Hi Kamidu, Please note this issue at [1]. I think the problem is due to this issue. This has been fixed at [2]. You can apply the patch or get IS 5.1.0. This is fixed in IS 5.1.0. Hope it helps.
[1] https://wso2.org/jira/browse/IDENTITY-3009 [2] https://github.com/wso2/carbon-identity/pull/1388 On Thu, Dec 17, 2015 at 8:49 PM, Kamidu Punchihewa <[email protected]> wrote: > Hi IS Team. > > The above error occurs in the 1st token expiration time also,with on > device calling a singleton token refreshing call to IS. > This happens when EMM android agent try to acquire a new set of token on > the access token expiry using the refresh token grant. > > This Issue Started after the IS version bump from 5.0.3-SNAPSHOT to 5.0.3. > > Code Snippet which initiate communication with IS is given below. > > > > > > > > > *var xMLHttpRequest = new XMLHttpRequest();var tokenEndpoint = > mdmProps.idPServer + "/oauth2/token";xMLHttpRequest.open("POST", > tokenEndpoint, false);xMLHttpRequest.setRequestHeader("Content-Type", > "application/x-www-form-urlencoded");xMLHttpRequest.setRequestHeader("Authorization", > "Basic " + clientData);var url = "grant_type=refresh_token&refresh_token=" > + tokenPair.refreshToken;if (scope) {* > > *url = url + "&scope=" + scope* > > > > *}xMLHttpRequest.send(url);* > > Thanks & Best Regards. > > Kamidu Sachith Punchihewa > *Software Engineer* > WSO2, Inc. > lean . enterprise . middleware > Mobile : +94 (0) 770566749 <%2B94%20%280%29%20773%20451194> > > > Disclaimer: This communication may contain privileged or other > confidential information and is intended exclusively for the addressee/s. > If you are not the intended recipient/s, or believe that you may have > received this communication in error, please reply to the sender indicating > that fact and delete the copy you received and in addition, you should not > print, copy, retransmit, disseminate, or otherwise use the information > contained in this communication. Internet communications cannot be > guaranteed to be timely, secure, error or virus-free. The sender does not > accept liability for any errors or omissions. > > On Wed, Dec 16, 2015 at 3:15 PM, Kamidu Punchihewa <[email protected]> > wrote: > >> Hi Johann/IS Team, >> >> As per the discussion i had offline earlier above exception occurred >> under heavy loads. >> >> The above exception occurred without any high loads in the system. >> When one devices logged in for some time, without any concurrent calls to >> IS, this exception is given to the device. >> Any idea why this happens with one device acting alone. >> >> Thanks and Regards. >> >> Kamidu Sachith Punchihewa >> *Software Engineer* >> WSO2, Inc. >> lean . enterprise . middleware >> Mobile : +94 (0) 770566749 <%2B94%20%280%29%20773%20451194> >> >> >> Disclaimer: This communication may contain privileged or other >> confidential information and is intended exclusively for the addressee/s. >> If you are not the intended recipient/s, or believe that you may have >> received this communication in error, please reply to the sender indicating >> that fact and delete the copy you received and in addition, you should not >> print, copy, retransmit, disseminate, or otherwise use the information >> contained in this communication. Internet communications cannot be >> guaranteed to be timely, secure, error or virus-free. The sender does not >> accept liability for any errors or omissions. >> >> On Wed, Dec 16, 2015 at 12:13 PM, Kamidu Punchihewa <[email protected]> >> wrote: >> >>> Hi IS team, >>> >>> >>> I am getting a "Unique index or primary key violation" exception when >>> trying to refresh the access token with the refresh token grant type. The >>> error log is given below. >>> >>> As per the discussion I had offline with Johann, this seems to be a >>> known issue which could occur when tested with a high load of concurrent >>> calls. But in my case it was only just 4 connections attempting to refresh >>> tokens concurrently. >>> Even though the exception is thrown, a new token pair can be generated >>> by sending another few calls. >>> >>> The issue is the exception which is visible in the log.In a production >>> environment, since this exception is thrown in the IS back-end, it would be >>> a bit odd to the user to see an exception in the EMM console. >>> >>> WDUT? >>> >>> >>> Error Log : >>> >>> [2015-11-26 11:27:42,093] ERROR >>>> {org.wso2.carbon.webapp.authenticator.framework.WebappAuthenticationValve} >>>> - Access token has expired , API : >>>> /mdm-android-agent/operation/device-info >>>> [2015-11-26 11:27:42,190] ERROR >>>> {org.wso2.carbon.webapp.authenticator.framework.WebappAuthenticationValve} >>>> - Access token has expired , API : /mdm-admin/notifications/NEW >>>> [2015-11-26 11:27:42,299] ERROR >>>> {org.wso2.carbon.identity.oauth2.OAuth2Service} - Error occurred while >>>> issuing the access token for Client ID : CJo5Izhh4aziaMV1gAKN8fovcpka, User >>>> ID null, Scope : [] and Grant Type : refresh_token >>>> org.wso2.carbon.identity.oauth2.IdentityOAuth2Exception: Error when >>>> storing the access token for consumer key : CJo5Izhh4aziaMV1gAKN8fovcpka >>>> at >>>> org.wso2.carbon.identity.oauth2.dao.TokenMgtDAO.storeAccessToken(TokenMgtDAO.java:245) >>>> at >>>> org.wso2.carbon.identity.oauth2.dao.TokenMgtDAO.invalidateAndCreateNewToken(TokenMgtDAO.java:1103) >>>> at >>>> org.wso2.carbon.identity.oauth2.token.handlers.grant.RefreshGrantHandler.issue(RefreshGrantHandler.java:246) >>>> at >>>> org.wso2.carbon.identity.oauth2.token.AccessTokenIssuer.issue(AccessTokenIssuer.java:186) >>>> at >>>> org.wso2.carbon.identity.oauth2.OAuth2Service.issueAccessToken(OAuth2Service.java:196) >>>> at >>>> org.wso2.carbon.identity.oauth.endpoint.token.OAuth2TokenEndpoint.getAccessToken(OAuth2TokenEndpoint.java:273) >>>> at >>>> org.wso2.carbon.identity.oauth.endpoint.token.OAuth2TokenEndpoint.issueAccessToken(OAuth2TokenEndpoint.java:115) >>>> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) >>>> at >>>> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57) >>>> at >>>> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) >>>> at java.lang.reflect.Method.invoke(Method.java:606) >>>> at >>>> org.apache.cxf.service.invoker.AbstractInvoker.performInvocation(AbstractInvoker.java:188) >>>> at >>>> org.apache.cxf.service.invoker.AbstractInvoker.invoke(AbstractInvoker.java:104) >>>> at org.apache.cxf.jaxrs.JAXRSInvoker.invoke(JAXRSInvoker.java:204) >>>> at org.apache.cxf.jaxrs.JAXRSInvoker.invoke(JAXRSInvoker.java:101) >>>> at >>>> org.apache.cxf.interceptor.ServiceInvokerInterceptor$1.run(ServiceInvokerInterceptor.java:58) >>>> at >>>> org.apache.cxf.interceptor.ServiceInvokerInterceptor.handleMessage(ServiceInvokerInterceptor.java:94) >>>> at >>>> org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:272) >>>> at >>>> org.apache.cxf.transport.ChainInitiationObserver.onMessage(ChainInitiationObserver.java:121) >>>> at >>>> org.apache.cxf.transport.http.AbstractHTTPDestination.invoke(AbstractHTTPDestination.java:249) >>>> at >>>> org.apache.cxf.transport.servlet.ServletController.invokeDestination(ServletController.java:248) >>>> at >>>> org.apache.cxf.transport.servlet.ServletController.invoke(ServletController.java:222) >>>> at >>>> org.apache.cxf.transport.servlet.ServletController.invoke(ServletController.java:153) >>>> at >>>> org.apache.cxf.transport.servlet.CXFNonSpringServlet.invoke(CXFNonSpringServlet.java:171) >>>> at >>>> org.apache.cxf.transport.servlet.AbstractHTTPServlet.handleRequest(AbstractHTTPServlet.java:289) >>>> at >>>> org.apache.cxf.transport.servlet.AbstractHTTPServlet.doPost(AbstractHTTPServlet.java:209) >>>> at javax.servlet.http.HttpServlet.service(HttpServlet.java:646) >>>> at >>>> org.apache.cxf.transport.servlet.AbstractHTTPServlet.service(AbstractHTTPServlet.java:265) >>>> at >>>> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:303) >>>> at >>>> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208) >>>> at >>>> org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52) >>>> at >>>> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241) >>>> at >>>> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208) >>>> at >>>> org.wso2.carbon.ui.filters.CRLFPreventionFilter.doFilter(CRLFPreventionFilter.java:59) >>>> at >>>> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241) >>>> at >>>> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208) >>>> at >>>> org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:220) >>>> at >>>> org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:122) >>>> at >>>> org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:504) >>>> at >>>> org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:170) >>>> at >>>> org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:103) >>>> at >>>> org.wso2.carbon.tomcat.ext.valves.CompositeValve.continueInvocation(CompositeValve.java:99) >>>> at >>>> org.wso2.carbon.tomcat.ext.valves.CarbonTomcatValve$1.invoke(CarbonTomcatValve.java:47) >>>> at >>>> org.wso2.carbon.webapp.mgt.TenantLazyLoaderValve.invoke(TenantLazyLoaderValve.java:57) >>>> at >>>> org.wso2.carbon.webapp.authenticator.framework.WebappAuthenticationValve.invoke(WebappAuthenticationValve.java:43) >>>> at >>>> org.wso2.carbon.tomcat.ext.valves.TomcatValveContainer.invokeValves(TomcatValveContainer.java:47) >>>> at >>>> org.wso2.carbon.tomcat.ext.valves.CompositeValve.invoke(CompositeValve.java:62) >>>> at >>>> org.wso2.carbon.tomcat.ext.valves.CarbonStuckThreadDetectionValve.invoke(CarbonStuckThreadDetectionValve.java:159) >>>> at >>>> org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:950) >>>> at >>>> org.wso2.carbon.tomcat.ext.valves.CarbonContextCreatorValve.invoke(CarbonContextCreatorValve.java:57) >>>> at >>>> org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:116) >>>> at >>>> org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:421) >>>> at >>>> org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1074) >>>> at >>>> org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:611) >>>> at >>>> org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1739) >>>> at >>>> org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.run(NioEndpoint.java:1698) >>>> at >>>> java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145) >>>> at >>>> java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615) >>>> at >>>> org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61) >>>> at java.lang.Thread.run(Thread.java:745) >>>> Caused by: org.h2.jdbc.JdbcSQLException: Unique index or primary key >>>> violation: "CON_APP_KEY_INDEX_F ON >>>> PUBLIC.IDN_OAUTH2_ACCESS_TOKEN(CONSUMER_KEY_ID, AUTHZ_USER, TENANT_ID, >>>> USER_DOMAIN, USER_TYPE, TOKEN_SCOPE_HASH, TOKEN_STATE, TOKEN_STATE_ID)"; >>>> SQL statement: >>>> INSERT INTO IDN_OAUTH2_ACCESS_TOKEN (ACCESS_TOKEN, REFRESH_TOKEN, >>>> CONSUMER_KEY_ID, AUTHZ_USER, TENANT_ID, USER_DOMAIN, TIME_CREATED, >>>> REFRESH_TOKEN_TIME_CREATED, VALIDITY_PERIOD, REFRESH_TOKEN_VALIDITY_PERIOD, >>>> TOKEN_SCOPE_HASH, TOKEN_STATE, USER_TYPE, TOKEN_ID, GRANT_TYPE) SELECT >>>> ?,?,ID,?,?,?,?,?,?,?,?,?,?,?,? FROM IDN_OAUTH_CONSUMER_APPS WHERE >>>> CONSUMER_KEY=? [23001-140] >>>> at org.h2.message.DbException.getJdbcSQLException(DbException.java:327) >>>> at org.h2.message.DbException.get(DbException.java:167) >>>> at org.h2.message.DbException.get(DbException.java:144) >>>> at org.h2.index.BaseIndex.getDuplicateKeyException(BaseIndex.java:157) >>>> at org.h2.index.PageBtree.find(PageBtree.java:121) >>>> at org.h2.index.PageBtreeLeaf.addRow(PageBtreeLeaf.java:138) >>>> at org.h2.index.PageBtreeLeaf.addRowTry(PageBtreeLeaf.java:93) >>>> at org.h2.index.PageBtreeIndex.addRow(PageBtreeIndex.java:90) >>>> at org.h2.index.PageBtreeIndex.add(PageBtreeIndex.java:81) >>>> at org.h2.table.RegularTable.addRow(RegularTable.java:116) >>>> at org.h2.command.dml.Insert.insertRows(Insert.java:148) >>>> at org.h2.command.dml.Insert.update(Insert.java:82) >>>> at org.h2.command.CommandContainer.update(CommandContainer.java:70) >>>> at org.h2.command.Command.executeUpdate(Command.java:199) >>>> at >>>> org.h2.jdbc.JdbcPreparedStatement.execute(JdbcPreparedStatement.java:179) >>>> at >>>> org.wso2.carbon.identity.oauth2.dao.TokenMgtDAO.storeAccessToken(TokenMgtDAO.java:223) >>>> ... 59 more >>> >>> >>> >>> Thanks and Regards, >>> >>> Kamidu Sachith Punchihewa >>> *Software Engineer* >>> WSO2, Inc. >>> lean . enterprise . middleware >>> Mobile : +94 (0) 770566749 <%2B94%20%280%29%20773%20451194> >>> >>> >>> Disclaimer: This communication may contain privileged or other >>> confidential information and is intended exclusively for the addressee/s. >>> If you are not the intended recipient/s, or believe that you may have >>> received this communication in error, please reply to the sender indicating >>> that fact and delete the copy you received and in addition, you should not >>> print, copy, retransmit, disseminate, or otherwise use the information >>> contained in this communication. Internet communications cannot be >>> guaranteed to be timely, secure, error or virus-free. The sender does not >>> accept liability for any errors or omissions. >>> >> >> > > _______________________________________________ > Dev mailing list > [email protected] > http://wso2.org/cgi-bin/mailman/listinfo/dev > > -- Hareendra Chamara Philips *Software Engineer* Mobile : +94 (0) 767 184161 <%2B94%20%280%29%20773%20451194> [email protected] <[email protected]>
_______________________________________________ Dev mailing list [email protected] http://wso2.org/cgi-bin/mailman/listinfo/dev
