Hi Awasum, Thanks for your response. Since my original email I have done some more investigation and found the source of the issue, at least in my case. The error in my original email (invalid system token) was appearing when using this docker setup: https://github.com/openMF/fineract-cn-containers . I also found a more recent version of this setup which uses a different module to generate the RSA keypair: https://github.com/Anh3h/fineract-cn-containers/tree/develop . Unfortunately this version didn't work either.
I investigated the source of the error and found that it occured when assigning the identity service to a tenant through the provisioner. During this process the provisioner calls the /initialize endpoint of identity, which is authenticated by a system key (issued by provisioner). The issue was identity wouldn't accept this key. The key was not accepted because the docker image for the provisioner used in fineract-cn-containers, anh3h/fineract-cn-provisioner, is a modified version of provisioner that generates it's own RSA keypair, instead of using the one provided by environment vairables. The differing keys caused identity to not accept the system token created by provisioner. I'm not sure exaclty why this image was used. I built a new image which runs the latest provisioner from artifactory, and the provisioning process was able to continue. There are a few more issues with the provisioning script in fineract-cn-containers, which I was able to fix. I am currently in the process of creating a new docker-compose configuration, which I might be able to share if anyone is interested. As for the demo server, I didn't investigate the issue I was having with it much further, I find a docker configuration much easier to run, particularly when I can't run the demo server locally anyway since my computer lacks the resources to do so. If anyone has any questions about this let me know, I spent almost a week trying to get this to work so I'd like to make sure nobody else has to repeat my work. Michael. On Fri, Jul 19, 2019 at 9:42 PM Awasum Yannick <awa...@apache.org> wrote: > > > On Mon, Jul 15, 2019 at 11:58 PM Michael E. <michael.elg...@gmail.com> > wrote: > >> Hello, >> >> Over the past few days I've been trying to setup a Fineract-CN instance I >> can test with. Since my machine doesn't have enough RAM I tried deploying >> in Google Cloud Compute. >> >> Initially I followed this tutorial: >> >> https://cwiki.apache.org/confluence/display/FINERACT/How+To+Build+Apache+Fineract+CN >> >> >> I got through everything and got demo-server working, but only in >> lite-mode. Since I wanted to try out the rest of the services I tried >> running the full version. After making sure I had enough RAM I tried the >> full version and kept running into failures during provisioning. I think I >> have it narrowed down to this error: >> > > Can you provide your full logs. > >> >> 12:19:29.115 [qtp1825419935-15] INFO o.a.f.c.l.c.ServiceExceptionFilter >> - Responding with a service error ServiceError{code=409, message='The given >> identity instance didnt recognize the system token as valid. Perhaps the >> system keys for the provisioner or for the identity manager are >> misconfigured?'} >> 12:20:29.192 [qtp1825419935-16] WARN provisioner-logger - The given >> identity instance didn't recognize the system token as valid. >> org.apache.fineract.cn.api.util.InvalidTokenException: >> {"timestamp":1563193229188,"status":403,"error":"Forbidden","message":"Access >> Denied","path":"/identity/v1/initialize"} >> > > Is everyone facing this error? I dont know whats goint wrong here? let me > run and see whats the problem.... > >> >> Since I couldn't figure out how to fix it, I decided to try running using >> this docker-compose setup: >> https://github.com/openMF/fineract-cn-containers >> >> Unfortunately, during provisioning the exact same failure occurs. I tried >> provisioning using the supplied script and manually sending the requests >> via postman with a configuration I found here: >> https://github.com/senacor/fineract-setup/tree/master/scripts/postman >> >> As far as I can tell, the error occurs when assigning an identity service >> to the new tenant, but I may be wrong as I just got into this project and >> don't really understand the provisioning process. >> >> I did find two previous threads discussing this issue but none of them >> seem to reach a solution: >> >> https://lists.apache.org/thread.html/c89909c56c4b8e500a6802d0601b0dd0f868a64a73e609c7071d3812@%3Cdev.fineract.apache.org%3E >> >> >> https://lists.apache.org/thread.html/c726cd1161e61096c65bc51a5afd5db18f1b4e60c6dcc3e8b2fb9c3a@%3Cdev.fineract.apache.org%3E >> >> >> Any help would be greatly appreciated. >> Michael. >> > -- מיכאל אלגאוי michael elgavi <michael.elg...@gmail.com>
