POST request to get token is hanging out for all UAA 77.x.x version

[vuquanganhnguyen]

What version of UAA are you running?

77.x.x versions

How are you deploying the UAA?

deployed UAA docker image in kubernetes

What did you do?

upgrading uaa version from 76.31.0 to 77.x.x version

What did you expect to see? What goal are you trying to achieve with the UAA?

Everything works fine as UAA version 76.31.0; POST request to get token is not hanging out

What did you see instead?

Faced with the issue that the first POST request to get token is success, the following requests are hanging without any errors in the logs.

The logs contains two POST request fetching tokens. The first POST request was made at:

[2024-10-15 08:41:13.549] uaa - 1 [http-nio-8080-exec-3] .... DEBUG — FilterChainProxy: Securing POST /oauth/token

and got response without delays:

[2024-10-15 08:41:14.208] uaa - 1 [http-nio-8080-exec-3] .... DEBUG — DispatcherServlet: Completed 200 OK

The second request was made at

[2024-10-15 08:42:18.699] uaa - 1 [http-nio-8080-exec-6] .... DEBUG — FilterChainProxy: Securing POST /oauth/token

and stuck at:
[2024-10-15 08:42:18.943] uaa - 1 [http-nio-8080-exec-6] .... DEBUG — DataSourceUtils: Fetching JDBC Connection from DataSource

The response was received at:
[2024-10-15 08:43:43.745] uaa - 1 [http-nio-8080-exec-6] .... DEBUG — DispatcherServlet: Completed 200 OK

[strehle]

A reason for "hanging" could be fips compliant version of bouncy castle.

Can you provide the docker file and how you setup UAA . You need to set with property
property("java.security.egd", "file:/dev/./urandom")

and we know from some platforms that even then dev/random is used with FIPS version. so you need to gather more random... if the issue is, what I assume that it could be, e.g. https://stackoverflow.com/questions/26021181/not-enough-entropy-to-support-dev-random-in-docker-containers-running-in-boot2d

[vuquanganhnguyen]

Hello @strehle ; following is docker file

FROM tomcat:9.0-jre17 AS uaa-https
RUN apt-get update && apt-get install -y netcat-openbsd && rm -rf /var/lib/apt/lists/*
ENV LOGIN_CONFIG_URL WEB-INF/classes/required_configuration.yml
ENV CLOUD_FOUNDRY_CONFIG_PATH /uaa
ENV JAVA_OPTS="-Djava.security.egd=file:/dev/./urandom"
COPY uaa/uaa/build/libs/cloudfoundry-identity-uaa-*.war /usr/local/tomcat/webapps/uaa.war
COPY log4j2.properties /usr/local/tomcat/conf/
COPY server_https.xml /usr/local/tomcat/conf/server.xml
COPY startup.sh /usr/local/bin/docker-entrypoint.sh
RUN chmod +x /usr/local/bin/docker-entrypoint.sh
HEALTHCHECK --interval=60s --timeout=15s --start-period=30s --retries=3
CMD curl http://127.0.0.1:8080/uaa/.well-known/openid-configuration
EXPOSE 8080
ENTRYPOINT ["docker-entrypoint.sh", "postgres:5432", "-t", "10", "--"]
CMD ["catalina.sh", "run"]

This property("java.security.egd", "file:/dev/./urandom") was added 2 years ago.
Any help would be greatly appreciated.