JWT has expired

By: Diego alejandro Babativa Melgaejo user 15 Sep 2017 at 8:22 a.m. CDT

5 Responses
Diego alejandro Babativa Melgaejo gravatar
Good morning, Actually, I´ve tried create new resources with SCIM API Java client implementation. 1. This functionality has worked for 1 day ago. Wathcing the file: `/opt/gluu/jetty/oxauth/logs/oxauth.log` I get the following error: ``` 2017-09-15 12:21:43,226 INFO [qtp242131142-12] [org.xdi.oxauth.auth.Authenticator] (Authenticator.java:189) - Authentication success for Client: '@!1318.B065.E22B.371E!0001!9C7F.9CB3!0008!EE2A.0528.BADA.6D1D' 2017-09-15 12:22:16,558 INFO [qtp242131142-10] [org.xdi.oxauth.auth.AuthenticationFilter] (AuthenticationFilter.java:369) - JWT authentication failed: Cannot verify the JWT org.xdi.oxauth.model.exception.InvalidJwtException: Cannot verify the JWT at org.xdi.oxauth.model.token.ClientAssertion.<init>(ClientAssertion.java:49) ~[classes/:?] at org.xdi.oxauth.auth.AuthenticationFilter.processJwtAuth(AuthenticationFilter.java:345) [classes/:?] at org.xdi.oxauth.auth.AuthenticationFilter.access$200(AuthenticationFilter.java:67) [classes/:?] at org.xdi.oxauth.auth.AuthenticationFilter$1.process(AuthenticationFilter.java:113) [classes/:?] at org.jboss.seam.servlet.ContextualHttpServletRequest.run(ContextualHttpServletRequest.java:65) [jboss-seam-2.3.1.Final.jar:2.3.1.Final] at org.xdi.oxauth.auth.AuthenticationFilter.doFilter(AuthenticationFilter.java:89) [classes/:?] at org.jboss.seam.servlet.SeamFilter$FilterChainImpl.doFilter(SeamFilter.java:69) [jboss-seam-2.3.1.Final.jar:2.3.1.Final] at org.jboss.seam.web.MultipartFilter.doFilter(MultipartFilter.java:90) [jboss-seam-2.3.1.Final.jar:2.3.1.Final] at org.jboss.seam.servlet.SeamFilter$FilterChainImpl.doFilter(SeamFilter.java:69) [jboss-seam-2.3.1.Final.jar:2.3.1.Final] at org.jboss.seam.web.ExceptionFilter.doFilter(ExceptionFilter.java:64) [jboss-seam-2.3.1.Final.jar:2.3.1.Final] at org.jboss.seam.servlet.SeamFilter$FilterChainImpl.doFilter(SeamFilter.java:69) [jboss-seam-2.3.1.Final.jar:2.3.1.Final] at org.jboss.seam.web.RedirectFilter.doFilter(RedirectFilter.java:45) [jboss-seam-2.3.1.Final.jar:2.3.1.Final] at org.jboss.seam.servlet.SeamFilter$FilterChainImpl.doFilter(SeamFilter.java:69) [jboss-seam-2.3.1.Final.jar:2.3.1.Final] at org.jboss.seam.servlet.SeamFilter.doFilter(SeamFilter.java:158) [jboss-seam-2.3.1.Final.jar:2.3.1.Final] at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1751) [jetty-servlet-9.3.15.v20161220.jar:9.3.15.v20161220] at org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:582) [jetty-servlet-9.3.15.v20161220.jar:9.3.15.v20161220] at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:143) [jetty-server-9.3.15.v20161220.jar:9.3.15.v20161220] at org.eclipse.jetty.security.SecurityHandler.handle(SecurityHandler.java:548) [jetty-security-9.3.15.v20161220.jar:9.3.15.v20161220] at org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:226) [jetty-server-9.3.15.v20161220.jar:9.3.15.v20161220] at org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1180) [jetty-server-9.3.15.v20161220.jar:9.3.15.v20161220] at org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:512) [jetty-servlet-9.3.15.v20161220.jar:9.3.15.v20161220] at org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:185) [jetty-server-9.3.15.v20161220.jar:9.3.15.v20161220] at org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1112) [jetty-server-9.3.15.v20161220.jar:9.3.15.v20161220] at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:141) [jetty-server-9.3.15.v20161220.jar:9.3.15.v20161220] at org.eclipse.jetty.server.handler.ContextHandlerCollection.handle(ContextHandlerCollection.java:213) [jetty-server-9.3.15.v20161220.jar:9.3.15.v20161220] at org.eclipse.jetty.server.handler.HandlerCollection.handle(HandlerCollection.java:119) [jetty-server-9.3.15.v20161220.jar:9.3.15.v20161220] at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:134) [jetty-server-9.3.15.v20161220.jar:9.3.15.v20161220] at org.eclipse.jetty.server.Server.handle(Server.java:534) [jetty-server-9.3.15.v20161220.jar:9.3.15.v20161220] at org.eclipse.jetty.server.HttpChannel.handle(HttpChannel.java:320) [jetty-server-9.3.15.v20161220.jar:9.3.15.v20161220] at org.eclipse.jetty.server.HttpConnection.onFillable(HttpConnection.java:251) [jetty-server-9.3.15.v20161220.jar:9.3.15.v20161220] at org.eclipse.jetty.io.AbstractConnection$ReadCallback.succeeded(AbstractConnection.java:283) [jetty-io-9.3.15.v20161220.jar:9.3.15.v20161220] at org.eclipse.jetty.io.FillInterest.fillable(FillInterest.java:110) [jetty-io-9.3.15.v20161220.jar:9.3.15.v20161220] at org.eclipse.jetty.io.SelectChannelEndPoint$2.run(SelectChannelEndPoint.java:93) [jetty-io-9.3.15.v20161220.jar:9.3.15.v20161220] at org.eclipse.jetty.util.thread.strategy.ExecuteProduceConsume.executeProduceConsume(ExecuteProduceConsume.java:303) [jetty-util-9.3.15.v20161220.jar:9.3.15.v20161220] at org.eclipse.jetty.util.thread.strategy.ExecuteProduceConsume.produceConsume(ExecuteProduceConsume.java:148) [jetty-util-9.3.15.v20161220.jar:9.3.15.v20161220] at org.eclipse.jetty.util.thread.strategy.ExecuteProduceConsume.run(ExecuteProduceConsume.java:136) [jetty-util-9.3.15.v20161220.jar:9.3.15.v20161220] at org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:671) [jetty-util-9.3.15.v20161220.jar:9.3.15.v20161220] at org.eclipse.jetty.util.thread.QueuedThreadPool$2.run(QueuedThreadPool.java:589) [jetty-util-9.3.15.v20161220.jar:9.3.15.v20161220] at java.lang.Thread.run(Thread.java:745) [?:1.8.0_112] Caused by: org.xdi.oxauth.model.exception.InvalidJwtException: JWT has expired at org.xdi.oxauth.model.token.ClientAssertion.load(ClientAssertion.java:130) ~[classes/:?] at org.xdi.oxauth.model.token.ClientAssertion.<init>(ClientAssertion.java:43) ~[classes/:?] ... 38 more ``` Furthermore, in my Java application I catch the following: ``` gluu.scim.client.exception.ScimInitializationException: Could not get accessToken ```
CentOS
closed

Answers

By Michael Schwartz Account Admin 20 Sep 2017 at 9:05 a.m. CDT

Copy
Michael Schwartz gravatar
Can you post the code and give some more background info on what request you're making.

By Hernan Quevedo user 20 Sep 2017 at 10:09 a.m. CDT

Copy
Hernan Quevedo gravatar
We don't exactly know what happened, but the oxauth log said ClientAssertion.java:49 -> cannot verify JWT, and ClientAssertion.java:130 -> JWT has expired From one day to another, it stopped creating or updating users. Of course, we kind of mixed dev and test environment users, and after we cleaned up (deleted all users), the error disappeared. Maybe the session token for that registered client in Gluu expired but it was still requested for authentication requests.

By Jose Gonzalez staff 20 Sep 2017 at 11:28 a.m. CDT

Copy
Jose Gonzalez gravatar
Diego and Hernán, Great to hear you are not facing the problem anymore. For a next ticket please include as much context information as possible describing your problem with more detail. The SCIM service is implemented inside oxTrust, so oxtrust.log file is also key. Kind regards, José

By Yuriy Movchan staff 20 Sep 2017 at 12:37 p.m. CDT

Copy
Yuriy Movchan gravatar
Maybe the time between 2 servers was not sync. This can explain `JWT has expired`

By Hernan Quevedo user 21 Sep 2017 at 8:52 a.m. CDT

Copy
Hernan Quevedo gravatar
Great, we thought it was something like that too. We hope it never happens again. Thanks.

Post an answer