Skip to main content

This content is closed to future replies and is no longer being maintained or updated.
Links may no longer function. If you have a similar request, please write a new post.

Question

 NAVAKANTH MANNEM (NAVAKANTHM)
Virtusa
NAVAKANTH MANNEM
Virtusa
AU
NAVAKANTHM Member since 2015 10 posts
Virtusa
Posted: May 7, 2023
Last activity: Aug 17, 2023
Posted: 7 May 2023 17:05 EDT
Last activity: 17 Aug 2023 13:28 EDT
Closed

JWT Processing using Keystore Reference a URL Issue

Hi All,

I am trying to validating a JWT using keystore location (reference a URL) in one of our Pega Instance (INS-1). I have provided the JWK endpoint, which is our generation token profile in other Pega Instance (INS-2). when i tried to save the keystore in INS-1. First time there is no error, i am able to successfully validate the JWT. But when I upload a new JKS file in INS-2 keystore and update the alias name in token profile. and try to use the newly generated JWT in the request, i am getting below error. PFA of keystore error image.

Keystore source URL— Failed to get JWK Keys.

Error in Logs:

Show More

Hi All,

I am trying to validating a JWT using keystore location (reference a URL) in one of our Pega Instance (INS-1). I have provided the JWK endpoint, which is our generation token profile in other Pega Instance (INS-2). when i tried to save the keystore in INS-1. First time there is no error, i am able to successfully validate the JWT. But when I upload a new JKS file in INS-2 keystore and update the alias name in token profile. and try to use the newly generated JWT in the request, i am getting below error. PFA of keystore error image.

Keystore source URL— Failed to get JWK Keys.

Error in Logs:

Unable to process the Json Web Token 
com.pega.pegarules.pub.PRRuntimeException: Failed to get JWKSet keys 
	at com.pega.pegarules.integration.engine.internal.util.KeyStoreUtilsImpl.getJWKKeyStore(KeyStoreUtilsImpl.java:914) ~[printegrint.jar:?] 
	at com.pega.pegarules.session.internal.authorization.KeyStoreCacheImpl.loadKeyStoretoCache(KeyStoreCacheImpl.java:280) ~[prprivate-session.jar:?] 
	at com.pega.pegarules.session.internal.authorization.KeyStoreCacheImpl.loadKeyStoreIfKeyStoreNotCachedYet(KeyStoreCacheImpl.java:445) ~[prprivate-session.jar:?] 
	at com.pega.pegarules.integration.engine.internal.util.KeyStoreUtilsImpl.getKeystoreData(KeyStoreUtilsImpl.java:823) ~[printegrint.jar:?] 
	at com.pega.pegarules.integration.engine.internal.security.jwt.JWTProcessingTransformer.constructSignatureBean(JWTProcessingTransformer.java:112) ~[printegrint.jar:?] 

 

Failed to get JWKSet keys : Source is Reference to URL 
java.io.IOException: Server returned HTTP response code: 500 for URL: https://XYZZZZZZZZZZ/prweb/PRRestService/keys/v1/jwt/pega_api_test 
	at sun.net.www.protocol.http.HttpURLConnection.getInputStream0(HttpURLConnection.java:1902) ~[?:1.8.0_362] 
	at sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:1500) ~[?:1.8.0_362] 
	at sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream(HttpsURLConnectionImpl.java:268) ~[?:1.8.0_362] 
	at com.pega.pegarules.integration.engine.internal.util.KeyStoreUtilsImpl.getJWKKeyStore(KeyStoreUtilsImpl.java:902) ~[printegrint.jar:?] 
	at com.pega.pegarules.session.internal.authorization.KeyStoreCacheImpl.loadKeyStoretoCache(KeyStoreCacheImpl.java:280) ~[prprivate-session.jar:?] 
	at com.pega.pegarules.session.internal.authorization.KeyStoreCacheImpl.loadKeyStoreIfKeyStoreNotCachedYet(KeyStoreCacheImpl.java:445) ~[prprivate-session.jar:?] 
	at com.pega.pegarules.integration.engine.internal.util.KeyStoreUtilsImpl.getKeystoreData(KeyStoreUtilsImpl.java:823) ~[printegrint.jar:?] 

Can someone please help me with this issue.

Show Less
***Edited by Moderator: Pooja Gadige to add capability tag***
To see attachments, please log in.
Pega Platform 8.5.2
Data Integration
Security
Financial Services
Senior System Architect

Posted: 1 year ago
Posted: 17 Aug 2023 13:28 EDT
Marije Schillern (MarijeSchillern)
MOD
Senior Knowledge Management Specialist
Pegasystems Inc.
GB

@NAVAKANTHM It seems that the issue is related to the keystore not being updated properly when you upload a new JKS file in INS-2 and update the alias name in the token profile. To resolve this issue, you can try the following steps: Ensure that the new JKS file is uploaded correctly in INS-2 and the alias name is updated in the token profile. In INS-1, open the keystore configuration and verify that the keystore URL is correct and accessible.

Check the refresh strategy for the keystore in INS-1. If it is set to "Cache keystore," consider changing it to "Reload once per interaction" to disable caching and force the keystore to reload each time. This can help ensure that the updated keystore is used for JWT validation. Save the keystore configuration in INS-1 and test the JWT validation again.

If the issue persists, you may need to investigate further by checking the logs for any additional error messages or issues related to the keystore configuration and JWT validation.

As a Support Center moderator, I reviewed the answer and references for accuracy

Configuring a keystore by using a URL reference

"Unable to execute OIDC flow: Cautht exception while parsing that id token" is th

 

To see attachments, please log in.

We'd prefer it if you saw us at our best.

Pega Collaboration Center has detected you are using a browser which may prevent you from experiencing the site as intended. To improve your experience, please update your browser.

Close Deprecation Notice