[Apiman-user] Token is not active.

Eric Wittmann eric.wittmann at redhat.com
Wed Aug 12 15:36:25 EDT 2015


Is this something you can reproduce?  Or just something that happened once?

What did you experience when this occurred?  Did you get sent to the 
login page?  Did you get a blank page?  Error in the UI?

-Eric

On 8/12/2015 3:23 PM, Helio Frota wrote:
> hi all ,
>
> I get this one too.
>
> I don't know if i clicked on some button or link or just error arise
> from another dimension.
>
> *16:06:37,817 INFO*  [stdout] (default task-59) Updated plan: PlanBean
> [organization=OrganizationBean [id=HeavyMetalOrg, name=HeavyMetalOrg,
> description=The Heavy Metal Universe, createdBy=admin,
> createdOn=2015-08-12 15:57:02.829, modifiedBy=admin,
> modifiedOn=2015-08-12 15:57:02.829], id=soundsLikeAPlan,
> name=soundsLikeAPlan, description=454test, createdBy=admin,
> createdOn=2015-08-12 15:59:41.355]
> *16:07:56,984 INFO*  [stdout] (default task-6) Getting info for user admin
> *16:09:27,427 ERROR*
> [org.keycloak.adapters.BearerTokenRequestAuthenticator] (default
> task-28) Failed to verify token: org.keycloak.VerificationException:
> Token is not active.
>      at
> org.keycloak.RSATokenVerifier.verifyToken(RSATokenVerifier.java:46)
> [keycloak-core-1.2.0.Final.jar:1.2.0.Final]
>      at
> org.keycloak.RSATokenVerifier.verifyToken(RSATokenVerifier.java:16)
> [keycloak-core-1.2.0.Final.jar:1.2.0.Final]
>      at
> org.keycloak.adapters.BearerTokenRequestAuthenticator.authenticateToken(BearerTokenRequestAuthenticator.java:67)
> [keycloak-adapter-core-1.2.0.Final.jar:1.2.0.Final]
>      at
> org.keycloak.adapters.BearerTokenRequestAuthenticator.authenticate(BearerTokenRequestAuthenticator.java:62)
> [keycloak-adapter-core-1.2.0.Final.jar:1.2.0.Final]
>      at
> org.keycloak.adapters.RequestAuthenticator.authenticate(RequestAuthenticator.java:45)
> [keycloak-adapter-core-1.2.0.Final.jar:1.2.0.Final]
>      at
> org.keycloak.adapters.undertow.AbstractUndertowKeycloakAuthMech.keycloakAuthenticate(AbstractUndertowKeycloakAuthMech.java:114)
> [keycloak-undertow-adapter-1.2.0.Final.jar:1.2.0.Final]
>      at
> org.keycloak.adapters.undertow.ServletKeycloakAuthMech.authenticate(ServletKeycloakAuthMech.java:94)
> [keycloak-undertow-adapter-1.2.0.Final.jar:1.2.0.Final]
>      at
> io.undertow.security.impl.SecurityContextImpl$AuthAttempter.transition(SecurityContextImpl.java:281)
> [undertow-core-1.1.0.Final.jar:1.1.0.Final]
>      at
> io.undertow.security.impl.SecurityContextImpl$AuthAttempter.transition(SecurityContextImpl.java:298)
> [undertow-core-1.1.0.Final.jar:1.1.0.Final]
>      at
> io.undertow.security.impl.SecurityContextImpl$AuthAttempter.access$100(SecurityContextImpl.java:268)
> [undertow-core-1.1.0.Final.jar:1.1.0.Final]
>      at
> io.undertow.security.impl.SecurityContextImpl.attemptAuthentication(SecurityContextImpl.java:131)
> [undertow-core-1.1.0.Final.jar:1.1.0.Final]
>      at
> io.undertow.security.impl.SecurityContextImpl.authTransition(SecurityContextImpl.java:106)
> [undertow-core-1.1.0.Final.jar:1.1.0.Final]
>      at
> io.undertow.security.impl.SecurityContextImpl.authenticate(SecurityContextImpl.java:99)
> [undertow-core-1.1.0.Final.jar:1.1.0.Final]
>      at
> io.undertow.servlet.handlers.security.ServletAuthenticationCallHandler.handleRequest(ServletAuthenticationCallHandler.java:54)
> [undertow-servlet-1.1.0.Final.jar:1.1.0.Final]
>      at
> io.undertow.server.handlers.DisableCacheHandler.handleRequest(DisableCacheHandler.java:33)
> [undertow-core-1.1.0.Final.jar:1.1.0.Final]
>      at
> io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
> [undertow-core-1.1.0.Final.jar:1.1.0.Final]
>      at
> io.undertow.security.handlers.AuthenticationConstraintHandler.handleRequest(AuthenticationConstraintHandler.java:51)
> [undertow-core-1.1.0.Final.jar:1.1.0.Final]
>      at
> io.undertow.security.handlers.AbstractConfidentialityHandler.handleRequest(AbstractConfidentialityHandler.java:45)
> [undertow-core-1.1.0.Final.jar:1.1.0.Final]
>      at
> io.undertow.servlet.handlers.security.ServletConfidentialityConstraintHandler.handleRequest(ServletConfidentialityConstraintHandler.java:63)
> [undertow-servlet-1.1.0.Final.jar:1.1.0.Final]
>      at
> io.undertow.servlet.handlers.security.ServletSecurityConstraintHandler.handleRequest(ServletSecurityConstraintHandler.java:56)
> [undertow-servlet-1.1.0.Final.jar:1.1.0.Final]
>      at
> io.undertow.security.handlers.AuthenticationMechanismsHandler.handleRequest(AuthenticationMechanismsHandler.java:58)
> [undertow-core-1.1.0.Final.jar:1.1.0.Final]
>      at
> io.undertow.servlet.handlers.security.CachedAuthenticatedSessionHandler.handleRequest(CachedAuthenticatedSessionHandler.java:70)
> [undertow-servlet-1.1.0.Final.jar:1.1.0.Final]
>      at
> io.undertow.security.handlers.SecurityInitialHandler.handleRequest(SecurityInitialHandler.java:76)
> [undertow-core-1.1.0.Final.jar:1.1.0.Final]
>      at
> io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
> [undertow-core-1.1.0.Final.jar:1.1.0.Final]
>      at
> org.wildfly.extension.undertow.security.jacc.JACCContextIdHandler.handleRequest(JACCContextIdHandler.java:61)
>      at
> io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
> [undertow-core-1.1.0.Final.jar:1.1.0.Final]
>      at
> org.keycloak.adapters.undertow.ServletPreAuthActionsHandler.handleRequest(ServletPreAuthActionsHandler.java:69)
> [keycloak-undertow-adapter-1.2.0.Final.jar:1.2.0.Final]
>      at
> io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
> [undertow-core-1.1.0.Final.jar:1.1.0.Final]
>      at
> io.undertow.servlet.handlers.ServletInitialHandler.handleFirstRequest(ServletInitialHandler.java:261)
> [undertow-servlet-1.1.0.Final.jar:1.1.0.Final]
>      at
> io.undertow.servlet.handlers.ServletInitialHandler.dispatchRequest(ServletInitialHandler.java:247)
> [undertow-servlet-1.1.0.Final.jar:1.1.0.Final]
>      at
> io.undertow.servlet.handlers.ServletInitialHandler.access$000(ServletInitialHandler.java:76)
> [undertow-servlet-1.1.0.Final.jar:1.1.0.Final]
>      at
> io.undertow.servlet.handlers.ServletInitialHandler$1.handleRequest(ServletInitialHandler.java:166)
> [undertow-servlet-1.1.0.Final.jar:1.1.0.Final]
>      at
> io.undertow.server.Connectors.executeRootHandler(Connectors.java:197)
> [undertow-core-1.1.0.Final.jar:1.1.0.Final]
>      at
> io.undertow.server.HttpServerExchange$1.run(HttpServerExchange.java:759)
> [undertow-core-1.1.0.Final.jar:1.1.0.Final]
>      at
> java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
> [rt.jar:1.8.0_45]
>      at
> java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
> [rt.jar:1.8.0_45]
>      at java.lang.Thread.run(Thread.java:745) [rt.jar:1.8.0_45]
>
>
>
>
>
> On Tue, Aug 11, 2015 at 5:16 AM, Marc Savy <marc.savy at redhat.com
> <mailto:marc.savy at redhat.com>> wrote:
>
>     I think this may pertain to the Keycloak OAuth2 token. In which case, I
>     provided Fadi with a version containing additional logging to see if we
>     could track the issue down.
>
>     It's not an issue I've ever been able to replicate, and we don't fiddle
>     with the token data in any way, so I don't really see how we could
>     affect things.
>
>     My only suggestions are to ensure that time is accurate on all of the
>     systems (NTP, Chronyd, etc), and I believe this has already been done.
>
>     On 10/08/2015 18:00, Eric Wittmann wrote:
>      > How often does this occur?  What is the result?
>      >
>      > I assume this is triggering a re-login in the UI?
>      >
>      > There is no caching on the apiman side.  However the tokens issued by
>      > keycloak to the apiman UI do have an expiration.  You could try
>     logging
>      > into the keycloak auth admin UI and increasing the lifespan of
>     the tokens.
>      >
>      > Any more details you can provide would be great.
>      >
>      > -Eric
>      >
>      > On 8/10/2015 8:56 AM, Fadi Abdin wrote:
>      >> I keep getting occasional "Token is not active." on they
>     keycloak side
>      >> occasionally . its really frustrating , i cant figure out what could
>      >> cause this to happen. everything seems correct.
>      >>
>      >> Is there caching between API Man and Keycloak i can turn off ?  Have
>      >> anyone seeen this behavior ?
>      >>
>      >> Thanks,
>      >> Fadi
>      >> Express.com
>      >>
>      >>
>      >> _______________________________________________
>      >> Apiman-user mailing list
>      >> Apiman-user at lists.jboss.org <mailto:Apiman-user at lists.jboss.org>
>      >> https://lists.jboss.org/mailman/listinfo/apiman-user
>      >>
>      > _______________________________________________
>      > Apiman-user mailing list
>      > Apiman-user at lists.jboss.org <mailto:Apiman-user at lists.jboss.org>
>      > https://lists.jboss.org/mailman/listinfo/apiman-user
>      >
>
>     _______________________________________________
>     Apiman-user mailing list
>     Apiman-user at lists.jboss.org <mailto:Apiman-user at lists.jboss.org>
>     https://lists.jboss.org/mailman/listinfo/apiman-user
>
>
>
>
> _______________________________________________
> Apiman-user mailing list
> Apiman-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/apiman-user
>


More information about the Apiman-user mailing list