KB Article #176256
Cannot access OAuth Client Application after changing the gateway's passphrase
Problem
-- Accessing the OAuth Client Application on port 8089 after changing the gateway's passphrase returns HTTP 500 and the trace reports IllegalStateException as shown below.
non-recoverable error handling transaction:
java.lang.IllegalStateException: The store is in admin mode. This is becasue a type change or a passphrase change occurred. Run kpsadmin migrate or re-encrypt option to address this issue.
at com.vordel.kps.storeImpl.AbstractTransaction.checkMode(AbstractTransaction.java:201)
at com.vordel.kps.storeImpl.AbstractTransaction.iterator(AbstractTransaction.java:171)
at com.vordel.common.util.Functional$1.iterator(Functional.java:18)
at com.vordel.persistence.kps.KpsSearchResult.iterator(KpsSearchResult.java:29)
...
Resolution
* A gateway passphrase change means any data housed by KPS needs to be encrypted with the new passphrase. OAuth uses the KPS for storing information about OAuth Applications and storing OAuth Tokens if chosen as the OAuth Access Token Store. KPS fields marked encrypted use the gateway's cipher, which uses the passphrase, to encrypt sensitive information such as the oauth access token string, the client secret, etc.
As such, after changing the passphrase, you need to run kpsadmin and re-encrypt the following tables to fix the issue:
OAuth_AuthZCodes
OAuth_AccessTokens
API Server_PortalApiKeyStore
API Server_PortalApplicationStore
API Server_PortalOAuthResourcesStore
OAuth_RefreshTokens
API Server_PortalOAuthStore