Userapplication Timeout issue

Hi,

We run userapplication 3.8.7 at a client in a docker cluster enviroment and we are having some issues with sessions beeing broken - forcing the user to login several times in a short period.

We see this in catalina.out : 

09:37:59.247 [https-jsse-nio-18543-exec-40] DEBUG com.netiq.idmdash.context.RefreshTokenServlet - [IDMDASH] OSP exception: access_denied:revtoken:Refresh token has been revoked.
09:37:59.247 [https-jsse-nio-18543-exec-40] DEBUG com.netiq.idmdash.context.RefreshTokenServlet - [IDMDASH] Refresh token has been revoked.
com.netiq.idmdash.oauth.exception.InvalidCredentialsException: Refresh token has been revoked.
        at com.netiq.idmdash.context.RefreshTokenServlet.handleRequestError(RefreshTokenServlet.java:417) ~[classes/:?]
        at com.netiq.idmdash.context.RefreshTokenServlet.getAccessTokenInfo(RefreshTokenServlet.java:381) ~[classes/:?]
        at com.netiq.idmdash.context.RefreshTokenServlet.doGet(RefreshTokenServlet.java:191) ~[classes/:?]
        at javax.servlet.http.HttpServlet.service(HttpServlet.java:529) ~[servlet-api.jar:4.0.FR]
        at javax.servlet.http.HttpServlet.service(HttpServlet.java:623) ~[servlet-api.jar:4.0.FR]
etc..

Does anyone have any ideas on what we can try?

The issue seems to be isolated to one of the servers (the error shown above is only seen in catalina.out on one of the servers)

(ism-configuration.propperties is equal on both servers)

Parents
  • Verified Answer

    +1  

    Never seen a refresh token revoked.

    One thing t do is clear the oidpInstances (or is it oidpInstanceData) attribute on the users. 

    Did you change the Refresh token lifespant/TTL in the ism-configuration.propeties?  WHere pehaps you made the refresh and Access token windows overlap backwards?  Access should be short and refresh should be long.  Maybe you reversed that?  (Does not explain why one node and not the other).

  • 0 in reply to   

    Hi, we have the following settings for TTL in the userapp ism:

    com.netiq.idm.osp.oauth.accessTokenTTL = 60
    com.netiq.idm.osp.oauth.refreshTokenTTL = 2592000

    com.netiq.idm.osp.oauth.public.refreshTokenTTL = 2700

    Are there any other lines that could cause the problem?

Reply Children
No Data