[keycloak-dev] Token not active error

Bill Burke bburke at redhat.com
Fri Aug 16 10:15:12 EDT 2013


Actually I think I know what the problem is.

The customer portal is logged in.  It stores the token in the session. 
The session has not timed out, but the token has.  The customer portal 
does a REST invocation to a dataservice and passes the expired token. 
Thus, failure.  We'll need to implement refresh tokens and refresh policies.

On 8/16/2013 9:26 AM, Bill Burke wrote:
> Stian, I cannot reproduce this problem.
>
> On 8/13/2013 12:14 PM, Bill Burke wrote:
>> Ah ok, this must be a bug in the as7 integration module.  I'll take a look.
>>
>> On 8/13/2013 11:49 AM, Stian Thorgersen wrote:
>>> Bill,
>>>
>>> If I leave customer-portal open for a while I get the a token is not active error in the server log (see stack trace below). After that the only way I can get things working again is to manually remove the session cookie with JSSONID in it.
>>>
>>> I've moved the stuff from AbstractLoginService into OAuthUtil which just has a bunch of static methods. This is because I had to change SocialResource as the callback endpoint shouldn't contain the realm (see https://issues.jboss.org/browse/KEYCLOAK-33).
>>>
>>> I don't think I've broken it, but I may have :/
>>>
>>>
>>> ------------------
>>> 16:46:48,268 ERROR [org.keycloak.adapters.as7.CatalinaBearerTokenAuthenticator] (http-localhost-127.0.0.1-8080-7) Failed to verify token: org.keycloak.VerificationException: Token is not active.
>>> 	at org.keycloak.RSATokenVerifier.verifyToken(RSATokenVerifier.java:39) [keycloak-core-1.0-alpha-1.jar:]
>>> 	at org.keycloak.RSATokenVerifier.verifyToken(RSATokenVerifier.java:19) [keycloak-core-1.0-alpha-1.jar:]
>>> 	at org.keycloak.adapters.as7.CatalinaBearerTokenAuthenticator.login(CatalinaBearerTokenAuthenticator.java:77) [keycloak-as7-adapter-1.0-alpha-1.jar:]
>>> 	at org.keycloak.adapters.as7.BearerTokenAuthenticatorValve.authenticate(BearerTokenAuthenticatorValve.java:67) [keycloak-as7-adapter-1.0-alpha-1.jar:]
>>> 	at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:455) [jbossweb-7.0.13.Final.jar:]
>>> 	at org.keycloak.adapters.as7.BearerTokenAuthenticatorValve.invoke(BearerTokenAuthenticatorValve.java:57) [keycloak-as7-adapter-1.0-alpha-1.jar:]
>>> 	at org.jboss.as.web.security.SecurityContextAssociationValve.invoke(SecurityContextAssociationValve.java:153) [jboss-as-web-7.1.1.Final.jar:7.1.1.Final]
>>> 	at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:155) [jbossweb-7.0.13.Final.jar:]
>>> 	at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102) [jbossweb-7.0.13.Final.jar:]
>>> 	at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109) [jbossweb-7.0.13.Final.jar:]
>>> 	at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:368) [jbossweb-7.0.13.Final.jar:]
>>> 	at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:877) [jbossweb-7.0.13.Final.jar:]
>>> 	at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:671) [jbossweb-7.0.13.Final.jar:]
>>> 	at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:930) [jbossweb-7.0.13.Final.jar:]
>>> 	at java.lang.Thread.run(Thread.java:722) [rt.jar:1.7.0_21]
>>>
>>> 16:46:48,276 WARN  [org.apache.http.impl.client.DefaultHttpClient] (http-localhost-127.0.0.1-8080-3) Authentication error: Unable to respond to any of these challenges: {bearer=WWW-Authenticate: Bearer realm="demo", error="invalid_token", error_description="Token is not active."}
>>> 16:46:48,278 ERROR [org.apache.catalina.core.ContainerBase.[jboss.web].[default-host].[/customer-portal].[jsp]] (http-localhost-127.0.0.1-8080-3) Servlet.service() for servlet jsp threw exception: javax.ws.rs.ProcessingException: Unable to find a MessageBodyReader of content-type text/html;charset=utf-8 and type interface java.util.List
>>> 	at org.jboss.resteasy.core.interception.ClientReaderInterceptorContext.throwReaderNotFound(ClientReaderInterceptorContext.java:39) [resteasy-jaxrs-3.0.2.Final.jar:]
>>> 	at org.jboss.resteasy.core.interception.AbstractReaderInterceptorContext.getReader(AbstractReaderInterceptorContext.java:73) [resteasy-jaxrs-3.0.2.Final.jar:]
>>> 	at org.jboss.resteasy.core.interception.AbstractReaderInterceptorContext.proceed(AbstractReaderInterceptorContext.java:50) [resteasy-jaxrs-3.0.2.Final.jar:]
>>> 	at org.jboss.resteasy.plugins.interceptors.encoding.GZIPDecodingInterceptor.aroundReadFrom(GZIPDecodingInterceptor.java:59) [resteasy-jaxrs-3.0.2.Final.jar:]
>>> 	at org.jboss.resteasy.core.interception.AbstractReaderInterceptorContext.proceed(AbstractReaderInterceptorContext.java:53) [resteasy-jaxrs-3.0.2.Final.jar:]
>>> 	at org.jboss.resteasy.client.jaxrs.internal.ClientResponse.readFrom(ClientResponse.java:244) [resteasy-client-3.0.2.Final.jar:]
>>> 	at org.jboss.resteasy.client.jaxrs.internal.ClientResponse.readEntity(ClientResponse.java:178) [resteasy-client-3.0.2.Final.jar:]
>>> 	at org.jboss.resteasy.specimpl.BuiltResponse.readEntity(BuiltResponse.java:223) [resteasy-jaxrs-3.0.2.Final.jar:]
>>> 	at org.jboss.resteasy.example.oauth.CustomerDatabaseClient.getCustomers(CustomerDatabaseClient.java:29) [classes:]
>>> 	at org.apache.jsp.customers.view_jsp._jspService(view_jsp.java:74)
>>> 	at org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:70) [jbossweb-7.0.13.Final.jar:]
>>> 	at javax.servlet.http.HttpServlet.service(HttpServlet.java:847) [jboss-servlet-api_3.0_spec-1.0.0.Final.jar:1.0.0.Final]
>>> 	at org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:369) [jbossweb-7.0.13.Final.jar:]
>>> 	at org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:326) [jbossweb-7.0.13.Final.jar:]
>>> 	at org.apache.jasper.servlet.JspServlet.service(JspServlet.java:253) [jbossweb-7.0.13.Final.jar:]
>>> 	at javax.servlet.http.HttpServlet.service(HttpServlet.java:847) [jboss-servlet-api_3.0_spec-1.0.0.Final.jar:1.0.0.Final]
>>> 	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:329) [jbossweb-7.0.13.Final.jar:]
>>> 	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:248) [jbossweb-7.0.13.Final.jar:]
>>> 	at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:275) [jbossweb-7.0.13.Final.jar:]
>>> 	at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:161) [jbossweb-7.0.13.Final.jar:]
>>> 	at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:489) [jbossweb-7.0.13.Final.jar:]
>>> 	at org.keycloak.adapters.as7.OAuthManagedResourceValve.invoke(OAuthManagedResourceValve.java:104) [keycloak-as7-adapter-1.0-alpha-1.jar:]
>>> 	at org.jboss.as.web.security.SecurityContextAssociationValve.invoke(SecurityContextAssociationValve.java:153) [jboss-as-web-7.1.1.Final.jar:7.1.1.Final]
>>> 	at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:155) [jbossweb-7.0.13.Final.jar:]
>>> 	at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102) [jbossweb-7.0.13.Final.jar:]
>>> 	at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109) [jbossweb-7.0.13.Final.jar:]
>>> 	at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:368) [jbossweb-7.0.13.Final.jar:]
>>> 	at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:877) [jbossweb-7.0.13.Final.jar:]
>>> 	at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:671) [jbossweb-7.0.13.Final.jar:]
>>> 	at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:930) [jbossweb-7.0.13.Final.jar:]
>>> 	at java.lang.Thread.run(Thread.java:722) [rt.jar:1.7.0_21]
>>>
>>
>

-- 
Bill Burke
JBoss, a division of Red Hat
http://bill.burkecentral.com


More information about the keycloak-dev mailing list