000023549 - Calling getTokenValues() from the ClearTrust Runtime API

Document created by RSA Customer Support Employee on Jun 14, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000023549
Applies ToClearTrust Authorization Server 5.5.3
Access Manager Authorozation Server 6.x
IssueCalling getTokenValues() from the ClearTrust Runtime API
Seeing "Token decryption failed" errors in the aserver.log
Intermittent token decryption failure.
Cause

If a call is made to getTokenValues() where the token is URL-encoded, as in this excerpt from the aserver debug:

16:35:05:686 [*] [MUXWORKER-4] - TokenManager.getTokenValues(AAAAAgABAEAk0rJXYIGe0MyyR4%2F%2FtolZJZxhrkpJhndCaJZ%2FbOUOgIK7coVIenckJirYvcXp7dFbETqVZD%2BafEaYX63wbarJ )

this will result in a token decryption failure as the getTokenValues method excpects a non-URL encoded version of the token.

ResolutionEnsure that all calls to the Runtime API and getTokenValues in particular pass the non URL-encoded, base-64 token.  By the time the token reaches the authorization server, this is the format it should normally be in.
Legacy Article IDa34416

Attachments

    Outcomes