Question

2
Replies
144
Views
Brahmesh@ Member since 2013 145 posts
Capgemini
Posted: 8 months ago
Last activity: 7 months 4 weeks ago

Issue with OpenID connect in 8.3

we are facing below issue with OpenID Connect single sign-on with google .

Unable to execute OIDC flow : Caught exception while parsing the id token

1) configured authentication service with below meta data from google developer console .

2) seems , system is unable to parse JWT token . Here is the debug log for OIDC

2020-01-16 22:30:48,976 [http-nio-8080-exec-4] [ STANDARD] [ ] [ PegaRULES:8] ( auth.oidc.OIDCClientHandler) DEBUG localhost|0:0:0:0:0:0:0:1 - Initiating OIDC flow
2020-01-16 22:30:48,976 [http-nio-8080-exec-4] [ STANDARD] [ ] [ PegaRULES:8] ( auth.oidc.OIDCClientHandler) DEBUG localhost|0:0:0:0:0:0:0:1 - Constructing authorization URL for OIDC provider
2020-01-16 22:30:48,990 [http-nio-8080-exec-4] [ STANDARD] [ ] [ PegaRULES:8] ( auth.oidc.OIDCClientHandler) DEBUG localhost|0:0:0:0:0:0:0:1 - Constructed authorization URL for OIDC provider : https://accounts.google.com/o/oauth2/auth?redirect_uri=http%3A%2F%2Floc… profile email &state=9fa430eabe433e5fbae517f62889a0363e2592e98c6e143d2d40a57b8227977a&nonce=4773d78da680b6be84ab81b48465b76483f4183cf6983ccab38a750159d63e5d&response_type=code
2020-01-16 22:30:59,974 [ttp-nio-8080-exec-10] [ STANDARD] [ ] [ PegaRULES:8] ( auth.oidc.OIDCClientHandler) DEBUG localhost|0:0:0:0:0:0:0:1 - Processing authorization code recieved from OIDC provider
2020-01-16 22:30:59,975 [ttp-nio-8080-exec-10] [ STANDARD] [ ] [ PegaRULES:8] ( auth.oidc.OIDCClientHandler) DEBUG localhost|0:0:0:0:0:0:0:1 - StateParam Validation is successful
2020-01-16 22:30:59,976 [ttp-nio-8080-exec-10] [ STANDARD] [ ] [ PegaRULES:8] ( auth.oidc.OIDCClientHandler) DEBUG localhost|0:0:0:0:0:0:0:1 - Fetching access token using authCode received
2020-01-16 22:31:00,218 [ttp-nio-8080-exec-10] [ STANDARD] [ ] [ PegaRULES:8] ( auth.oidc.OIDCClientHandler) DEBUG localhost|0:0:0:0:0:0:0:1 - Successfully fetched accesss token and ID token using authCode
2020-01-16 22:31:00,218 [ttp-nio-8080-exec-10] [ STANDARD] [ ] [ PegaRULES:8] ( auth.oidc.OIDCClientHandler) DEBUG localhost|0:0:0:0:0:0:0:1 - Validating ID token received from access token end point
2020-01-16 22:31:00,247 [ttp-nio-8080-exec-10] [ STANDARD] [ ] [ PegaRULES:8] (uthorization.KeyStoreCacheImpl) ERROR localhost|0:0:0:0:0:0:0:1 - Failed to get JWK Keys
java.text.ParseException: Missing required "keys" member
at com.nimbusds.jose.jwk.JWKSet.parse(JWKSet.java:325) ~[nimbus-jose-jwt-7.2.1.jar:?]
at com.nimbusds.jose.jwk.JWKSet.parse(JWKSet.java:304) ~[nimbus-jose-jwt-7.2.1.jar:?]
at com.pega.pegarules.session.internal.authorization.KeyStoreCacheImpl.loadKeyStoretoCache(KeyStoreCacheImpl.java:283) ~[prprivate-session.jar:?]
at com.pega.pegarules.session.internal.authorization.KeyStoreCacheImpl.loadKeyStoreIfKeyStoreNotCachedYet(KeyStoreCacheImpl.java:438) ~[prprivate-session.jar:?]
at com.pega.pegarules.session.internal.authorization.KeyStoreCacheImpl.getPublicKey(KeyStoreCacheImpl.java:626) ~[prprivate-session.jar:?]
at com.pega.pegarules.integration.engine.internal.util.KeyStoreUtilsImpl.getPublicKey(KeyStoreUtilsImpl.java:1161) ~[printegrint.jar:?]
at com.pega.pegarules.integration.engine.internal.security.jwt.NimbusJWTProcessor.getJWSKeySelectorFromPubKey(NimbusJWTProcessor.java:547) ~[printegrint.jar:?]
at com.pega.pegarules.integration.engine.internal.security.jwt.NimbusJWTProcessor.getJWSKeySelector(NimbusJWTProcessor.java:480) ~[printegrint.jar:?]
at com.pega.pegarules.integration.engine.internal.auth.oidc.NimbusOIDCClientHandler.processIDToken(NimbusOIDCClientHandler.java:76) ~[printegrint.jar:?]
at com.pega.pegarules.integration.engine.internal.auth.oidc.OIDCClientHandler.processIDToken(OIDCClientHandler.java:214) ~[printegrint.jar:?]
at com.pega.pegarules.integration.engine.internal.auth.oidc.OIDCClientHandler.processAuthcodeRes(OIDCClientHandler.java:135) ~[printegrint.jar:?]
at com.pega.pegarules.integration.engine.internal.auth.oidc.OIDCClientHandler.authenticate(OIDCClientHandler.java:76) ~[printegrint.jar:?]
at com.pega.pegarules.session.internal.mgmt.authentication.SchemePRAuth.authenticateOperator(SchemePRAuth.java:373) ~[prprivate-session.jar:?]
at com.pega.pegarules.session.internal.mgmt.authentication.Authentication.doAuthentication(Authentication.java:512) ~[prprivate-session.jar:?]
at com.pega.pegarules.session.internal.engineinterface.service.HTTPAuthenticationHandler.performAuthentication(HTTPAuthenticationHandler.java:251) ~[prprivate-session.jar:?]
at com.pega.pegarules.session.internal.engineinterface.service.HTTPAuthenticationHandler.doHttpReqAuthentication(HTTPAuthenticationHandler.java:94) ~[prprivate-session.jar:?]
at com.pega.pegarules.session.internal.engineinterface.service.HttpAPI.handleAuthentication(HttpAPI.java:2798) ~[prprivate-session.jar:?]
at com.pega.pegarules.session.external.engineinterface.service.EngineAPI.activityExecutionProlog(EngineAPI.java:597) ~[prenginext.jar:?]
at com.pega.pegarules.session.external.engineinterface.service.EngineAPI.processRequestInner(EngineAPI.java:436) ~[prenginext.jar:?]
at sun.reflect.GeneratedMethodAccessor171.invoke(Unknown Source) ~[?:?]
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) ~[?:1.8.0_121]
at java.lang.reflect.Method.invoke(Method.java:498) ~[?:1.8.0_121]
at com.pega.pegarules.session.internal.PRSessionProviderImpl.performTargetActionWithLock(PRSessionProviderImpl.java:1393) ~[prprivate-session.jar:?]
at com.pega.pegarules.session.internal.PRSessionProviderImpl.doWithRequestorLocked(PRSessionProviderImpl.java:1125) ~[prprivate-session.jar:?]
at com.pega.pegarules.session.internal.PRSessionProviderImpl.doWithRequestorLocked(PRSessionProviderImpl.java:979) ~[prprivate-session.jar:?]
at com.pega.pegarules.session.external.engineinterface.service.EngineAPI.processRequest(EngineAPI.java:361) ~[prenginext.jar:?]
at com.pega.pegarules.session.internal.engineinterface.service.HttpAPI.invoke(HttpAPI.java:916) ~[prprivate-session.jar:?]
at com.pega.pegarules.session.internal.engineinterface.etier.impl.EngineImpl._invokeEngine_privact(EngineImpl.java:331) ~[prprivate-session.jar:?]
at com.pega.pegarules.session.internal.engineinterface.etier.impl.EngineImpl.invokeEngine(EngineImpl.java:274) ~[prprivate-session.jar:?]
at com.pega.pegarules.session.internal.engineinterface.etier.impl.EngineImpl.invokeEngine(EngineImpl.java:251) ~[prprivate-session.jar:?]
at com.pega.pegarules.priv.context.JNDIEnvironment.invokeEngineInner(JNDIEnvironment.java:275) ~[prpublic.jar:?]
at com.pega.pegarules.priv.context.JNDIEnvironment.invokeEngine(JNDIEnvironment.java:220) ~[prpublic.jar:?]
at com.pega.pegarules.web.impl.WebStandardImpl.makeEtierRequest(WebStandardImpl.java:743) ~[prwebj2ee.jar:?]
at com.pega.pegarules.web.impl.WebStandardImpl.doPost(WebStandardImpl.java:413) ~[prwebj2ee.jar:?]
at sun.reflect.GeneratedMethodAccessor791.invoke(Unknown Source) ~[?:?]
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) ~[?:1.8.0_121]
at java.lang.reflect.Method.invoke(Method.java:498) ~[?:1.8.0_121]
at com.pega.pegarules.internal.bootstrap.PRBootstrap.invokeMethod(PRBootstrap.java:380) ~[prbootstrap-8.3.0-225.jar:8.3.0-225]
at com.pega.pegarules.internal.bootstrap.PRBootstrap.invokeMethodPropagatingThrowable(PRBootstrap.java:422) ~[prbootstrap-8.3.0-225.jar:8.3.0-225]
at com.pega.pegarules.boot.internal.extbridge.AppServerBridgeToPega.invokeMethodPropagatingThrowable(AppServerBridgeToPega.java:224) ~[prbootstrap-api-8.3.0-225.jar:8.3.0-225]
at com.pega.pegarules.boot.internal.extbridge.AppServerBridgeToPega.invokeMethod(AppServerBridgeToPega.java:273) ~[prbootstrap-api-8.3.0-225.jar:8.3.0-225]
at com.pega.pegarules.internal.web.servlet.WebStandardBoot.doPost(WebStandardBoot.java:141) ~[prbootstrap-api-8.3.0-225.jar:8.3.0-225]
at com.pega.pegarules.internal.web.servlet.WebStandardBoot.doGet(WebStandardBoot.java:102) ~[prbootstrap-api-8.3.0-225.jar:8.3.0-225]
at javax.servlet.http.HttpServlet.service(HttpServlet.java:635) ~[servlet-api.jar:?]
at com.pega.pegarules.internal.web.servlet.WebStandardBoot.service(WebStandardBoot.java:167) ~[prbootstrap-api-8.3.0-225.jar:8.3.0-225]
at javax.servlet.http.HttpServlet.service(HttpServlet.java:742) ~[servlet-api.jar:?]
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:231) ~[catalina.jar:8.5.14]
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) ~[catalina.jar:8.5.14]
at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52) ~[tomcat-websocket.jar:8.5.14]
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) ~[catalina.jar:8.5.14]
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) ~[catalina.jar:8.5.14]
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:198) ~[catalina.jar:8.5.14]
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:96) ~[catalina.jar:8.5.14]
at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:478) ~[catalina.jar:8.5.14]
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:140) ~[catalina.jar:8.5.14]
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:80) ~[catalina.jar:8.5.14]
at org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:624) ~[catalina.jar:8.5.14]
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:87) ~[catalina.jar:8.5.14]
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:342) ~[catalina.jar:8.5.14]
at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:799) ~[tomcat-coyote.jar:8.5.14]
at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:66) ~[tomcat-coyote.jar:8.5.14]
at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:861) ~[tomcat-coyote.jar:8.5.14]
at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1455) ~[tomcat-coyote.jar:8.5.14]
at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49) ~[tomcat-coyote.jar:8.5.14]
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142) [?:1.8.0_121]
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617) [?:1.8.0_121]
at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61) ~[tomcat-util.jar:8.5.14]
at java.lang.Thread.run(Thread.java:745) [?:1.8.0_121]
2020-01-16 22:31:00,275 [ttp-nio-8080-exec-10] [ STANDARD] [ ] [ PegaRULES:8] ( auth.oidc.OIDCClientHandler) DEBUG localhost|0:0:0:0:0:0:0:1 - Successfully authenticated operator with OIDC flow

***Edited by Moderator Marissa to update platform capability tags****

Data Integration
Share this page LinkedIn