Our vBulletin migration is complete.
Welcome vBulletin users! All content and user information from the Micro Focus Forums (vBulletin) site has been migrated to this site. READ MORE.
Highlighted
johnlow Trusted Contributor.
Trusted Contributor.
1565 views

(DP) support tip: "Unable to get Authentication token" - Invalid token signature

PROBLEM DESCRIPTION:

 

When selecting "Devices" in GUI, pop up window report showing error

"Unable to get Authentication token. Check if Appserver is running"

 

Appserver logs reporting the following error..

 

2017-11-22 17:45:52,722 ERROR [org.keycloak.adapters.BearerTokenRequestAuthentic

ator] (default task-13) Failed to verify token: org.keycloak.common.Verification

Exception: Invalid token signature.

 

SOLUTION:

 

The likely cause is keycloak realm-public-key mismatch..

 

Location of Keycloak realm-public-key

 

[WIN]

 

%DP_DATA_DIR%config\server\AppServer\standalone.xml (realm-public-key)

eg:

<realm-public-key>MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDAW2ErCygJhtxmhmngbxupeQRZ+JiUF9jYW1Vh7tnGxIKCJKuwCdd0ipl7P9fuWQIU88Q+YS2/QTo6tMDjcR9crS7NE3wcDaQa2TiFgqD73baQcOL2p3bdV0Xwnkz62IEnOkgSlEBlYciZlqV5ORx/vjDQiIj52lal+k/HlA6iawIDAQAB</realm-public-key>

 

%DP_DATA_DIR\config\server\AppServer\pubcrtFile.pem (keycloak public key)

eg:

-----BEGIN PUBLIC KEY-----

MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDAW2ErCygJhtxmhmngbxupeQRZ

+JiUF9jYW1Vh7tnGxIKCJKuwCdd0ipl7P9fuWQIU88Q+YS2/QTo6tMDjcR9crS7N

E3wcDaQa2TiFgqD73baQcOL2p3bdV0Xwnkz62IEnOkgSlEBlYciZlqV5ORx/vjDQ

iIj52lal+k/HlA6iawIDAQAB

-----END PUBLIC KEY-----

 

They should match.

 

[Linux/Unix]

 

/etc/opt/omni/server/AppServer/standalone.xml

eg:

<realm-public-key>MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDAW2ErCygJhtxmhmngbxupeQRZ+JiUF9jYW1Vh7tnGxIKCJKuwCdd0ipl7P9fuWQIU88Q+YS2/QTo6tMDjcR9crS7NE3wcDaQa2TiFgqD73baQcOL2p3bdV0Xwnkz62IEnOkgSlEBlYciZlqV5ORx/vjDQiIj52lal+k/HlA6iawIDAQAB</realm-public-key>

 

"pubcrtFile.pem" DOES NOT EXIST, only for Windows

 

login to keycloak admin page and get realm "public key"

 

01. Make directory if missing

cmd> mkdir /opt/omni/AppServer/standalone/configuration

 

02. Create keycloak master user

cmd> /opt/omni/AppServer/bin/add-user-keycloak.sh -r master -u <user> -p <password>

 

03. Copy created json file to correct directory

cmd> cp /opt/omni/AppServer/standalone/configuration/keycloak-add-user.json \

/etc/opt/omni/server/AppServer

 

04. Restart only hpdp-as service

cmd> /etc/init.d/hpdp-as stop

cmd> /etc/init.d/hpdp-as start

 

05. open web browser and login with keycloak master user

https://btp01dp66.swinfra.net:7116/auth/admin

username: <user>

password: <password>

 

Configure->Realm Settings

Select "Keys" tab

Save/Copy the value of the "Public key" field

 

Sign off

close web browser

 

The "realm-public-key" values should match.

 

If they do not match, you can edit standalone.xml so that the values match (note: there are multiple occurrence of <realm-public-key> and all of them have to be updated.)

Labels (1)
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.