By: Bruce Gordon Account Admin 06 Jun 2019 at 2:31 a.m. CDT

11 Responses
Bruce Gordon gravatar
While logging into gluu gateway after following the standard install instructions an error is displayed in a red box " 500 - {"error":"invalid_access_token_bad_hash","error_description":"access_token is invalid. Hash of access_token does not match hash from id_token (at_hash).","details":null}

By Meghna Joshi staff 06 Jun 2019 at 2:51 a.m. CDT

Meghna Joshi gravatar
Hi Bruce, Please share the OXD log(/var/log/oxd-server/oxd-server.log), oxAuth logs and Konga log(/var/log/konga.log). logs helps us to track the exact problem. Best Regards, Meghna Joshi

By Bruce Gordon Account Admin 06 Jun 2019 at 3:20 a.m. CDT

Bruce Gordon gravatar
https://send.firefox.com/download/58fa48659cd21b3b/#dtiUDubmiXliOmc6SG1bvg

By Meghna Joshi staff 06 Jun 2019 at 4:28 a.m. CDT

Meghna Joshi gravatar
Something wrong with your Gluu CE 3.1.6 settings. Send the oxAuth log file /opt/gluu-server-3.1.6/opt/gluu/jetty/oxauth/logs/oxauth.log Also please send the Full OXD logs. it is hard to guess on above short logs. Set log level `threshold: TRACE` in oxd-server.yml config and request again for GG login. https://github.com/GluuFederation/oxd/blob/version_4.0/oxd-server/src/main/resources/oxd-server.yml#L51 Note: You can attach log file here Best Regards, Meghna Joshi

By Meghna Joshi staff 06 Jun 2019 at 4:43 a.m. CDT

Meghna Joshi gravatar
Also set Gluu CE log level to Trace for oxAuth log and then send both log files

By Bruce Gordon Account Admin 06 Jun 2019 at 5 a.m. CDT

Bruce Gordon gravatar
https://send.firefox.com/download/6cc7797b4a0411cd/#CRAv4FDfmHxmUD7mKtqsgw (not clear on how to attach log files here so sticking with firefox for now)

By Meghna Joshi staff 06 Jun 2019 at 5:05 a.m. CDT

Meghna Joshi gravatar
Above link is expired. it responding "This link has expired". Use the button at the bottom "Attachment Choose file", just above the POST button to upload a file.

By Bruce Gordon Account Admin 06 Jun 2019 at 5:46 a.m. CDT

Bruce Gordon gravatar
Please try this link (I don't see an Attachment Choose file above POST only "Link URL" and "Send copy to"). https://send.firefox.com/download/a32208bac08da769/#CBnR6nTn9THXCEoieAF4Ow Feel free to upload these

By Bruce Gordon Account Admin 06 Jun 2019 at 6:51 a.m. CDT

Bruce Gordon gravatar
Posting logs

By Yuriy Zabrovarnyy staff 06 Jun 2019 at 10:30 a.m. CDT

Yuriy Zabrovarnyy gravatar
Unfortunately we have bug, it's reported and fix will be available in `3.1.6.sp2`. Please switch algorithm to RS256 (from current RS512). https://github.com/GluuFederation/oxAuth/issues/1088 Thanks, Yuriy Z

By Bruce Gordon Account Admin 06 Jun 2019 at 10:48 a.m. CDT

Bruce Gordon gravatar
Thanks I have verified that resolves the issue.

By Yuriy Zabrovarnyy staff 06 Jun 2019 at 12:38 p.m. CDT

Yuriy Zabrovarnyy gravatar
Thanks for info Bruce and sorry for inconveniences. BR, Yuriy Z