Issue 728: Unable to use OpenID after default install
Status:  Invalid
Owner: ----
Closed:  Sep 2010
Reported by joshdots...@gmail.com, Sep 13, 2010
Affected Version:
2.1.5

What steps will reproduce the problem?
1. Install default setup
2. Click on Register/Sign In
3. Click Register with a Google Account

What is the expected output? What do you see instead?
Expect to be redirected to sign in using Google. Instead I get "Provider is not supported, or was incorrectly entered."

Please provide any additional information below.
If I change https:// to http:// in the URL in the field, I'm redirected. However, when I'm redirected back to the Gerrit GUI, nothing's changed, and no new users have been added to MySQL.

FWIW, I'm running Debian. I also noticed a bug on here (with the same title).

The following output was generated in my error.log:



[2010-09-13 20:30:49,346] ERROR com.google.gerrit.httpd.auth.openid.OpenIdServiceImpl : Cannot discover OpenID https://www.google.com/accounts/o8/id
org.openid4java.discovery.yadis.YadisException: 0x704: I/O transport error: 
	at org.openid4java.discovery.yadis.YadisResolver.retrieveXrdsLocation(YadisResolver.java:432)
	at org.openid4java.discovery.yadis.YadisResolver.discover(YadisResolver.java:229)
	at org.openid4java.discovery.yadis.YadisResolver.discover(YadisResolver.java:221)
	at org.openid4java.discovery.yadis.YadisResolver.discover(YadisResolver.java:179)
	at org.openid4java.discovery.Discovery.discover(Discovery.java:134)
	at org.openid4java.discovery.Discovery.discover(Discovery.java:114)
	at org.openid4java.consumer.ConsumerManager.discover(ConsumerManager.java:527)
	at com.google.gerrit.httpd.auth.openid.OpenIdServiceImpl.init(OpenIdServiceImpl.java:509)
	at com.google.gerrit.httpd.auth.openid.OpenIdServiceImpl.discover(OpenIdServiceImpl.java:158)
	at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
	at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
	at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
	at java.lang.reflect.Method.invoke(Method.java:616)
	at com.google.gwtjsonrpc.server.MethodHandle.invoke(MethodHandle.java:91)
	at com.google.gwtjsonrpc.server.JsonServlet.doService(JsonServlet.java:382)
	at com.google.gwtjsonrpc.server.JsonServlet.service(JsonServlet.java:268)
	at javax.servlet.http.HttpServlet.service(HttpServlet.java:717)
	at com.google.inject.servlet.ServletDefinition.doService(ServletDefinition.java:216)
	at com.google.inject.servlet.ServletDefinition.service(ServletDefinition.java:141)
	at com.google.inject.servlet.ManagedServletPipeline.service(ManagedServletPipeline.java:93)
	at com.google.inject.servlet.FilterChainInvocation.doFilter(FilterChainInvocation.java:63)
	at com.google.inject.servlet.FilterDefinition.doFilter(FilterDefinition.java:134)
	at com.google.inject.servlet.FilterChainInvocation.doFilter(FilterChainInvocation.java:59)
	at com.google.inject.servlet.FilterDefinition.doFilter(FilterDefinition.java:134)
	at com.google.inject.servlet.FilterChainInvocation.doFilter(FilterChainInvocation.java:59)
	at com.google.gwtexpui.server.CacheControlFilter.doFilter(CacheControlFilter.java:76)
	at com.google.inject.servlet.FilterDefinition.doFilter(FilterDefinition.java:129)
	at com.google.inject.servlet.FilterChainInvocation.doFilter(FilterChainInvocation.java:59)
	at com.google.inject.servlet.FilterDefinition.doFilter(FilterDefinition.java:134)
	at com.google.inject.servlet.FilterChainInvocation.doFilter(FilterChainInvocation.java:59)
	at com.google.gerrit.httpd.RequestCleanupFilter.doFilter(RequestCleanupFilter.java:54)
	at com.google.inject.servlet.FilterDefinition.doFilter(FilterDefinition.java:129)
	at com.google.inject.servlet.FilterChainInvocation.doFilter(FilterChainInvocation.java:59)
	at com.google.inject.servlet.FilterDefinition.doFilter(FilterDefinition.java:134)
	at com.google.inject.servlet.FilterChainInvocation.doFilter(FilterChainInvocation.java:59)
	at com.google.inject.servlet.ManagedFilterPipeline.dispatch(ManagedFilterPipeline.java:122)
	at com.google.inject.servlet.GuiceFilter.doFilter(GuiceFilter.java:110)
	at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1190)
	at org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:424)
	at org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:931)
	at org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:361)
	at org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:867)
	at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:117)
	at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:113)
	at org.eclipse.jetty.server.handler.RequestLogHandler.handle(RequestLogHandler.java:50)
	at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:113)
	at org.eclipse.jetty.server.Server.handle(Server.java:337)
	at org.eclipse.jetty.server.HttpConnection.handleRequest(HttpConnection.java:581)
	at org.eclipse.jetty.server.HttpConnection$RequestHandler.content(HttpConnection.java:1020)
	at org.eclipse.jetty.http.HttpParser.parseNext(HttpParser.java:775)
	at org.eclipse.jetty.http.HttpParser.parseAvailable(HttpParser.java:222)
	at org.eclipse.jetty.server.HttpConnection.handle(HttpConnection.java:417)
	at org.eclipse.jetty.io.nio.SelectChannelEndPoint.run(SelectChannelEndPoint.java:474)
	at org.eclipse.jetty.util.thread.QueuedThreadPool$2.run(QueuedThreadPool.java:437)
	at java.lang.Thread.run(Thread.java:636)
Caused by: javax.net.ssl.SSLException: java.lang.RuntimeException: Unexpected error: java.security.InvalidAlgorithmParameterException: the trustAnchors parameter must be non-empty
	at sun.security.ssl.Alerts.getSSLException(Alerts.java:208)
	at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1611)
	at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1574)
	at sun.security.ssl.SSLSocketImpl.handleException(SSLSocketImpl.java:1557)
	at sun.security.ssl.SSLSocketImpl.handleException(SSLSocketImpl.java:1483)
	at sun.security.ssl.AppOutputStream.write(AppOutputStream.java:83)
	at java.io.BufferedOutputStream.flushBuffer(BufferedOutputStream.java:82)
	at java.io.BufferedOutputStream.flush(BufferedOutputStream.java:140)
	at org.apache.commons.httpclient.HttpConnection.flushRequestOutputStream(HttpConnection.java:827)
	at org.apache.commons.httpclient.MultiThreadedHttpConnectionManager$HttpConnectionAdapter.flushRequestOutputStream(MultiThreadedHttpConnectionManager.java:1525)
	at org.apache.commons.httpclient.HttpMethodBase.writeRequest(HttpMethodBase.java:1975)
	at org.apache.commons.httpclient.HttpMethodBase.execute(HttpMethodBase.java:993)
	at org.apache.commons.httpclient.HttpMethodDirector.executeWithRetry(HttpMethodDirector.java:397)
	at org.apache.commons.httpclient.HttpMethodDirector.executeMethod(HttpMethodDirector.java:170)
	at org.apache.commons.httpclient.HttpClient.executeMethod(HttpClient.java:396)
	at org.apache.commons.httpclient.HttpClient.executeMethod(HttpClient.java:324)
	at org.openid4java.util.HttpCache.head(HttpCache.java:296)
	at org.openid4java.discovery.yadis.YadisResolver.retrieveXrdsLocation(YadisResolver.java:360)
	... 54 more
Caused by: java.lang.RuntimeException: Unexpected error: java.security.InvalidAlgorithmParameterException: the trustAnchors parameter must be non-empty
	at sun.security.validator.PKIXValidator.<init>(PKIXValidator.java:75)
	at sun.security.validator.Validator.getInstance(Validator.java:178)
	at sun.security.ssl.X509TrustManagerImpl.getValidator(X509TrustManagerImpl.java:129)
	at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:225)
	at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:270)
	at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:973)
	at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:142)
	at sun.security.ssl.Handshaker.processLoop(Handshaker.java:533)
	at sun.security.ssl.Handshaker.process_record(Handshaker.java:471)
	at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:904)
	at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1116)
	at sun.security.ssl.SSLSocketImpl.writeRecord(SSLSocketImpl.java:643)
	at sun.security.ssl.AppOutputStream.write(AppOutputStream.java:78)
	... 66 more
Caused by: java.security.InvalidAlgorithmParameterException: the trustAnchors parameter must be non-empty
	at java.security.cert.PKIXParameters.setTrustAnchors(PKIXParameters.java:200)
	at java.security.cert.PKIXParameters.<init>(PKIXParameters.java:120)
	at java.security.cert.PKIXBuilderParameters.<init>(PKIXBuilderParameters.java:104)
	at sun.security.validator.PKIXValidator.<init>(PKIXValidator.java:73)
	... 78 more
Sep 13, 2010
#1 joshdots...@gmail.com
Turns out this is almost an exact duplicate of this issue: https://code.google.com/p/gerrit/issues/detail?id=513

I'm still clearly not getting useful information from the error log that addresses this issue. Fixed by symlinking: ln -sf /etc/java-6-sun/security/cacerts /usr/lib/jvm/java-6-openjdk/jre/lib/security/cacerts
Sep 15, 2010
#2 sop@google.com
(No comment was entered for this change.)
Status: Invalid
Jul 26, 2011
#3 mailtode...@gmail.com
i amalso getting same error. please help