Question

1
Replies
332
Views
Shantanu Nalawade (ShantanuN0145)
ASB Bank
Software Consultant
ASB Bank
NZ
ShantanuN0145 Member since 2015 3 posts
ASB Bank
Posted: July 8, 2019
Last activity: July 8, 2019
Posted: 8 Jul 2019 5:55 EDT
Last activity: 8 Jul 2019 5:57 EDT
Closed

JSON Web Token is not validated correctly despite being correct

Hi Everyone,


We are generating a JSON Web Token using the Generation Token Profile and sending it to the front end.


For every subsequent service calls from the front end we are receiving the same generated token for validation.


The issue is sometime pega is able to process the token using the Processing Token profile and sometimes it fails.


This is issue is happening irregularly and after debugging and tracing we notice the claims under the processing token are not getting mapped on to the clipboard and the logs show something like following:

Hi Everyone,

We are generating a JSON Web Token using the Generation Token Profile and sending it to the front end.

For every subsequent service calls from the front end we are receiving the same generated token for validation.

The issue is sometime pega is able to process the token using the Processing Token profile and sometimes it fails.

This is issue is happening irregularly and after debugging and tracing we notice the claims under the processing token are not getting mapped on to the clipboard and the logs show something like following:

Unable to process the Json Web Token
com.pega.pegarules.pub.PRRuntimeException: JSON web token is rejected during signature verification due to bad signature : Expired JWT
at com.pega.pegarules.integration.engine.internal.security.jwt.NimbusJWTProcessor.verifySignedJSONWebToken(NimbusJWTProcessor.java:588) ~[printegrint.jar:?]
at com.pega.pegarules.integration.engine.internal.security.jwt.NimbusJWTProcessor.validateSignedJWT(NimbusJWTProcessor.java:554) ~[printegrint.jar:?]
at com.pega.pegarules.integration.engine.internal.security.jwt.NimbusJWTProcessor.processGeneratedJsonWebToken(NimbusJWTProcessor.java:421) ~[printegrint.jar:?]
at com.pega.pegarules.integration.engine.internal.security.jwt.JWTUtilsImpl.processJSONWebToken(JWTUtilsImpl.java:210) ~[printegrint.jar:?]
at com.pegarules.generated.activity.ra_action_pxprocessjwt_b0ef86dd175b625d97616556f8dcb044.step3_circum0(ra_action_pxprocessjwt_b0ef86dd175b625d97616556f8dcb044.java:374) ~[?:?]
at com.pegarules.generated.activity.ra_action_pxprocessjwt_b0ef86dd175b625d97616556f8dcb044.perform(ra_action_pxprocessjwt_b0ef86dd175b625d97616556f8dcb044.java:108) ~[?:?]
at com.pega.pegarules.session.internal.mgmt.Executable.doActivity(Executable.java:3597) ~[prprivate.jar:?]
at com.pega.pegarules.session.internal.mgmt.Executable.invokeActivity(Executable.java:10845) ~[prprivate.jar:?]
at com.pegarules.generated.activity.ra_action_validatejwt_cf6c4e265daba181f2048adb3c180c55.step6_circum0(ra_action_validatejwt_cf6c4e265daba181f2048adb3c180c55.java:616) ~[?:?]
at com.pegarules.generated.activity.ra_action_validatejwt_cf6c4e265daba181f2048adb3c180c55.perform(ra_action_validatejwt_cf6c4e265daba181f2048adb3c180c55.java:170) ~[?:?]
at com.pega.pegarules.session.internal.mgmt.Executable.doActivity(Executable.java:3597) ~[prprivate.jar:?]
at com.pega.pegarules.session.internal.mgmt.Executable.invokeActivity(Executable.java:10845) ~[prprivate.jar:?]
at com.pegarules.generated.activity.ra_action_getptibbankruptadminscases_21c42cb9323c57c636d30920baccd8e9.step5_circum0(ra_action_getptibbankruptadminscases_21c42cb9323c57c636d30920baccd8e9.java:633) ~[?:?]
at com.pegarules.generated.activity.ra_action_getptibbankruptadminscases_21c42cb9323c57c636d30920baccd8e9.perform(ra_action_getptibbankruptadminscases_21c42cb9323c57c636d30920baccd8e9.java:145) ~[?:?]
at com.pega.pegarules.session.internal.mgmt.Executable.doActivity(Executable.java:3597) ~[prprivate.jar:?]
at com.pega.pegarules.session.internal.mgmt.base.ThreadRunner.runActivitiesAlt(ThreadRunner.java:646) ~[prprivate.jar:?]
at com.pega.pegarules.session.internal.mgmt.PRThreadImpl.runActivitiesAlt(PRThreadImpl.java:481) ~[prprivate.jar:?]
at com.pega.pegarules.integration.engine.internal.RuleExecutionUtils.runServiceActivity(RuleExecutionUtils.java:436) ~[printegrint.jar:?]
at com.pega.pegarules.integration.engine.internal.services.ServiceAPI.runActivities(ServiceAPI.java:1946) ~[printegrint.jar:?]
at com.pega.pegarules.session.external.engineinterface.service.EngineAPI.processRequestInner(EngineAPI.java:399) ~[prenginext.jar:?]
at sun.reflect.GeneratedMethodAccessor31.invoke(Unknown Source) ~[?:?]
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) ~[?:1.8.0_152]
at java.lang.reflect.Method.invoke(Method.java:498) ~[?:1.8.0_152]
at com.pega.pegarules.session.internal.PRSessionProviderImpl.performTargetActionWithLock(PRSessionProviderImpl.java:1338) ~[prprivate.jar:?]
at com.pega.pegarules.session.internal.PRSessionProviderImpl.doWithRequestorLocked(PRSessionProviderImpl.java:1075) ~[prprivate.jar:?]
at com.pega.pegarules.session.internal.PRSessionProviderImpl.doWithRequestorLocked(PRSessionProviderImpl.java:930) ~[prprivate.jar:?]
at com.pega.pegarules.session.external.engineinterface.service.EngineAPI.processRequest(EngineAPI.java:336) ~[prenginext.jar:?]
at com.pega.pegarules.integration.engine.internal.services.StatelessServiceAPI.processRequest(StatelessServiceAPI.java:51) ~[printegrint.jar:?]
at com.pega.pegarules.integration.engine.internal.services.http.HTTPService.invoke(HTTPService.java:508) ~[printegrint.jar:?]
at com.pega.pegarules.session.internal.engineinterface.etier.impl.EngineImpl._invokeEngine_privact(EngineImpl.java:331) ~[prprivate.jar:?]
at com.pega.pegarules.session.internal.engineinterface.etier.impl.EngineImpl.invokeEngine(EngineImpl.java:274) ~[prprivate.jar:?]
at com.pega.pegarules.session.internal.engineinterface.etier.impl.EngineImpl.invokeEngine(EngineImpl.java:251) ~[prprivate.jar:?]
at com.pega.pegarules.priv.context.JNDIEnvironment.invokeEngineInner(JNDIEnvironment.java:278) ~[prpublic.jar:?]
at com.pega.pegarules.priv.context.JNDIEnvironment.invokeEngine(JNDIEnvironment.java:223) ~[prpublic.jar:?]
at com.pega.pegarules.web.impl.WebStandardImpl.makeEtierRequest(WebStandardImpl.java:678) ~[prwebj2ee.jar:?]
at com.pega.pegarules.web.impl.WebStandardImpl.doPost(WebStandardImpl.java:390) ~[prwebj2ee.jar:?]
at sun.reflect.GeneratedMethodAccessor30.invoke(Unknown Source) ~[?:?]
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) ~[?:1.8.0_152]
at java.lang.reflect.Method.invoke(Method.java:498) ~[?:1.8.0_152]
at com.pega.pegarules.internal.bootstrap.PRBootstrap.invokeMethod(PRBootstrap.java:370) ~[prbootstrap-7.3.1-218.jar:7.3.1-218]
at com.pega.pegarules.internal.bootstrap.PRBootstrap.invokeMethodPropagatingThrowable(PRBootstrap.java:411) ~[prbootstrap-7.3.1-218.jar:7.3.1-218]
at com.pega.pegarules.boot.internal.extbridge.AppServerBridgeToPega.invokeMethodPropagatingThrowable(AppServerBridgeToPega.java:224) ~[prbootstrap-api-7.3.1-218.jar:7.3.1-218]
at com.pega.pegarules.boot.internal.extbridge.AppServerBridgeToPega.invokeMethod(AppServerBridgeToPega.java:273) ~[prbootstrap-api-7.3.1-218.jar:7.3.1-218]
at com.pega.pegarules.internal.web.servlet.WebStandardBoot.doPost(WebStandardBoot.java:129) ~[prbootstrap-api-7.3.1-218.jar:7.3.1-218]
at javax.servlet.http.HttpServlet.service(HttpServlet.java:707) ~[jboss-servlet-api_3.1_spec-1.0.0.Final-redhat-1.jar!/:1.0.0.Final-redhat-1]
at javax.servlet.http.HttpServlet.service(HttpServlet.java:790) ~[jboss-servlet-api_3.1_spec-1.0.0.Final-redhat-1.jar!/:1.0.0.Final-redhat-1]
at io.undertow.servlet.handlers.ServletHandler.handleRequest(ServletHandler.java:85) ~[undertow-servlet-1.3.21.Final-redhat-1.jar!/:1.3.21.Final-redhat-1]
at io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:129) ~[undertow-servlet-1.3.21.Final-redhat-1.jar!/:1.3.21.Final-redhat-1]
at io.undertow.websockets.jsr.JsrWebSocketFilter.doFilter(JsrWebSocketFilter.java:130) ~[undertow-websockets-jsr-1.3.21.Final-redhat-1.jar!/:1.3.21.Final-redhat-1]
at io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:61) ~[undertow-servlet-1.3.21.Final-redhat-1.jar!/:1.3.21.Final-redhat-1]
at io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131) ~[undertow-servlet-1.3.21.Final-redhat-1.jar!/:1.3.21.Final-redhat-1]
at io.undertow.servlet.handlers.FilterHandler.handleRequest(FilterHandler.java:84) ~[undertow-servlet-1.3.21.Final-redhat-1.jar!/:1.3.21.Final-redhat-1]
at io.undertow.servlet.handlers.security.ServletSecurityRoleHandler.handleRequest(ServletSecurityRoleHandler.java:62) ~[undertow-servlet-1.3.21.Final-redhat-1.jar!/:1.3.21.Final-redhat-1]
at io.undertow.servlet.handlers.ServletDispatchingHandler.handleRequest(ServletDispatchingHandler.java:36) ~[undertow-servlet-1.3.21.Final-redhat-1.jar!/:1.3.21.Final-redhat-1]
at org.wildfly.extension.undertow.security.SecurityContextAssociationHandler.handleRequest(SecurityContextAssociationHandler.java:78) ~[?:?]
at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43) ~[undertow-core-1.3.21.Final-redhat-1.jar!/:1.3.21.Final-redhat-1]
at io.undertow.servlet.handlers.security.SSLInformationAssociationHandler.handleRequest(SSLInformationAssociationHandler.java:131) ~[undertow-servlet-1.3.21.Final-redhat-1.jar!/:1.3.21.Final-redhat-1]
at io.undertow.servlet.handlers.security.ServletAuthenticationCallHandler.handleRequest(ServletAuthenticationCallHandler.java:57) ~[undertow-servlet-1.3.21.Final-redhat-1.jar!/:1.3.21.Final-redhat-1]
at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43) ~[undertow-core-1.3.21.Final-redhat-1.jar!/:1.3.21.Final-redhat-1]
at io.undertow.security.handlers.AuthenticationConstraintHandler.handleRequest(AuthenticationConstraintHandler.java:51) ~[undertow-core-1.3.21.Final-redhat-1.jar!/:1.3.21.Final-redhat-1]
at io.undertow.security.handlers.AbstractConfidentialityHandler.handleRequest(AbstractConfidentialityHandler.java:46) ~[undertow-core-1.3.21.Final-redhat-1.jar!/:1.3.21.Final-redhat-1]
at io.undertow.servlet.handlers.security.ServletConfidentialityConstraintHandler.handleRequest(ServletConfidentialityConstraintHandler.java:64) ~[undertow-servlet-1.3.21.Final-redhat-1.jar!/:1.3.21.Final-redhat-1]
at io.undertow.servlet.handlers.security.ServletSecurityConstraintHandler.handleRequest(ServletSecurityConstraintHandler.java:56) ~[undertow-servlet-1.3.21.Final-redhat-1.jar!/:1.3.21.Final-redhat-1]
at io.undertow.security.handlers.AuthenticationMechanismsHandler.handleRequest(AuthenticationMechanismsHandler.java:60) ~[undertow-core-1.3.21.Final-redhat-1.jar!/:1.3.21.Final-redhat-1]
at io.undertow.servlet.handlers.security.CachedAuthenticatedSessionHandler.handleRequest(CachedAuthenticatedSessionHandler.java:77) ~[undertow-servlet-1.3.21.Final-redhat-1.jar!/:1.3.21.Final-redhat-1]
at io.undertow.security.handlers.NotificationReceiverHandler.handleRequest(NotificationReceiverHandler.java:50) ~[undertow-core-1.3.21.Final-redhat-1.jar!/:1.3.21.Final-redhat-1]
at io.undertow.security.handlers.AbstractSecurityContextAssociationHandler.handleRequest(AbstractSecurityContextAssociationHandler.java:43) ~[undertow-core-1.3.21.Final-redhat-1.jar!/:1.3.21.Final-redhat-1]
at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43) ~[undertow-core-1.3.21.Final-redhat-1.jar!/:1.3.21.Final-redhat-1]
at org.wildfly.extension.undertow.security.jacc.JACCContextIdHandler.handleRequest(JACCContextIdHandler.java:61) ~[?:?]
at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43) ~[undertow-core-1.3.21.Final-redhat-1.jar!/:1.3.21.Final-redhat-1]
at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43) ~[undertow-core-1.3.21.Final-redhat-1.jar!/:1.3.21.Final-redhat-1]
at io.undertow.servlet.handlers.ServletInitialHandler.handleFirstRequest(ServletInitialHandler.java:285) ~[undertow-servlet-1.3.21.Final-redhat-1.jar!/:1.3.21.Final-redhat-1]
at io.undertow.servlet.handlers.ServletInitialHandler.dispatchRequest(ServletInitialHandler.java:264) ~[undertow-servlet-1.3.21.Final-redhat-1.jar!/:1.3.21.Final-redhat-1]
at io.undertow.servlet.handlers.ServletInitialHandler.access$000(ServletInitialHandler.java:81) ~[undertow-servlet-1.3.21.Final-redhat-1.jar!/:1.3.21.Final-redhat-1]
at io.undertow.servlet.handlers.ServletInitialHandler$1.handleRequest(ServletInitialHandler.java:175) ~[undertow-servlet-1.3.21.Final-redhat-1.jar!/:1.3.21.Final-redhat-1]
at io.undertow.server.Connectors.executeRootHandler(Connectors.java:202) ~[undertow-core-1.3.21.Final-redhat-1.jar!/:1.3.21.Final-redhat-1]
at io.undertow.server.HttpServerExchange$1.run(HttpServerExchange.java:792) ~[undertow-core-1.3.21.Final-redhat-1.jar!/:1.3.21.Final-redhat-1]
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149) [?:1.8.0_152]
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624) [?:1.8.0_152]
at java.lang.Thread.run(Thread.java:748) [?:1.8.0_152]
We have even initialized the clipboard page on which we are trying to capture the token claims however, the object is not updated with the data.
Can someone please guide us in this issue?
Thanks,
Shantanu

Data Integration
Moderation Team has archived post, This thread is closed to future replies. Content and links will no longer be updated. If you have the same/similar Question, please write a new Question.