Userapplication Timeout issue

Hi,

We run userapplication 3.8.7 at a client in a docker cluster enviroment and we are having some issues with sessions beeing broken - forcing the user to login several times in a short period.

We see this in catalina.out : 

09:37:59.247 [https-jsse-nio-18543-exec-40] DEBUG com.netiq.idmdash.context.RefreshTokenServlet - [IDMDASH] OSP exception: access_denied:revtoken:Refresh token has been revoked.
09:37:59.247 [https-jsse-nio-18543-exec-40] DEBUG com.netiq.idmdash.context.RefreshTokenServlet - [IDMDASH] Refresh token has been revoked.
com.netiq.idmdash.oauth.exception.InvalidCredentialsException: Refresh token has been revoked.
        at com.netiq.idmdash.context.RefreshTokenServlet.handleRequestError(RefreshTokenServlet.java:417) ~[classes/:?]
        at com.netiq.idmdash.context.RefreshTokenServlet.getAccessTokenInfo(RefreshTokenServlet.java:381) ~[classes/:?]
        at com.netiq.idmdash.context.RefreshTokenServlet.doGet(RefreshTokenServlet.java:191) ~[classes/:?]
        at javax.servlet.http.HttpServlet.service(HttpServlet.java:529) ~[servlet-api.jar:4.0.FR]
        at javax.servlet.http.HttpServlet.service(HttpServlet.java:623) ~[servlet-api.jar:4.0.FR]
etc..

Does anyone have any ideas on what we can try?

The issue seems to be isolated to one of the servers (the error shown above is only seen in catalina.out on one of the servers)

(ism-configuration.propperties is equal on both servers)

Parents
  • Verified Answer

    +1  

    Never seen a refresh token revoked.

    One thing t do is clear the oidpInstances (or is it oidpInstanceData) attribute on the users. 

    Did you change the Refresh token lifespant/TTL in the ism-configuration.propeties?  WHere pehaps you made the refresh and Access token windows overlap backwards?  Access should be short and refresh should be long.  Maybe you reversed that?  (Does not explain why one node and not the other).

Reply
  • Verified Answer

    +1  

    Never seen a refresh token revoked.

    One thing t do is clear the oidpInstances (or is it oidpInstanceData) attribute on the users. 

    Did you change the Refresh token lifespant/TTL in the ism-configuration.propeties?  WHere pehaps you made the refresh and Access token windows overlap backwards?  Access should be short and refresh should be long.  Maybe you reversed that?  (Does not explain why one node and not the other).

Children