Solutions
ForgeRock Identity Platform
ForgeRock Identity Cloud

NoSuchMethodError or Failed to decrypt application password error after installing a Java Agent (All versions)

Last updated Feb 10, 2022

The purpose of this article is to provide assistance if you encounter a "java.lang.NoSuchMethodError: com.sun.identity.shared.configuration.SystemPropertiesManager.getAsInt(Ljava/lang/String;I)" after installing the WebLogic Java Agent or a "Failed to decrypt application password" after installing other Java Agents such as Apache Tomcat™. These errors can be seen after starting the application server, or trying to access the agent configuration or application protected by the agent.


Symptoms

You experience issues with the newly installed agent such as:

  • You get an error when starting the web application server.
  • When trying to access an application protected by the agent, you get a 500 Internal Server error instead of being redirected for authentication. 
  • You cannot access the agent configuration.

You will see errors similar to the following when this happens depending on your container: 

  • WebLogic agent:
    • Web application container log:<Feb 7, 2022 11:09:14,609 AM GMT> <Error> <HTTP> <BEA-101020> <[ServletContext@1085609263[app:agentapp module:agentapp.war path:null spec-version:3.1]] Servlet failed with an Exception java.lang.NoSuchMethodError: com.sun.identity.shared.configuration.SystemPropertiesManager.getAsInt(Ljava/lang/String;I)I    at org.forgerock.openam.shared.security.crypto.PBKDF2KeyDerivation.<init>(PBKDF2KeyDerivation.java:80)    at com.sun.identity.agents.arch.AgentConfiguration.setApplicationPassword(AgentConfiguration.java:1480)    at com.sun.identity.agents.arch.AgentConfiguration.bootStrapClientConfiguration(AgentConfiguration.java:1125)    at com.sun.identity.agents.arch.AgentConfiguration.firstTimeConfiguration(AgentConfiguration.java:1516)    at com.sun.identity.agents.filter.AmAgentBaseFilter.initialise(AmAgentBaseFilter.java:206) ...
    • Agent debug log:ERROR: Crypt:: Failed to create instance of org.forgerock.openam.shared.security.crypto.AESWrapEncryption java.lang.reflect.InvocationTargetException  at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)    at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:62)    at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45)    at java.lang.reflect.Constructor.newInstance(Constructor.java:423) ... Caused by: java.lang.NoSuchMethodError: com.sun.identity.shared.configuration.SystemPropertiesManager.getAsInt(Ljava/lang/String;I)I    at org.forgerock.openam.shared.security.crypto.PBKDF2KeyDerivation.<init>(PBKDF2KeyDerivation.java:80)    at org.forgerock.openam.shared.security.crypto.AESWrapEncryption.<init>(AESWrapEncryption.java:76)    ... 59 more amSDK:02/07/2022 11:09:13:386 AM GMT: Thread[[STANDBY] ExecuteThread: '36' for queue: 'weblogic.kernel.Default (self-tuning)',5,Pooled Threads] ERROR: JCEEncryption:: Unsported version: 2 >2022-02-07 11:09:13:387 GMT: [STANDBY] ExecuteThread: '36' for queue: 'weblogic.kernel.Default (self-tuning)'/5/Pooled Threads:02/07/2022 11:09:13:388 AM GMT: Thread[[STANDBY] ExecuteThread: '36' for queue: 'weblogic.kernel.Default (self-tuning)',5,Pooled Threads] CRITICAL: Caught exception while loading configuration org.forgerock.agents.exceptions.FatalConfigurationException: Failed to decrypt application password    at com.sun.identity.agents.arch.AgentConfiguration.setApplicationPassword(AgentConfiguration.java:2023)    at com.sun.identity.agents.arch.AgentConfiguration.bootStrapClientConfiguration(AgentConfiguration.java:1637)
  • Tomcat agent:
    • Agent debug log:amSDK:02/07/2022 11:09:41:695 AM GMT: Thread[https-jsse-nio-198.51.100.0-443-exec-6,5,main]: TransactionId[unknown] ERROR: AESWrapEncryption: malformed input
    • catalina.out (Tomcat web application container log):java.lang.RuntimeException: Failed to decrypt application password  at com.sun.identity.agents.arch.AgentConfiguration.setApplicationPassword(AgentConfiguration.java:1560)    at com.sun.identity.agents.arch.AgentConfiguration.bootStrapClientConfiguration(AgentConfiguration.java:1125)    at com.sun.identity.agents.arch.AgentConfiguration.firstTimeConfiguration(AgentConfiguration.java:1516)
  • All Java agents:
    • Agent debug log:java.lang.RuntimeException: Failed to load configuration: Failed to decrypt application password

Recent Changes

Installed the Java Agent.

Causes

These errors suggest a classpath issue. Typically, this means the classpath is referring to old agent libraries, which is causing the class to be loaded from the wrong jar file.

In the case of WebLogic, the container ships a jar file (oamAuthnProvider.jar), which also includes the com.sun.identity.shared.configuration.SystemPropertiesManager class. This error is usually seen when the class is being loaded from the WebLogic jar instead of the correct one. 

Solution

This issue can be resolved using one of the following approaches:

  • Completely uninstall the old agent and then reinstall the new agent. See Remove Java Agent for further information.
  • Investigate the classpath issue and resolve as required:

WebLogic Java Agent

  1. Include the -verbose:class JVM option when starting the application server to log all class loading and unloading.
  2. Look for the following in the web application container logs to confirm that the class is being loaded from the oamAuthnProvider.jar file: [Loaded com.sun.identity.shared.configuration.SystemPropertiesManager from file:<jar name>]
  3. Update the setAgentEnv_AdminServer.sh file to use PRE_CLASSPATH instead of CLASSPATH to ensure the Agent version of the class is loaded first, for example:# CLASSPATH="${CLASSPATH}${CLASSPATHSEP}${AGENT_CLASSPATH}" # export CLASSPATH PRE_CLASSPATH="${PRE_CLASSPATH}${CLASSPATHSEP}${AGENT_CLASSPATH}" export PRE_CLASSPATH

Other Java Agents

  1. Include the -verbose:class JVM option when starting the application server to log all class loading and unloading.
  2. Look for the following in the web application container logs: [Loaded com.sun.identity.shared.configuration.SystemPropertiesManager from file:<jar name>]
  3. Remove the jar file specified in the above error from the classpath to ensure the class gets loaded from the correct library in future.

See Also

Install Java Agent

Install WebLogic Java Agent

Related Training

N/A

Related Issue Tracker IDs

N/A


Copyright and Trademarks Copyright © 2022 ForgeRock, all rights reserved.