Is this something you can reproduce?  Or just something that happened once?

What did you experience when this occurred?  Did you get sent to the login page?  Did you get a blank page?  Error in the UI?

-Eric

On 8/12/2015 3:23 PM, Helio Frota wrote:

hi all ,

I get this one too.

I don't know if i clicked on some button or link or just error arise
from another dimension.

*16:06:37,817 INFO*  [stdout] (default task-59) Updated plan: PlanBean
[organization=OrganizationBean [id=HeavyMetalOrg, name=HeavyMetalOrg,
description=The Heavy Metal Universe, createdBy=admin,
createdOn=2015-08-12 15:57:02.829, modifiedBy=admin,
modifiedOn=2015-08-12 15:57:02.829], id=soundsLikeAPlan,
name=soundsLikeAPlan, description=454test, createdBy=admin,
createdOn=2015-08-12 15:59:41.355]
*16:07:56,984 INFO*  [stdout] (default task-6) Getting info for user admin
*16:09:27,427 ERROR*

[org.keycloak.adapters.BearerTokenRequestAuthenticator] (default
task-28) Failed to verify token: org.keycloak.VerificationException:
Token is not active.
     at
org.keycloak.RSATokenVerifier.verifyToken(RSATokenVerifier.java:46)
[keycloak-core-1.2.0.Final.jar:1.2.0.Final]
     at
org.keycloak.RSATokenVerifier.verifyToken(RSATokenVerifier.java:16)
[keycloak-core-1.2.0.Final.jar:1.2.0.Final]
     at
org.keycloak.adapters.BearerTokenRequestAuthenticator.authenticateToken(BearerTokenRequestAuthenticator.java:67)
[keycloak-adapter-core-1.2.0.Final.jar:1.2.0.Final]
     at
org.keycloak.adapters.BearerTokenRequestAuthenticator.authenticate(BearerTokenRequestAuthenticator.java:62)
[keycloak-adapter-core-1.2.0.Final.jar:1.2.0.Final]
     at
org.keycloak.adapters.RequestAuthenticator.authenticate(RequestAuthenticator.java:45)
[keycloak-adapter-core-1.2.0.Final.jar:1.2.0.Final]
     at
org.keycloak.adapters.undertow.AbstractUndertowKeycloakAuthMech.keycloakAuthenticate(AbstractUndertowKeycloakAuthMech.java:114)
[keycloak-undertow-adapter-1.2.0.Final.jar:1.2.0.Final]
     at
org.keycloak.adapters.undertow.ServletKeycloakAuthMech.authenticate(ServletKeycloakAuthMech.java:94)
[keycloak-undertow-adapter-1.2.0.Final.jar:1.2.0.Final]
     at
io.undertow.security.impl.SecurityContextImpl$AuthAttempter.transition(SecurityContextImpl.java:281)
[undertow-core-1.1.0.Final.jar:1.1.0.Final]
     at
io.undertow.security.impl.SecurityContextImpl$AuthAttempter.transition(SecurityContextImpl.java:298)
[undertow-core-1.1.0.Final.jar:1.1.0.Final]
     at
io.undertow.security.impl.SecurityContextImpl$AuthAttempter.access$100(SecurityContextImpl.java:268)
[undertow-core-1.1.0.Final.jar:1.1.0.Final]
     at
io.undertow.security.impl.SecurityContextImpl.attemptAuthentication(SecurityContextImpl.java:131)
[undertow-core-1.1.0.Final.jar:1.1.0.Final]
     at
io.undertow.security.impl.SecurityContextImpl.authTransition(SecurityContextImpl.java:106)
[undertow-core-1.1.0.Final.jar:1.1.0.Final]
     at
io.undertow.security.impl.SecurityContextImpl.authenticate(SecurityContextImpl.java:99)
[undertow-core-1.1.0.Final.jar:1.1.0.Final]
     at
io.undertow.servlet.handlers.security.ServletAuthenticationCallHandler.handleRequest(ServletAuthenticationCallHandler.java:54)
[undertow-servlet-1.1.0.Final.jar:1.1.0.Final]
     at
io.undertow.server.handlers.DisableCacheHandler.handleRequest(DisableCacheHandler.java:33)
[undertow-core-1.1.0.Final.jar:1.1.0.Final]
     at
io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
[undertow-core-1.1.0.Final.jar:1.1.0.Final]
     at
io.undertow.security.handlers.AuthenticationConstraintHandler.handleRequest(AuthenticationConstraintHandler.java:51)
[undertow-core-1.1.0.Final.jar:1.1.0.Final]
     at
io.undertow.security.handlers.AbstractConfidentialityHandler.handleRequest(AbstractConfidentialityHandler.java:45)
[undertow-core-1.1.0.Final.jar:1.1.0.Final]
     at
io.undertow.servlet.handlers.security.ServletConfidentialityConstraintHandler.handleRequest(ServletConfidentialityConstraintHandler.java:63)
[undertow-servlet-1.1.0.Final.jar:1.1.0.Final]
     at
io.undertow.servlet.handlers.security.ServletSecurityConstraintHandler.handleRequest(ServletSecurityConstraintHandler.java:56)
[undertow-servlet-1.1.0.Final.jar:1.1.0.Final]
     at
io.undertow.security.handlers.AuthenticationMechanismsHandler.handleRequest(AuthenticationMechanismsHandler.java:58)
[undertow-core-1.1.0.Final.jar:1.1.0.Final]
     at
io.undertow.servlet.handlers.security.CachedAuthenticatedSessionHandler.handleRequest(CachedAuthenticatedSessionHandler.java:70)
[undertow-servlet-1.1.0.Final.jar:1.1.0.Final]
     at
io.undertow.security.handlers.SecurityInitialHandler.handleRequest(SecurityInitialHandler.java:76)
[undertow-core-1.1.0.Final.jar:1.1.0.Final]
     at
io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
[undertow-core-1.1.0.Final.jar:1.1.0.Final]
     at
org.wildfly.extension.undertow.security.jacc.JACCContextIdHandler.handleRequest(JACCContextIdHandler.java:61)
     at
io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
[undertow-core-1.1.0.Final.jar:1.1.0.Final]
     at
org.keycloak.adapters.undertow.ServletPreAuthActionsHandler.handleRequest(ServletPreAuthActionsHandler.java:69)
[keycloak-undertow-adapter-1.2.0.Final.jar:1.2.0.Final]
     at
io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
[undertow-core-1.1.0.Final.jar:1.1.0.Final]
     at
io.undertow.servlet.handlers.ServletInitialHandler.handleFirstRequest(ServletInitialHandler.java:261)
[undertow-servlet-1.1.0.Final.jar:1.1.0.Final]
     at
io.undertow.servlet.handlers.ServletInitialHandler.dispatchRequest(ServletInitialHandler.java:247)
[undertow-servlet-1.1.0.Final.jar:1.1.0.Final]
     at
io.undertow.servlet.handlers.ServletInitialHandler.access$000(ServletInitialHandler.java:76)
[undertow-servlet-1.1.0.Final.jar:1.1.0.Final]
     at
io.undertow.servlet.handlers.ServletInitialHandler$1.handleRequest(ServletInitialHandler.java:166)
[undertow-servlet-1.1.0.Final.jar:1.1.0.Final]
     at
io.undertow.server.Connectors.executeRootHandler(Connectors.java:197)
[undertow-core-1.1.0.Final.jar:1.1.0.Final]
     at
io.undertow.server.HttpServerExchange$1.run(HttpServerExchange.java:759)
[undertow-core-1.1.0.Final.jar:1.1.0.Final]
     at
java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
[rt.jar:1.8.0_45]
     at
java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
[rt.jar:1.8.0_45]
     at java.lang.Thread.run(Thread.java:745) [rt.jar:1.8.0_45]





On Tue, Aug 11, 2015 at 5:16 AM, Marc Savy <marc.savy@redhat.com

<mailto:marc.savy@redhat.com>> wrote:

    I think this may pertain to the Keycloak OAuth2 token. In which case, I
    provided Fadi with a version containing additional logging to see if we
    could track the issue down.

    It's not an issue I've ever been able to replicate, and we don't fiddle
    with the token data in any way, so I don't really see how we could
    affect things.

    My only suggestions are to ensure that time is accurate on all of the
    systems (NTP, Chronyd, etc), and I believe this has already been done.

    On 10/08/2015 18:00, Eric Wittmann wrote:
     > How often does this occur?  What is the result?
     >
     > I assume this is triggering a re-login in the UI?
     >
     > There is no caching on the apiman side.  However the tokens issued by
     > keycloak to the apiman UI do have an expiration.  You could try
    logging
     > into the keycloak auth admin UI and increasing the lifespan of
    the tokens.
     >
     > Any more details you can provide would be great.
     >
     > -Eric
     >
     > On 8/10/2015 8:56 AM, Fadi Abdin wrote:
     >> I keep getting occasional "Token is not active." on they
    keycloak side
     >> occasionally . its really frustrating , i cant figure out what could
     >> cause this to happen. everything seems correct.
     >>
     >> Is there caching between API Man and Keycloak i can turn off ?  Have
     >> anyone seeen this behavior ?
     >>
     >> Thanks,
     >> Fadi
     >> Express.com
     >>
     >>
     >> _______________________________________________
     >> Apiman-user mailing list

     >> Apiman-user@lists.jboss.org <mailto:Apiman-user@lists.jboss.org>
     >> https://lists.jboss.org/mailman/listinfo/apiman-user
     >>
     > _______________________________________________
     > Apiman-user mailing list
     > Apiman-user@lists.jboss.org <mailto:Apiman-user@lists.jboss.org>
     > https://lists.jboss.org/mailman/listinfo/apiman-user
     >

    _______________________________________________
    Apiman-user mailing list
    Apiman-user@lists.jboss.org <mailto:Apiman-user@lists.jboss.org>
    https://lists.jboss.org/mailman/listinfo/apiman-user




_______________________________________________
Apiman-user mailing list
Apiman-user@lists.jboss.org
https://lists.jboss.org/mailman/listinfo/apiman-user