[Apiman-user] Token is not active.

Fadi Abdin fadiabdeen at gmail.com
Thu Aug 13 11:52:10 EDT 2015 

Marc / Eric,

Thank you for your help in the past , i really appreciate it . but my issue
did not get resolved yet .

My Application is really simple , i get a token from keycloak and use that
token call API MAN services .

When the application is fresh installed , this problem does not happened
often , but once many users using it and over time , it will start
rejecting tokens with the "Token is not active" message .

for example if my service is on https://myserver.com/api-gateway/myservice
i pass a token like with an access_token parameter

 https://myserver.com/api-gateway/myservice?access_token=<token value>
some time it return a value and some times not . i'm always using a new
browser , so its not the cashing.

The only way to solve the issue is to restart keycloak/apiman , seems they
back in sync .

It started a small problem with dev , but now its expanding because our
product with the QA people and this escalating .. Is there a way you guys
can help us a little more ? is there a paid support ?

Thanks,



On Tue, Aug 11, 2015 at 4:16 AM, Marc Savy <marc.savy at redhat.com> wrote:

> I think this may pertain to the Keycloak OAuth2 token. In which case, I
> provided Fadi with a version containing additional logging to see if we
> could track the issue down.
>
> It's not an issue I've ever been able to replicate, and we don't fiddle
> with the token data in any way, so I don't really see how we could
> affect things.
>
> My only suggestions are to ensure that time is accurate on all of the
> systems (NTP, Chronyd, etc), and I believe this has already been done.
>
>
> On 10/08/2015 18:00, Eric Wittmann wrote:
>
>> How often does this occur?  What is the result?
>>
>> I assume this is triggering a re-login in the UI?
>>
>> There is no caching on the apiman side.  However the tokens issued by
>> keycloak to the apiman UI do have an expiration.  You could try logging
>> into the keycloak auth admin UI and increasing the lifespan of the tokens.
>>
>> Any more details you can provide would be great.
>>
>> -Eric
>>
>> On 8/10/2015 8:56 AM, Fadi Abdin wrote:
>>
>>> I keep getting occasional "Token is not active." on they keycloak side
>>> occasionally . its really frustrating , i cant figure out what could
>>> cause this to happen. everything seems correct.
>>>
>>> Is there caching between API Man and Keycloak i can turn off ?  Have
>>> anyone seeen this behavior ?
>>>
>>> Thanks,
>>> Fadi
>>> Express.com
>>>
>>>
>>> _______________________________________________
>>> Apiman-user mailing list
>>> Apiman-user at lists.jboss.org
>>> https://lists.jboss.org/mailman/listinfo/apiman-user
>>>
>>> _______________________________________________
>> Apiman-user mailing list
>> Apiman-user at lists.jboss.org
>> https://lists.jboss.org/mailman/listinfo/apiman-user
>>
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/apiman-user/attachments/20150813/1f370b40/attachment.html

More information about the Apiman-user mailing list