO2 Carbon Server[\r][\n]" {org.apache.synapse.transport.http.wire}

[2018-08-28 00:34:45,789] DEBUG -  HTTPS-Sender I/O dispatcher-4 >> "[\r] . 
[\n]" {org.apache.synapse.transport.http.wire}

[2018-08-28 00:34:45,789] DEBUG -  HTTPS-Sender I/O dispatcher-4 >> "Failed 
to authorize incoming request" {org.apache.synapse.transport.http.wire}

[2018-08-28 00:34:45,789] DEBUG -  http-outgoing-397 << HTTP/1.1 401 
Unauthorized {org.apache.synapse.transport.http.headers}

[2018-08-28 00:34:45,789] DEBUG -  http-outgoing-397 << Content-Type: 
application/xml;charset=UTF-8 {org.apache.synapse.transport.http.headers}

[2018-08-28 00:34:45,789] DEBUG -  http-outgoing-397 << Content-Length: 36 
{org.apache.synapse.transport.http.headers}

[2018-08-28 00:34:45,790] DEBUG -  http-outgoing-397 << Date: Tue, 28 Aug 
2018 07:34:45 GMT {org.apache.synapse.transport.http.headers}

[2018-08-28 00:34:45,790] DEBUG -  http-outgoing-397 << Server: WSO2 Carbon 
Server {org.apache.synapse.transport.http.headers}

[2018-08-28 00:34:45,790] DEBUG -  I/O session http-outgoing-397-250
192.168.3.216:54504<->192.168.3.216:9443[ACTIVE][r:r][ACTIVE][r] . 
[NOT_HANDSHAKING][0][0][0][0]: Set attribute RES_HEADER_ARRIVAL_TIME 
{org.apache.http.nio.reactor.ssl.SSLIOSession}

[2018-08-28 00:34:45,790] DEBUG -  I/O session http-outgoing-397-250
192.168.3.216:54504<->192.168.3.216:9443[ACTIVE][r:r][ACTIVE][r] . 
[NOT_HANDSHAKING]    [0][0][0][0]: Set attribute 
RES_FROM_BACKEND_READ_START_TIME 
{org.apache.http.nio.reactor.ssl.SSLIOSession}

[2018-08-28 00:34:45,790] DEBUG -  I/O session http-incoming-860-249
192.168.3.216:8243<->192.168.3.216:41245[ACTIVE][:r][ACTIVE][] . 
[NOT_HANDSHAKING] . 
[0][0][0][0]: Set attribute CLIENT_WORKER_INIT_TIME 
{org.apache.http.nio.reactor.ssl.SSLIOSession}

[2018-08-28 00:34:45,790] DEBUG -  getAction (null) from 
org.apache.axis2.client.Options@5314693d {org.apache.axis2.client.Options}

[2018-08-28 00:34:45,790] DEBUG -  Old SoapAction is (null) 
{org.apache.axis2.context.MessageContext}

Fix:

edit IOT_HOME/repository/deployment/server/jaggeryapps/ios-web-agent/app/conf/config.json and change owner and adminUser to 'g****@carbon.super' , none of the document says about this file!!

2. After fixing this another error thrown

TID: [-1234] [] [2018-08-29 04:01:18,487] ERROR {org.apache.cxf.interceptor.AbstractFaultChainInitiatorObserver} - Error occurred during error handling, give up! {org.apache.cxf.interceptor.AbstractFaultChainInitiatorObserver} org.apache.cxf.interceptor.Fault: loader constraint violation: when resolving method "org.apache.http.protocol.HttpCoreContext.(Lorg/apache/http/protocol/HttpContext;)V" the class loader (instance of org/wso2/carbon/webapp/mgt/loader/CarbonWebappClassLoader) of the current class, org/apache/http/client/protocol/HttpClientContext, and the class loader (instance of org/eclipse/osgi/internal/baseadaptor/DefaultClassLoader) for the method's defining class, org/apache/http/protocol/HttpCoreContext, have different Class objects for the type org/apache/http/protocol/HttpContext used in the signature at org.apache.cxf.service.invoker.AbstractInvoker.createFault(AbstractInvoker.java:170) at org.apache.cxf.service.invoker.AbstractInvoker.invoke(AbstractInvoker.java:136) at org.apache.cxf.jaxrs.JAXRSInvoker.invoke(JAXRSInvoker.java:204) at org.apache.cxf.jaxrs.JAXRSInvoker.invoke(JAXRSInvoker.java:101) at org.apache.cxf.interceptor.ServiceInvokerInterceptor$1.run(ServiceInvokerInterceptor.java:58) .....

Fix: https://github.com/wso2/product-iots/issues/1818

getting rid of some jar files wso2/lib/runtime/cfx

• httpclient-4.3.6.jar
• httpcore-4.2.4.jar

• commons-logging-1.1.1.jar

  3. There were errors showing about Nullkey

ERROR - An Unknown exception has been captured by global exception mapper. {org.wso2.carbon.apimgt.rest.api.util.exception.GlobalThrowableMapper} java.lang.NullPointerException at org.wso2.carbon.apimgt.rest.api.util.impl.WebAppAuthenticatorImpl.validateScopes(WebAppAuthenticatorImpl.java:152)

java.security.InvalidKeyException: Supplied key (null) is not instance

This happened because we used our own SSL for domain cryptocom instead of script generated selfsigned SSLs, using script generated certificates solved this issue. Need to find the steps to use signed SSL for the domain.

4. WSO2 MDM iPhone profile installation issue (Invalid DER encoding, not ended)

fix:

Hopefully rebuilding ios-features extension from latest p2 repo will solve this error.