[Progress Communities] [Progress OpenEdge ABL] Forum Post: Error message: client-principal validation failed in Session because - The client-principal

  • Thread starter Thread starter wvdgraaf
  • Start date Start date
Status
Not open for further replies.
W

wvdgraaf

Guest
Next try for the same question in another group.... OpenEdge PASOE version 11.7.4 I try to follow the steps in the https://community.progress.com/community_groups/openedge_development/m/documents/3396/download document. But whenever I try to issue the command: hCP = session:current-request-info:GetClientPrincipal(). I get the error message: client-principal validation failed in Session because - The client-principal was corrupt (16385) oeablSecurity.properties contents: ## login model client.login.model=oauth2 ## The clear-text key value is 'JWTkey'. The encrypted value is generated using 'genpassword' OEClientPrincipalFilter.domain=JWTdomain OEClientPrincipalFilter.key=oech1::1a051b0c373c OEClientPrincipalFilter.registryFile=oauth2reg.bin ## JWT token handler properties for jwtAuthFilter & oauth2.resSvc.. jwtToken.signatureAlg=HS256 jwtToken.macKey=oeph0::76E5F6C162276768465F02E4D2D1DDCD jwtToken.keystore.type=mac ## OAuth2 Resource server configuration oauth2.resSvc.audience=pasoe.openedge.progress-users.com oauth2.resSvc.tokenServices=jwt The token is generated using website JWT.IO eyJhbGciOiJIUzI1NiJ9.eyJzdWIiOiI3OTY1YmJhNC1iNjVkLTQyMTItYWRjNy02YmQyN2VmZjE4MGUiLCJ0b2tlbl91c2UiOiJhY2Nlc3MiLCJzY29wZSI6IlBTQ1VzZXIiLCJpc3MiOiJodHRwczovL25vZGVqc0pXVCIsImNsaWVudF9pZCI6IjEyMzQ1Njc4OSIsImlhdCI6MTUwOTIxMDIyOSwiZXhwIjoyNzA5MjEwMjU5LCJqdGkiOiI1aGwwdHo1NTQwZzg0Z2djc2trZ29zY28wMDBjY3MiLCJhdWQiOiJvcGVuZWRnZS5zYW1wbGUifQ.2CjfUEjOJ3cZq5QjXWLBXLnlKhgHsuhRBOzYG1gtZiw signed as in the example with "password" which is also configured in jwtToken.macKey Changing anything in the token will result in error messages that the token cannot be converted to json, so I conclude that Progress is able to convert the token to a json string. But still as soon as I try to acces GetClientPrincipal(). I get the message that the client-principal was corrupt. So I'm still not able to use oauth2/jwt authorization in our application, which is a requirement! The front-end makes use of a SSO authorization server that provides me with a token. When I 'm not able to use that token, our application will be seen as insecure and not accepted by the product-owner.

Continue reading...
 
Status
Not open for further replies.
Back
Top