<div dir="ltr"><div><div><div><b>16:07:56,984 INFO</b> [stdout] (default task-6) Getting info for user admin<br><span style="color:rgb(204,0,0)"><b>16:09:27,427 ERROR</b></span> [org.keycloak.adapters.BearerTokenRequestAuthenticator] (default task-28) Failed to verify token: org.keycloak.<br><br></div>almost 2 min of inactivity.. <br><br></div>but i did a try with more minutes and no errors ... <br><br><b>16:36</b>:09,869 INFO [stdout] (default task-8) Got organization HeavyMetalOrg: OrganizationBean [id=HeavyMetalOrg, name=HeavyMetalOrg, description=The Heavy Metal Universe, createdBy=admin, createdOn=2015-08-12 15:57:02.829, modifiedBy=admin, modifiedOn=2015-08-12 15:57:02.829]<br><b>16:42</b>:06,805 INFO [stdout] (default task-9) Getting info for user admin<br><br></div><br></div><div class="gmail_extra"><br><div class="gmail_quote">On Wed, Aug 12, 2015 at 4:40 PM, Helio Frota <span dir="ltr"><<a href="mailto:00hf11@gmail.com" target="_blank">00hf11@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr"><div><div><span class=""><div>Is this something you can reproduce? Or just something that happened once?<br><br></div></span>unfortunately no. just once.<span class=""><br><br>What did you experience when this occurred? Did you get sent to the login page? Did you get a blank page? Error in the UI?<br><br></span></div>nothing, just navigating , clicking etc.. no blank page or error in the UI.<br><br><br><br></div><br><div><br><div><br><br></div></div></div><div class="HOEnZb"><div class="h5"><div class="gmail_extra"><br><div class="gmail_quote">On Wed, Aug 12, 2015 at 4:36 PM, Eric Wittmann <span dir="ltr"><<a href="mailto:eric.wittmann@redhat.com" target="_blank">eric.wittmann@redhat.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">Is this something you can reproduce? Or just something that happened once?<br>
<br>
What did you experience when this occurred? Did you get sent to the login page? Did you get a blank page? Error in the UI?<br>
<br>
-Eric<span><br>
<br>
On 8/12/2015 3:23 PM, Helio Frota wrote:<br>
</span><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><span>
hi all ,<br>
<br>
I get this one too.<br>
<br>
I don't know if i clicked on some button or link or just error arise<br>
from another dimension.<br>
<br></span>
*16:06:37,817 INFO* [stdout] (default task-59) Updated plan: PlanBean<span><br>
[organization=OrganizationBean [id=HeavyMetalOrg, name=HeavyMetalOrg,<br>
description=The Heavy Metal Universe, createdBy=admin,<br>
createdOn=2015-08-12 15:57:02.829, modifiedBy=admin,<br>
modifiedOn=2015-08-12 15:57:02.829], id=soundsLikeAPlan,<br>
name=soundsLikeAPlan, description=454test, createdBy=admin,<br>
createdOn=2015-08-12 15:59:41.355]<br></span>
*16:07:56,984 INFO* [stdout] (default task-6) Getting info for user admin<br>
*16:09:27,427 ERROR*<div><div><br>
[org.keycloak.adapters.BearerTokenRequestAuthenticator] (default<br>
task-28) Failed to verify token: org.keycloak.VerificationException:<br>
Token is not active.<br>
at<br>
org.keycloak.RSATokenVerifier.verifyToken(RSATokenVerifier.java:46)<br>
[keycloak-core-1.2.0.Final.jar:1.2.0.Final]<br>
at<br>
org.keycloak.RSATokenVerifier.verifyToken(RSATokenVerifier.java:16)<br>
[keycloak-core-1.2.0.Final.jar:1.2.0.Final]<br>
at<br>
org.keycloak.adapters.BearerTokenRequestAuthenticator.authenticateToken(BearerTokenRequestAuthenticator.java:67)<br>
[keycloak-adapter-core-1.2.0.Final.jar:1.2.0.Final]<br>
at<br>
org.keycloak.adapters.BearerTokenRequestAuthenticator.authenticate(BearerTokenRequestAuthenticator.java:62)<br>
[keycloak-adapter-core-1.2.0.Final.jar:1.2.0.Final]<br>
at<br>
org.keycloak.adapters.RequestAuthenticator.authenticate(RequestAuthenticator.java:45)<br>
[keycloak-adapter-core-1.2.0.Final.jar:1.2.0.Final]<br>
at<br>
org.keycloak.adapters.undertow.AbstractUndertowKeycloakAuthMech.keycloakAuthenticate(AbstractUndertowKeycloakAuthMech.java:114)<br>
[keycloak-undertow-adapter-1.2.0.Final.jar:1.2.0.Final]<br>
at<br>
org.keycloak.adapters.undertow.ServletKeycloakAuthMech.authenticate(ServletKeycloakAuthMech.java:94)<br>
[keycloak-undertow-adapter-1.2.0.Final.jar:1.2.0.Final]<br>
at<br>
io.undertow.security.impl.SecurityContextImpl$AuthAttempter.transition(SecurityContextImpl.java:281)<br>
[undertow-core-1.1.0.Final.jar:1.1.0.Final]<br>
at<br>
io.undertow.security.impl.SecurityContextImpl$AuthAttempter.transition(SecurityContextImpl.java:298)<br>
[undertow-core-1.1.0.Final.jar:1.1.0.Final]<br>
at<br>
io.undertow.security.impl.SecurityContextImpl$AuthAttempter.access$100(SecurityContextImpl.java:268)<br>
[undertow-core-1.1.0.Final.jar:1.1.0.Final]<br>
at<br>
io.undertow.security.impl.SecurityContextImpl.attemptAuthentication(SecurityContextImpl.java:131)<br>
[undertow-core-1.1.0.Final.jar:1.1.0.Final]<br>
at<br>
io.undertow.security.impl.SecurityContextImpl.authTransition(SecurityContextImpl.java:106)<br>
[undertow-core-1.1.0.Final.jar:1.1.0.Final]<br>
at<br>
io.undertow.security.impl.SecurityContextImpl.authenticate(SecurityContextImpl.java:99)<br>
[undertow-core-1.1.0.Final.jar:1.1.0.Final]<br>
at<br>
io.undertow.servlet.handlers.security.ServletAuthenticationCallHandler.handleRequest(ServletAuthenticationCallHandler.java:54)<br>
[undertow-servlet-1.1.0.Final.jar:1.1.0.Final]<br>
at<br>
io.undertow.server.handlers.DisableCacheHandler.handleRequest(DisableCacheHandler.java:33)<br>
[undertow-core-1.1.0.Final.jar:1.1.0.Final]<br>
at<br>
io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)<br>
[undertow-core-1.1.0.Final.jar:1.1.0.Final]<br>
at<br>
io.undertow.security.handlers.AuthenticationConstraintHandler.handleRequest(AuthenticationConstraintHandler.java:51)<br>
[undertow-core-1.1.0.Final.jar:1.1.0.Final]<br>
at<br>
io.undertow.security.handlers.AbstractConfidentialityHandler.handleRequest(AbstractConfidentialityHandler.java:45)<br>
[undertow-core-1.1.0.Final.jar:1.1.0.Final]<br>
at<br>
io.undertow.servlet.handlers.security.ServletConfidentialityConstraintHandler.handleRequest(ServletConfidentialityConstraintHandler.java:63)<br>
[undertow-servlet-1.1.0.Final.jar:1.1.0.Final]<br>
at<br>
io.undertow.servlet.handlers.security.ServletSecurityConstraintHandler.handleRequest(ServletSecurityConstraintHandler.java:56)<br>
[undertow-servlet-1.1.0.Final.jar:1.1.0.Final]<br>
at<br>
io.undertow.security.handlers.AuthenticationMechanismsHandler.handleRequest(AuthenticationMechanismsHandler.java:58)<br>
[undertow-core-1.1.0.Final.jar:1.1.0.Final]<br>
at<br>
io.undertow.servlet.handlers.security.CachedAuthenticatedSessionHandler.handleRequest(CachedAuthenticatedSessionHandler.java:70)<br>
[undertow-servlet-1.1.0.Final.jar:1.1.0.Final]<br>
at<br>
io.undertow.security.handlers.SecurityInitialHandler.handleRequest(SecurityInitialHandler.java:76)<br>
[undertow-core-1.1.0.Final.jar:1.1.0.Final]<br>
at<br>
io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)<br>
[undertow-core-1.1.0.Final.jar:1.1.0.Final]<br>
at<br>
org.wildfly.extension.undertow.security.jacc.JACCContextIdHandler.handleRequest(JACCContextIdHandler.java:61)<br>
at<br>
io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)<br>
[undertow-core-1.1.0.Final.jar:1.1.0.Final]<br>
at<br>
org.keycloak.adapters.undertow.ServletPreAuthActionsHandler.handleRequest(ServletPreAuthActionsHandler.java:69)<br>
[keycloak-undertow-adapter-1.2.0.Final.jar:1.2.0.Final]<br>
at<br>
io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)<br>
[undertow-core-1.1.0.Final.jar:1.1.0.Final]<br>
at<br>
io.undertow.servlet.handlers.ServletInitialHandler.handleFirstRequest(ServletInitialHandler.java:261)<br>
[undertow-servlet-1.1.0.Final.jar:1.1.0.Final]<br>
at<br>
io.undertow.servlet.handlers.ServletInitialHandler.dispatchRequest(ServletInitialHandler.java:247)<br>
[undertow-servlet-1.1.0.Final.jar:1.1.0.Final]<br>
at<br>
io.undertow.servlet.handlers.ServletInitialHandler.access$000(ServletInitialHandler.java:76)<br>
[undertow-servlet-1.1.0.Final.jar:1.1.0.Final]<br>
at<br>
io.undertow.servlet.handlers.ServletInitialHandler$1.handleRequest(ServletInitialHandler.java:166)<br>
[undertow-servlet-1.1.0.Final.jar:1.1.0.Final]<br>
at<br>
io.undertow.server.Connectors.executeRootHandler(Connectors.java:197)<br>
[undertow-core-1.1.0.Final.jar:1.1.0.Final]<br>
at<br>
io.undertow.server.HttpServerExchange$1.run(HttpServerExchange.java:759)<br>
[undertow-core-1.1.0.Final.jar:1.1.0.Final]<br>
at<br>
java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)<br>
[rt.jar:1.8.0_45]<br>
at<br>
java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)<br>
[rt.jar:1.8.0_45]<br>
at java.lang.Thread.run(Thread.java:745) [rt.jar:1.8.0_45]<br>
<br>
<br>
<br>
<br>
<br>
On Tue, Aug 11, 2015 at 5:16 AM, Marc Savy <<a href="mailto:marc.savy@redhat.com" target="_blank">marc.savy@redhat.com</a><br></div></div><div><div>
<mailto:<a href="mailto:marc.savy@redhat.com" target="_blank">marc.savy@redhat.com</a>>> wrote:<br>
<br>
I think this may pertain to the Keycloak OAuth2 token. In which case, I<br>
provided Fadi with a version containing additional logging to see if we<br>
could track the issue down.<br>
<br>
It's not an issue I've ever been able to replicate, and we don't fiddle<br>
with the token data in any way, so I don't really see how we could<br>
affect things.<br>
<br>
My only suggestions are to ensure that time is accurate on all of the<br>
systems (NTP, Chronyd, etc), and I believe this has already been done.<br>
<br>
On 10/08/2015 18:00, Eric Wittmann wrote:<br>
> How often does this occur? What is the result?<br>
><br>
> I assume this is triggering a re-login in the UI?<br>
><br>
> There is no caching on the apiman side. However the tokens issued by<br>
> keycloak to the apiman UI do have an expiration. You could try<br>
logging<br>
> into the keycloak auth admin UI and increasing the lifespan of<br>
the tokens.<br>
><br>
> Any more details you can provide would be great.<br>
><br>
> -Eric<br>
><br>
> On 8/10/2015 8:56 AM, Fadi Abdin wrote:<br>
>> I keep getting occasional "Token is not active." on they<br>
keycloak side<br>
>> occasionally . its really frustrating , i cant figure out what could<br>
>> cause this to happen. everything seems correct.<br>
>><br>
>> Is there caching between API Man and Keycloak i can turn off ? Have<br>
>> anyone seeen this behavior ?<br>
>><br>
>> Thanks,<br>
>> Fadi<br>
>> Express.com<br>
>><br>
>><br>
>> _______________________________________________<br>
>> Apiman-user mailing list<br></div></div>
>> <a href="mailto:Apiman-user@lists.jboss.org" target="_blank">Apiman-user@lists.jboss.org</a> <mailto:<a href="mailto:Apiman-user@lists.jboss.org" target="_blank">Apiman-user@lists.jboss.org</a>><span><br>
>> <a href="https://lists.jboss.org/mailman/listinfo/apiman-user" rel="noreferrer" target="_blank">https://lists.jboss.org/mailman/listinfo/apiman-user</a><br>
>><br>
> _______________________________________________<br>
> Apiman-user mailing list<br></span>
> <a href="mailto:Apiman-user@lists.jboss.org" target="_blank">Apiman-user@lists.jboss.org</a> <mailto:<a href="mailto:Apiman-user@lists.jboss.org" target="_blank">Apiman-user@lists.jboss.org</a>><span><br>
> <a href="https://lists.jboss.org/mailman/listinfo/apiman-user" rel="noreferrer" target="_blank">https://lists.jboss.org/mailman/listinfo/apiman-user</a><br>
><br>
<br>
_______________________________________________<br>
Apiman-user mailing list<br></span>
<a href="mailto:Apiman-user@lists.jboss.org" target="_blank">Apiman-user@lists.jboss.org</a> <mailto:<a href="mailto:Apiman-user@lists.jboss.org" target="_blank">Apiman-user@lists.jboss.org</a>><span><br>
<a href="https://lists.jboss.org/mailman/listinfo/apiman-user" rel="noreferrer" target="_blank">https://lists.jboss.org/mailman/listinfo/apiman-user</a><br>
<br>
<br>
<br>
<br>
_______________________________________________<br>
Apiman-user mailing list<br>
<a href="mailto:Apiman-user@lists.jboss.org" target="_blank">Apiman-user@lists.jboss.org</a><br>
<a href="https://lists.jboss.org/mailman/listinfo/apiman-user" rel="noreferrer" target="_blank">https://lists.jboss.org/mailman/listinfo/apiman-user</a><br>
<br>
</span></blockquote>
</blockquote></div><br></div>
</div></div></blockquote></div><br></div>