This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

"jwt malformed" error while authentication in an OO flow

Hi All,

We have flow deployed for automating the access request in a tool called Secure One. The flow is able to fetch token in our QA environment but not in PROD. All the flows, OO version, application setup and everything is same.

Environment Type Step Name Duration Inputs Raw Results
PROD OPERATION Get token 0.031 seconds {url=s1.dieboldnixdorf.com/.../auth, authType=Basic, username=null, password=******, preemptiveAuth=true, proxyHost=null, proxyPort=8080, proxyUsername=null, proxyPassword=******, trustAllRoots=true, x509HostnameVerifier=allow_all, trustKeystore=null, trustPassword=******, keystore=null, keystorePassword=******, connectTimeout=0, socketTimeout=0, useCookies=true, keepAlive=true, connectionsMaxPerRoute=2, connectionsMaxTotal=20, headers=Content-Type: application/json, responseCharacterSet=null, destinationFile=null, followRedirects=true, queryParams=null, queryParamsAreURLEncoded=false, formParams=null, formParamsAreURLEncoded=false, sourceFile=null, body={"userId":"ABC","token":"XYZ" }, contentType=application/json; charset='UTF-8, requestCharacterSet=ISO-8859-1, chunkedRequestEntity=null, method=POST} {returnCode=0, responseHeaders=X-DNS-Prefetch-Control: off
X-Frame-Options: SAMEORIGIN
Strict-Transport-Security: max-age=15552000; includeSubDomains
X-Download-Options: noopen
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
X-Request-Id: 3dbff020-569c-11ee-89f6-75a3e770a947
Content-Type: application/json; charset=utf-8
Content-Length: 27
ETag: W/"1b-CgdsrqtkLn0qBSLU/p4pPCfLVik"
Date: Tue, 19 Sep 2023 03:25:54 GMT
Connection: keep-alive, returnResult={"message":"jwt malformed"}, reasonPhrase=Unauthorized, finalLocation=s1.dieboldnixdorf.com/.../auth, protocolVersion=HTTP/1.1, statusCode=401, Result={"message":"jwt malformed"}}
Environment Type Step Name Duration Inputs Raw Results
QA OPERATION Get token 4.416 seconds {url=s1.dieboldnixdorf.com/.../auth, authType=Basic, username=null, password=******, preemptiveAuth=true, proxyHost=null, proxyPort=8080, proxyUsername=null, proxyPassword=******, trustAllRoots=true, x509HostnameVerifier=allow_all, trustKeystore=null, trustPassword=******, keystore=null, keystorePassword=******, connectTimeout=0, socketTimeout=0, useCookies=true, keepAlive=true, connectionsMaxPerRoute=2, connectionsMaxTotal=20, headers=Content-Type: application/json, responseCharacterSet=null, destinationFile=null, followRedirects=true, queryParams=null, queryParamsAreURLEncoded=false, formParams=null, formParamsAreURLEncoded=false, sourceFile=null, body={"userId":"ABC","token":"XYZ" }, contentType=application/json; charset='UTF-8, requestCharacterSet=ISO-8859-1, chunkedRequestEntity=null, method=POST} {returnCode=0, responseHeaders=X-DNS-Prefetch-Control: off
X-Frame-Options: SAMEORIGIN
Strict-Transport-Security: max-age=15552000; includeSubDomains
X-Download-Options: noopen
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
X-Request-Id: a02e4d60-569c-11ee-89f6-75a3e770a947
Content-Type: application/json; charset=utf-8
Content-Length: 821
ETag: W/"335-MTxru0nWOyiBmGGaeaCXD7bNeCo"
Date: Tue, 19 Sep 2023 03:28:40 GMT
Connection: keep-alive, returnResult={"message":"Access granted.","token":"eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJkaXN0aW5ndWlzaGVkTmFtZSI6IkNOPXN2Yy1naW8tYm1jYWRkbSxPVT1TeXN0ZW0gQWNjb3VudHMsREM9YWQsREM9ZGllYm9sZCxEQz1jb20iLCJkb21haW5fbmV0YmlvcyI6IkRJRUJPTERfTUFTVEVSIiwib2JqZWN0U2lkIjoiUy0xLTUtMjEtMTg1NzQxMDYtMTM1MjQ3ODc5Ni04MjQ2NTE5NzEtMzg0NDI0Iiwic0FNQWNjb3VudE5hbWUiOiJzdmMtZ2lvLWJtY2FkZG0iLCJhY2Nlc3MiOnsicm9sZSI6ImFkbWluIiwiZGF0ZV9hZGRlZCI6IjIwMjAtMDgtMTlUMjE6MTM6NTguOTE3WiIsImdhX2VuYWJsZWQiOnRydWV9LCJpZCI6IjVmMGUxMTc0YzM1YTAyYzNlNDA5NjI2ZiIsImNyZWF0ZWRCeSI6ImE3NmJmMzIzLTc1YzctNDYwOS1hNWE3LTg5Y2YxODhjZjM5OSIsInNjb3BlcyI6W10sInR5cGUiOiJhY2Nlc3MiLCJpYXQiOjE2OTUwOTQxMjAsImV4cCI6MTY5NTEyMjkyMCwianRpIjoiN2MxZTk1YTMtZjJhOS00ZmY3LWE0NGYtYjI3ZmE3ZjhhYjRmIn0.SaIK0tfkjQW6ffgHl2FhhGTLP_PKnD0fDmAHbMh3bq8","expires":"2023-09-19T11:28:40.000Z","scopes":[]}, reasonPhrase=OK, finalLocation=s1.dieboldnixdorf.com/.../auth, protocolVersion=HTTP/1.1, statusCode=200, Result={"message":"Access granted.","token":"eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJkaXN0aW5ndWlzaGVkTmFtZSI6IkNOPXN2Yy1naW8tYm1jYWRkbSxPVT1TeXN0ZW0gQWNjb3VudHMsREM9YWQsREM9ZGllYm9sZCxEQz1jb20iLCJkb21haW5fbmV0YmlvcyI6IkRJRUJPTERfTUFTVEVSIiwib2JqZWN0U2lkIjoiUy0xLTUtMjEtMTg1NzQxMDYtMTM1MjQ3ODc5Ni04MjQ2NTE5NzEtMzg0NDI0Iiwic0FNQWNjb3VudE5hbWUiOiJzdmMtZ2lvLWJtY2FkZG0iLCJhY2Nlc3MiOnsicm9sZSI6ImFkbWluIiwiZGF0ZV9hZGRlZCI6IjIwMjAtMDgtMTlUMjE6MTM6NTguOTE3WiIsImdhX2VuYWJsZWQiOnRydWV9LCJpZCI6IjVmMGUxMTc0YzM1YTAyYzNlNDA5NjI2ZiIsImNyZWF0ZWRCeSI6ImE3NmJmMzIzLTc1YzctNDYwOS1hNWE3LTg5Y2YxODhjZjM5OSIsInNjb3BlcyI6W10sInR5cGUiOiJhY2Nlc3MiLCJpYXQiOjE2OTUwOTQxMjAsImV4cCI6MTY5NTEyMjkyMCwianRpIjoiN2MxZTk1YTMtZjJhOS00ZmY3LWE0NGYtYjI3ZmE3ZjhhYjRmIn0.SaIK0tfkjQW6ffgHl2FhhGTLP_PKnD0fDmAHbMh3bq8","expires":"2023-09-19T11:28:40.000Z","scopes":[]}}

What could be the issue? What should I do to make it working in PROD environment.

  • 0

    Hello Ajith_Kumar,

    You ask an interesting question.

    What version of OO are you using in both environments (QA and Prod) and are they are the same Patch/hotfix level?

    While I provided that as my first question, my initial thoughts are that this is not necessarily an OO issue.

    Quite often, Software running in a Prod environment has different security and/or other settings than that same software in QA.  That is also a possibility.

    Is there a way to manually perform the step of requesting an access token from the OO Central QA server and the OO Central Prod server?

    If you can run the command(s) manually on both environments with the same options and it works, then you can isolate things further from that point.  If running them manually from both environments works for QA but not for Prod, then look at your Secure One Software settings or possibly firewalls that are different between the two environments.

    I hope that this helps.

    Regards,

    Mark

  • 0 in reply to 

    Hi Mark,

    Firstly, thank you for taking your time and responding to this.

    We are using 2022.05 in both environment and no patches/hotfixes applied so far to both the environments.

    I installed the postman in both the RAS (PROD AND QA) and tried to fetch toke from SecureOne, I am getting token successfully.

    Note: We are trying to access the same SecureOne application from both OO environments. We don't have separate PROD and Test setup for SecureOne.

    Regards,

    Ajithkumar G.

  • 0 in reply to 

    Hello Ajith,

    I'm sorry to hear that you are still encountering problems.

    Since Postman works from both QA and Prod RAS server, assuming this is where the flow is being run from, then it looks like you may need to dig deeper into the issue.

    I would double-check the calls from QA and Prod to confirm that they are exactly the same. 

    I don't know anything about SecureOne, but hopefully you can look at their logs and confirm that the same request is being received from both environments.  Compare what is being received from QA and Prod.

    If you still are unable to determine an issue, then I suggest you open a support case, so that logs and possibly debugging could be done if necessary.

    Good luck!

    Mark Butler

  • 0 in reply to 

    May not be relevant, but I have seen similar error once when somehow the payload in the request going to target had errors.

    May be checking what is received on target and what is sent from source would help. 

  • Suggested Answer

    0  

    Hi,

    The response has code 401 - Unauthorized. Doublecheck that you set the password for the user in PROD correctly. System accounts are not transferred within CPs.

    I see that you already have Postman installed on the RAS. Start PROXY functionality in Postman and change OO flow to use it. Postman will catch the call that OO is sending and you will be able to see what the potential issue is.

    Hope it helps.

    Dusko 

  • 0 in reply to 

    Thank you. I have created a case with support team.

  • 0 in reply to 

    Hi Misaq,

    Yes, Thats my doubt as well. I have enhanced the log to DEBUG level and reproduced the issue. Let me deep dive the logs along with OT team to see what really happened.

    Thanks.

  • Suggested Answer

    0 in reply to   

    Hi Dusko,

    I tried this briefly yesterday but could not do it. Let me check some video on how to do it and try the same.

    Thank you for proposing an innovative way for troubleshooting Slight smile

  • Verified Answer

    +1 in reply to 

    Thank you everyone for all the suggestions.

    Today we found that base library version is not in sync between PROD and QA which caused this issue. Now, new version (BASE 1.23.3) is uploaded to PROD. The flow is working as expected now.

    Closing this thread.