Article - CS368546
Access tokens randomly fail validation in PingFederate
Modified: 03-May-2022
Applies To
- Windchill Navigate (formerly ThingWorx Navigate) 8.5.0 F000 to 9.3 9.3.0
Description
- Access tokens randomly fail validation in PingFederate
- PingFederate is configured for multiple environments
- Each environment has its own set of Access Token Managers
- Users are successfully issued an access token
- Token validation fails with this error in the PingFederate audit.log:
2022-04-18 11:12:31,028| tid:1kImlGd6SdvqJv-qn32YmtTGwZZ| OAuth| | 127.0.0.1 | | WindchillOauthPROD| OAuth20| pingfed-pf1| AS| failure| | invalid_grant: token not found, expired or invalid| 1
- Corresponding entries in the PingFederate server.log:
2022-04-18 11:12:31,028 tid:1kImlGd6SdvqJv-qn32YmtTGwZZ DEBUG [org.sourceid.oauth20.handlers.TokenManagerSelector] Adding to list the client's default access token manager ‘tokenmgr2’ 2022-04-18 11:12:31,028 tid:1kImlGd6SdvqJv-qn32YmtTGwZZ DEBUG [org.sourceid.oauth20.handlers.TokenManagerSelector] Adding to list the global default access token manager: tokenmgr1 2022-04-18 11:12:31,028 tid:1kImlGd6SdvqJv-qn32YmtTGwZZ DEBUG [org.sourceid.oauth20.handlers.TokenManagerSelector] List of token manager ids considered to use for access token, when aud/access_token_manager_id/openidScope not present: tokenmgr2; 2022-04-18 11:12:31,028 tid:1kImlGd6SdvqJv-qn32YmtTGwZZ DEBUG [org.sourceid.oauth20.handlers.TokenEndpointRequestHandler] Handling normal exception condition in token endpoint: org.sourceid.oauth20.handlers.AccessTokenRequestException: invalid_grant: token not found, expired or invalid
This is a printer-friendly version of Article 368546 and may be out of date. For the latest version click CS368546