[Apiman-user] Token is not active.
Helio Frota
00hf11 at gmail.com
Wed Aug 12 15:40:12 EDT 2015
Is this something you can reproduce? Or just something that happened once?
unfortunately no. just once.
What did you experience when this occurred? Did you get sent to the login
page? Did you get a blank page? Error in the UI?
nothing, just navigating , clicking etc.. no blank page or error in the UI.
On Wed, Aug 12, 2015 at 4:36 PM, Eric Wittmann <eric.wittmann at redhat.com>
wrote:
> Is this something you can reproduce? Or just something that happened once?
>
> What did you experience when this occurred? Did you get sent to the login
> page? Did you get a blank page? Error in the UI?
>
> -Eric
>
> On 8/12/2015 3:23 PM, Helio Frota wrote:
>
>> hi all ,
>>
>> I get this one too.
>>
>> I don't know if i clicked on some button or link or just error arise
>> from another dimension.
>>
>> *16:06:37,817 INFO* [stdout] (default task-59) Updated plan: PlanBean
>> [organization=OrganizationBean [id=HeavyMetalOrg, name=HeavyMetalOrg,
>> description=The Heavy Metal Universe, createdBy=admin,
>> createdOn=2015-08-12 15:57:02.829, modifiedBy=admin,
>> modifiedOn=2015-08-12 15:57:02.829], id=soundsLikeAPlan,
>> name=soundsLikeAPlan, description=454test, createdBy=admin,
>> createdOn=2015-08-12 15:59:41.355]
>> *16:07:56,984 INFO* [stdout] (default task-6) Getting info for user admin
>> *16:09:27,427 ERROR*
>>
>> [org.keycloak.adapters.BearerTokenRequestAuthenticator] (default
>> task-28) Failed to verify token: org.keycloak.VerificationException:
>> Token is not active.
>> at
>> org.keycloak.RSATokenVerifier.verifyToken(RSATokenVerifier.java:46)
>> [keycloak-core-1.2.0.Final.jar:1.2.0.Final]
>> at
>> org.keycloak.RSATokenVerifier.verifyToken(RSATokenVerifier.java:16)
>> [keycloak-core-1.2.0.Final.jar:1.2.0.Final]
>> at
>>
>> org.keycloak.adapters.BearerTokenRequestAuthenticator.authenticateToken(BearerTokenRequestAuthenticator.java:67)
>> [keycloak-adapter-core-1.2.0.Final.jar:1.2.0.Final]
>> at
>>
>> org.keycloak.adapters.BearerTokenRequestAuthenticator.authenticate(BearerTokenRequestAuthenticator.java:62)
>> [keycloak-adapter-core-1.2.0.Final.jar:1.2.0.Final]
>> at
>>
>> org.keycloak.adapters.RequestAuthenticator.authenticate(RequestAuthenticator.java:45)
>> [keycloak-adapter-core-1.2.0.Final.jar:1.2.0.Final]
>> at
>>
>> org.keycloak.adapters.undertow.AbstractUndertowKeycloakAuthMech.keycloakAuthenticate(AbstractUndertowKeycloakAuthMech.java:114)
>> [keycloak-undertow-adapter-1.2.0.Final.jar:1.2.0.Final]
>> at
>>
>> org.keycloak.adapters.undertow.ServletKeycloakAuthMech.authenticate(ServletKeycloakAuthMech.java:94)
>> [keycloak-undertow-adapter-1.2.0.Final.jar:1.2.0.Final]
>> at
>>
>> io.undertow.security.impl.SecurityContextImpl$AuthAttempter.transition(SecurityContextImpl.java:281)
>> [undertow-core-1.1.0.Final.jar:1.1.0.Final]
>> at
>>
>> io.undertow.security.impl.SecurityContextImpl$AuthAttempter.transition(SecurityContextImpl.java:298)
>> [undertow-core-1.1.0.Final.jar:1.1.0.Final]
>> at
>>
>> io.undertow.security.impl.SecurityContextImpl$AuthAttempter.access$100(SecurityContextImpl.java:268)
>> [undertow-core-1.1.0.Final.jar:1.1.0.Final]
>> at
>>
>> io.undertow.security.impl.SecurityContextImpl.attemptAuthentication(SecurityContextImpl.java:131)
>> [undertow-core-1.1.0.Final.jar:1.1.0.Final]
>> at
>>
>> io.undertow.security.impl.SecurityContextImpl.authTransition(SecurityContextImpl.java:106)
>> [undertow-core-1.1.0.Final.jar:1.1.0.Final]
>> at
>>
>> io.undertow.security.impl.SecurityContextImpl.authenticate(SecurityContextImpl.java:99)
>> [undertow-core-1.1.0.Final.jar:1.1.0.Final]
>> at
>>
>> io.undertow.servlet.handlers.security.ServletAuthenticationCallHandler.handleRequest(ServletAuthenticationCallHandler.java:54)
>> [undertow-servlet-1.1.0.Final.jar:1.1.0.Final]
>> at
>>
>> io.undertow.server.handlers.DisableCacheHandler.handleRequest(DisableCacheHandler.java:33)
>> [undertow-core-1.1.0.Final.jar:1.1.0.Final]
>> at
>>
>> io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
>> [undertow-core-1.1.0.Final.jar:1.1.0.Final]
>> at
>>
>> io.undertow.security.handlers.AuthenticationConstraintHandler.handleRequest(AuthenticationConstraintHandler.java:51)
>> [undertow-core-1.1.0.Final.jar:1.1.0.Final]
>> at
>>
>> io.undertow.security.handlers.AbstractConfidentialityHandler.handleRequest(AbstractConfidentialityHandler.java:45)
>> [undertow-core-1.1.0.Final.jar:1.1.0.Final]
>> at
>>
>> io.undertow.servlet.handlers.security.ServletConfidentialityConstraintHandler.handleRequest(ServletConfidentialityConstraintHandler.java:63)
>> [undertow-servlet-1.1.0.Final.jar:1.1.0.Final]
>> at
>>
>> io.undertow.servlet.handlers.security.ServletSecurityConstraintHandler.handleRequest(ServletSecurityConstraintHandler.java:56)
>> [undertow-servlet-1.1.0.Final.jar:1.1.0.Final]
>> at
>>
>> io.undertow.security.handlers.AuthenticationMechanismsHandler.handleRequest(AuthenticationMechanismsHandler.java:58)
>> [undertow-core-1.1.0.Final.jar:1.1.0.Final]
>> at
>>
>> io.undertow.servlet.handlers.security.CachedAuthenticatedSessionHandler.handleRequest(CachedAuthenticatedSessionHandler.java:70)
>> [undertow-servlet-1.1.0.Final.jar:1.1.0.Final]
>> at
>>
>> io.undertow.security.handlers.SecurityInitialHandler.handleRequest(SecurityInitialHandler.java:76)
>> [undertow-core-1.1.0.Final.jar:1.1.0.Final]
>> at
>>
>> io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
>> [undertow-core-1.1.0.Final.jar:1.1.0.Final]
>> at
>>
>> org.wildfly.extension.undertow.security.jacc.JACCContextIdHandler.handleRequest(JACCContextIdHandler.java:61)
>> at
>>
>> io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
>> [undertow-core-1.1.0.Final.jar:1.1.0.Final]
>> at
>>
>> org.keycloak.adapters.undertow.ServletPreAuthActionsHandler.handleRequest(ServletPreAuthActionsHandler.java:69)
>> [keycloak-undertow-adapter-1.2.0.Final.jar:1.2.0.Final]
>> at
>>
>> io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
>> [undertow-core-1.1.0.Final.jar:1.1.0.Final]
>> at
>>
>> io.undertow.servlet.handlers.ServletInitialHandler.handleFirstRequest(ServletInitialHandler.java:261)
>> [undertow-servlet-1.1.0.Final.jar:1.1.0.Final]
>> at
>>
>> io.undertow.servlet.handlers.ServletInitialHandler.dispatchRequest(ServletInitialHandler.java:247)
>> [undertow-servlet-1.1.0.Final.jar:1.1.0.Final]
>> at
>>
>> io.undertow.servlet.handlers.ServletInitialHandler.access$000(ServletInitialHandler.java:76)
>> [undertow-servlet-1.1.0.Final.jar:1.1.0.Final]
>> at
>>
>> io.undertow.servlet.handlers.ServletInitialHandler$1.handleRequest(ServletInitialHandler.java:166)
>> [undertow-servlet-1.1.0.Final.jar:1.1.0.Final]
>> at
>> io.undertow.server.Connectors.executeRootHandler(Connectors.java:197)
>> [undertow-core-1.1.0.Final.jar:1.1.0.Final]
>> at
>> io.undertow.server.HttpServerExchange$1.run(HttpServerExchange.java:759)
>> [undertow-core-1.1.0.Final.jar:1.1.0.Final]
>> at
>>
>> java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
>> [rt.jar:1.8.0_45]
>> at
>>
>> java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
>> [rt.jar:1.8.0_45]
>> at java.lang.Thread.run(Thread.java:745) [rt.jar:1.8.0_45]
>>
>>
>>
>>
>>
>> On Tue, Aug 11, 2015 at 5:16 AM, Marc Savy <marc.savy at redhat.com
>> <mailto:marc.savy at redhat.com>> wrote:
>>
>> I think this may pertain to the Keycloak OAuth2 token. In which case,
>> I
>> provided Fadi with a version containing additional logging to see if
>> we
>> could track the issue down.
>>
>> It's not an issue I've ever been able to replicate, and we don't
>> fiddle
>> with the token data in any way, so I don't really see how we could
>> affect things.
>>
>> My only suggestions are to ensure that time is accurate on all of the
>> systems (NTP, Chronyd, etc), and I believe this has already been done.
>>
>> On 10/08/2015 18:00, Eric Wittmann wrote:
>> > How often does this occur? What is the result?
>> >
>> > I assume this is triggering a re-login in the UI?
>> >
>> > There is no caching on the apiman side. However the tokens issued
>> by
>> > keycloak to the apiman UI do have an expiration. You could try
>> logging
>> > into the keycloak auth admin UI and increasing the lifespan of
>> the tokens.
>> >
>> > Any more details you can provide would be great.
>> >
>> > -Eric
>> >
>> > On 8/10/2015 8:56 AM, Fadi Abdin wrote:
>> >> I keep getting occasional "Token is not active." on they
>> keycloak side
>> >> occasionally . its really frustrating , i cant figure out what
>> could
>> >> cause this to happen. everything seems correct.
>> >>
>> >> Is there caching between API Man and Keycloak i can turn off ?
>> Have
>> >> anyone seeen this behavior ?
>> >>
>> >> Thanks,
>> >> Fadi
>> >> Express.com
>> >>
>> >>
>> >> _______________________________________________
>> >> Apiman-user mailing list
>> >> Apiman-user at lists.jboss.org <mailto:Apiman-user at lists.jboss.org>
>> >> https://lists.jboss.org/mailman/listinfo/apiman-user
>> >>
>> > _______________________________________________
>> > Apiman-user mailing list
>> > Apiman-user at lists.jboss.org <mailto:Apiman-user at lists.jboss.org>
>> > https://lists.jboss.org/mailman/listinfo/apiman-user
>> >
>>
>> _______________________________________________
>> Apiman-user mailing list
>> Apiman-user at lists.jboss.org <mailto:Apiman-user at lists.jboss.org>
>> https://lists.jboss.org/mailman/listinfo/apiman-user
>>
>>
>>
>>
>> _______________________________________________
>> Apiman-user mailing list
>> Apiman-user at lists.jboss.org
>> https://lists.jboss.org/mailman/listinfo/apiman-user
>>
>>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/apiman-user/attachments/20150812/963e4fbc/attachment-0001.html
More information about the Apiman-user
mailing list