Twostep auth not working, push notifications not sent

By: Domagoj Dom user 14 Jun 2021 at 2:22 a.m. CDT

10 Responses
Domagoj Dom gravatar
Hello, We are having issues with SuperGluu two step auth from this morning. Pushing of notifications is not working. 2021-06-14 07:15:52,308 INFO [qtp1590550415-10] [org.gluu.service.PythonService$PythonLoggerOutputStream] (PythonService.java:240) - Super-Gluu. Send push notification. Loading user '*****' devices 2021-06-14 07:15:52,313 INFO [qtp1590550415-10] [org.gluu.service.PythonService$PythonLoggerOutputStream] (PythonService.java:240) - Super-Gluu. Get target endpoint ARN. There is already created target endpoint ARN 2021-06-14 07:15:53,249 INFO [qtp1590550415-10] [org.gluu.service.PythonService$PythonLoggerOutputStream] (PythonService.java:240) - Super-Gluu. Send push notification. Failed to send push notification: 2021-06-14 07:15:53,250 INFO [qtp1590550415-10] [org.gluu.service.PythonService$PythonLoggerOutputStream] (PythonService.java:240) - javax.ws.rs.InternalServerErrorException: HTTP 500 Internal Server Error Thanks, Dom
Ubuntu 18.04
closed

Answers

By Dzouato Djeumen Rolain Bonaventure staff 14 Jun 2021 at 8:08 a.m. CDT

Copy
Dzouato Djeumen Rolain Bonaventure gravatar
Hello Sir, Please attach the oxauth log files too. It will make it easier to identify where the problem is coming from. Thanks

By Domagoj Dom user 14 Jun 2021 at 10:25 a.m. CDT

Copy
Domagoj Dom gravatar
Hello, Here is the oxauth log from the same time 2021-06-14 07:11:44,721 WARN [qtp1590550415-13] [org.gluu.oxauth.model.crypto.AbstractCryptoProvider] (AbstractCryptoProvider.java:238) - WARNING! Expired Key is used, alias: 1debb800-1ff5-40a4-8271-eeabef6689ee_sig_rs512 Expires On: 2021-05-03 17:09:14 Today's Date: 2021-06-14 07:11:44 2021-06-14 07:11:44,726 INFO [qtp1590550415-13] [org.gluu.oxauth.auth.Authenticator] (Authenticator.java:242) - Authentication result for user '1701.dc1eff6b-7fa5-4ad4-a245-10d4ecb763be', result: 'false' 2021-06-14 07:11:44,726 INFO [qtp1590550415-13] [org.gluu.oxauth.auth.Authenticator] (Authenticator.java:277) - Authentication success for Client: '1701.dc1eff6b-7fa5-4ad4-a245-10d4ecb763be' 2021-06-14 07:11:44,749 WARN [qtp1590550415-13] [org.gluu.oxauth.model.crypto.AbstractCryptoProvider] (AbstractCryptoProvider.java:238) - WARNING! Expired Key is used, alias: 448fb0ed-53a1-4130-9156-98645c4485f2_sig_rs512 Expires On: 2021-06-14 15:45:54 Today's Date: 2021-06-14 07:11:44 2021-06-14 07:12:38,933 INFO [qtp1590550415-16] [org.gluu.oxauth.auth.Authenticator] (Authenticator.java:363) - Authentication reset to step : '2' 2021-06-14 07:13:07,171 WARN [qtp1590550415-17] [org.gluu.oxauth.model.crypto.AbstractCryptoProvider] (AbstractCryptoProvider.java:238) - WARNING! Expired Key is used, alias: 1debb800-1ff5-40a4-8271-eeabef6689ee_sig_rs512 Expires On: 2021-05-03 17:09:14 Today's Date: 2021-06-14 07:13:07 2021-06-14 07:13:07,175 INFO [qtp1590550415-17] [org.gluu.oxauth.auth.Authenticator] (Authenticator.java:242) - Authentication result for user '1701.dc1eff6b-7fa5-4ad4-a245-10d4ecb763be', result: 'false' 2021-06-14 07:13:07,175 INFO [qtp1590550415-17] [org.gluu.oxauth.auth.Authenticator] (Authenticator.java:277) - Authentication success for Client: '1701.dc1eff6b-7fa5-4ad4-a245-10d4ecb763be' 2021-06-14 07:13:07,196 WARN [qtp1590550415-17] [org.gluu.oxauth.model.crypto.AbstractCryptoProvider] (AbstractCryptoProvider.java:238) - WARNING! Expired Key is used, alias: 448fb0ed-53a1-4130-9156-98645c4485f2_sig_rs512 Expires On: 2021-06-14 15:45:54 Today's Date: 2021-06-14 07:13:07 2021-06-14 07:14:15,941 INFO [qtp1590550415-16] [org.gluu.oxauth.auth.Authenticator] (Authenticator.java:363) - Authentication reset to step : '2' 2021-06-14 07:15:50,953 INFO [qtp1590550415-12] [org.gluu.oxauth.auth.Authenticator] (Authenticator.java:363) - Authentication reset to step : '2' 2021-06-14 07:16:05,064 WARN [qtp1590550415-10] [org.gluu.oxauth.model.crypto.AbstractCryptoProvider] (AbstractCryptoProvider.java:238) - WARNING! Expired Key is used, alias: 1debb800-1ff5-40a4-8271-eeabef6689ee_sig_rs512 Expires On: 2021-05-03 17:09:14 Today's Date: 2021-06-14 07:16:05 2021-06-14 07:16:05,070 INFO [qtp1590550415-10] [org.gluu.oxauth.auth.Authenticator] (Authenticator.java:242) - Authentication result for user '1701.dc1eff6b-7fa5-4ad4-a245-10d4ecb763be', result: 'false' 2021-06-14 07:16:05,070 INFO [qtp1590550415-10] [org.gluu.oxauth.auth.Authenticator] (Authenticator.java:277) - Authentication success for Client: '1701.dc1eff6b-7fa5-4ad4-a245-10d4ecb763be' 2021-06-14 07:16:05,089 WARN [qtp1590550415-10] [org.gluu.oxauth.model.crypto.AbstractCryptoProvider] (AbstractCryptoProvider.java:238) - WARNING! Expired Key is used, alias: 448fb0ed-53a1-4130-9156-98645c4485f2_sig_rs512 Expires On: 2021-06-14 15:45:54 Today's Date: 2021-06-14 07:16:05 2021-06-14 07:17:27,945 INFO [qtp1590550415-15] [org.gluu.oxauth.auth.Authenticator] (Authenticator.java:363) - Authentication reset to step : '2' 2021-06-14 07:19:04,941 INFO [qtp1590550415-12] [org.gluu.oxauth.auth.Authenticator] (Authenticator.java:363) - Authentication reset to step : '2' 2021-06-14 07:19:41,169 WARN [qtp1590550415-17] [org.gluu.oxauth.model.crypto.AbstractCryptoProvider] (AbstractCryptoProvider.java:238) - WARNING! Expired Key is used, alias: 1debb800-1ff5-40a4-8271-eeabef6689ee_sig_rs512 Expires On: 2021-05-03 17:09:14 Today's Date: 2021-06-14 07:19:41 2021-06-14 07:19:41,175 INFO [qtp1590550415-17] [org.gluu.oxauth.auth.Authenticator] (Authenticator.java:242) - Authentication result for user '1701.dc1eff6b-7fa5-4ad4-a245-10d4ecb763be', result: 'false' 2021-06-14 07:19:41,175 INFO [qtp1590550415-17] [org.gluu.oxauth.auth.Authenticator] (Authenticator.java:277) - Authentication success for Client: '1701.dc1eff6b-7fa5-4ad4-a245-10d4ecb763be' 2021-06-14 07:19:41,199 WARN [qtp1590550415-17] [org.gluu.oxauth.model.crypto.AbstractCryptoProvider] (AbstractCryptoProvider.java:238) - WARNING! Expired Key is used, alias: 448fb0ed-53a1-4130-9156-98645c4485f2_sig_rs512 Expires On: 2021-06-14 15:45:54 Today's Date: 2021-06-14 07:19:41 We are using SuperGluu script with GluuRadius, only the 2FA is not working. We now temporarily changed GluuRadius to one step and that part is working. Thanks, Dom

By Domagoj Dom user 14 Jun 2021 at 12:28 p.m. CDT

Copy
Domagoj Dom gravatar
Hello, Here is the fresh set of logs, seems to be related to Iphones only, Androids work fine. We have deleted the keys on Iphone, deleted Super-gluu device, registered device again, but same thing is happening. oxauth-script.log 2021-06-14 17:21:16,600 INFO [qtp1590550415-12] [org.gluu.service.PythonService$PythonLoggerOutputStream] (PythonService.java:240) - Basic. Authenticate for step 1 2021-06-14 17:21:16,629 INFO [qtp1590550415-12] [org.gluu.service.PythonService$PythonLoggerOutputStream] (PythonService.java:240) - Super-Gluu-RO initiatate_authentication 2021-06-14 17:21:16,630 INFO [qtp1590550415-12] [org.gluu.service.PythonService$PythonLoggerOutputStream] (PythonService.java:240) - Super-Gluu-RO using two-step authentication 2021-06-14 17:21:16,634 INFO [qtp1590550415-12] [org.gluu.service.PythonService$PythonLoggerOutputStream] (PythonService.java:240) - Super-Gluu-RO. Generated session id. DN: 'db3b33cc-b5b3-4c93-bb0d-430c4f020740' 2021-06-14 17:21:16,635 INFO [qtp1590550415-12] [org.gluu.service.PythonService$PythonLoggerOutputStream] (PythonService.java:240) - NetApi. Determining remote location for ip address '172.16.254.102' 2021-06-14 17:21:16,706 INFO [qtp1590550415-12] [org.gluu.service.PythonService$PythonLoggerOutputStream] (PythonService.java:240) - NetApi. Could not determine remote location. ip-api status: 'fail' 2021-06-14 17:21:16,707 INFO [qtp1590550415-12] [org.gluu.service.PythonService$PythonLoggerOutputStream] (PythonService.java:240) - Super-Gluu-Push. Sending push notification to user 'iphoneuser' devices 2021-06-14 17:21:16,711 INFO [qtp1590550415-12] [org.gluu.service.PythonService$PythonLoggerOutputStream] (PythonService.java:240) - Super-Gluu-Push. Send device notification to device 2021-06-14 17:21:16,712 INFO [qtp1590550415-12] [org.gluu.service.PythonService$PythonLoggerOutputStream] (PythonService.java:240) - Super-Gluu-Push. Target endpoint ARN already created : 2021-06-14 17:21:16,713 INFO [qtp1590550415-12] [org.gluu.service.PythonService$PythonLoggerOutputStream] (PythonService.java:240) - arn:aws:sns:us-west-2:989705443609:endpoint/APNS/super_gluu_apns/31556b15-fcb0-3d06-a6a0-f904ca632a27 2021-06-14 17:21:16,714 INFO [qtp1590550415-12] [org.gluu.service.PythonService$PythonLoggerOutputStream] (PythonService.java:240) - push message : {"request":"{\"app\":\"https://server/identity/authcode.htm\",\"licensed\":false,\"method\":\"authenticate\",\"req_ip\":\"172.16.254.102\",\"created\":\"2021-06-14T17:21:16Z\",\"issuer\":\"https://server\":\"\",\"state\":\"db3b33cc-b5b3-4c93-bb0d-430c4f020740\",\"username\":\"iphoneuser\"}","aps":{"sound":"default","badge":0,"alert":{"body":"Super-Gluu login request to https://server/identity/authcode.htm","title":"Super-Gluu"},"category":"ACTIONABLE","content-available":"1"}} 2021-06-14 17:21:17,377 INFO [qtp1590550415-12] [org.gluu.service.PythonService$PythonLoggerOutputStream] (PythonService.java:240) - Super-Gluu-Push. Failed to send push notification : 'HTTP 500 Internal Server Error' 2021-06-14 17:21:17,378 INFO [qtp1590550415-12] [org.gluu.service.PythonService$PythonLoggerOutputStream] (PythonService.java:240) - User iphoneuser has no device enrolled for Super-Gluu authentication 2021-06-14 17:21:17,379 INFO [qtp1590550415-12] [org.gluu.service.PythonService$PythonLoggerOutputStream] (PythonService.java:240) - Send push notification to user 'iphoneuser' failed oxauth.log 021-06-14 17:21:16,599 WARN [qtp1590550415-12] [org.gluu.oxauth.model.crypto.AbstractCryptoProvider] (AbstractCryptoProvider.java:238) - WARNING! Expired Key is used, alias: 1debb800-1ff5-40a4-8271-eeabef6689ee_sig_rs512 Expires On: 2021-05-03 17:09:14 Today's Date: 2021-06-14 17:21:16 2021-06-14 17:21:16,604 INFO [qtp1590550415-12] [org.gluu.oxauth.auth.Authenticator] (Authenticator.java:242) - Authentication result for user '1701.dc1eff6b-7fa5-4ad4-a245-10d4ecb763be', result: 'false' 2021-06-14 17:21:16,604 INFO [qtp1590550415-12] [org.gluu.oxauth.auth.Authenticator] (Authenticator.java:277) - Authentication success for Client: '1701.dc1eff6b-7fa5-4ad4-a245-10d4ecb763be' Thanks, Dom

By Alexandre Zia Account Admin 14 Jun 2021 at 1:11 p.m. CDT

Copy
Alexandre Zia gravatar
Just for information, We are having the same issue. Only iPhones affected, Android working fine. Many users can't login. Gluu 4.1

By Domagoj Dom user 15 Jun 2021 at 7:26 a.m. CDT

Copy
Domagoj Dom gravatar
Hi Alexandre, Did you manage to find any workaround, last time it was a problem with oxStatus: compromised, but I think this is another issue, as last time re-enrolling devices fixed the problem ? We have the same 4.1 version as you have. Thanks, Dom

By Alexandre Zia Account Admin 15 Jun 2021 at 12:18 p.m. CDT

Copy
Alexandre Zia gravatar
Whenever an iPhone user tries to authenticate, oxauth_script raises this error: ``` Super-Gluu. Get target endpoint ARN. Create target endpoint ARN 'arn:aws:sns:us-west-2:989705443609:endpoint/APNS/super_gluu_apns/xxxxxxxxxxxxxx' for user: 'xxxxxxxx' Super-Gluu. Send push notification. Failed to send push notification: javax.ws.rs.InternalServerErrorException: HTTP 500 Internal Server Error ```

By Dzouato Djeumen Rolain Bonaventure staff 23 Jun 2021 at 2:30 a.m. CDT

Copy
Dzouato Djeumen Rolain Bonaventure gravatar
Hello Alexandre and Domagoj, Could you try now ? Thanks

By Domagoj Dom user 23 Jun 2021 at 2:58 a.m. CDT

Copy
Domagoj Dom gravatar
Hello Rolain, Still no notifications for IOS. Same error as before. Thanks, Dom

By Dzouato Djeumen Rolain Bonaventure staff 23 Jun 2021 at 9:21 p.m. CDT

Copy
Dzouato Djeumen Rolain Bonaventure gravatar
Hello Domagoj, It should be fixed now. Please try. Thanks

By Domagoj Dom user 24 Jun 2021 at 1:42 a.m. CDT

Copy
Domagoj Dom gravatar
Thank you, It is working now . Dom

Post an answer