Hello,
We are facing an error in the deploy of ID Authentication, in kubernetes.
Could not resolve placeholder ‘softhsm.ida.pin’ in value "${softhsm.ida.pin}"\n\tat org.springframework.beans.factory.annotation.AutowiredAnnotationBeanPostProcessor.postProcessPropertyValues(AutowiredAnnotationBeanPostProcessor.java:379)\n\tat org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.populateBean(AbstractAutowireCapableBeanFactory.java:1348)\n\tat org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.doCreateBean(AbstractAutowireCapableBeanFactory.java:578)\n\tat org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(AbstractAutowireCapableBeanFactory.java:501)\n\tat org.springframework.beans.factory.support.AbstractBeanFactory.lambda$doGetBean$0(AbstractBeanFactory.java:317)\n\tat org.springframework.beans.factory.support.DefaultSingletonBeanRegistry.getSingleton(DefaultSingletonBeanRegistry.java:228)\n\tat org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:315)\n\tat org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:199)\n\tat org.springframework.beans.factory.config.DependencyDescriptor.resolveCandidate(DependencyDescriptor.java:251)\n\tat org.springframework.beans.factory.support.DefaultListableBeanFactory.doResolveDependency(DefaultListableBeanFactory.java:1138)\n\tat org.springframework.beans.factory.support.DefaultListableBeanFactory.resolveDependency(DefaultListableBeanFactory.java:1065)\n\tat org.springframework.beans.factory.annotation.AutowiredAnnotationBeanPostProcessor$AutowiredFieldElement.
With reference to the latest inputs provided, in order to further investigate the issue, kindly verify the operational status of the config-server. Additionally, please ensure the existence of the environmental variable SPRING_CLOUD_CONFIG_SERVER_OVERRIDES_SOFTHSM_IDA_PIN within the deployment of the config-server in the namespace of the config-server.
IDR-IDC-004 → Unknown error occurred; \nnested exception is io.mosip.kernel.auth.defaultadapter.exception.AuthAdapterException: Self cached auth token is null\n\t… 61 common frames omitted\nCaused by: io.mosip.kernel.auth.defaultadapter.exception.AuthAdapterException: Self cached auth token is null\n\tat io.mosip.kernel.auth.defaultadapter.config.SelfTokenExchangeFilterFunction.filter(SelfTokenExchangeFilterFunction.java:71)\n\tat org.springframework.web.reactive.function.client.ExchangeFilterFunction.lambda$andThen$1(ExchangeFilterFunction.java:56)\n\tat org.springframework.web.reactive.function.client.ExchangeFilterFunction.lambda$apply$2(ExchangeFilterFunction.java:67)\n\tat org.springframework.web.reactive.function.client.DefaultWebClient$DefaultRequestBodyUriSpec.exchange(DefaultWebClient.java:317)\n\tat org.springframework.web.reactive.function.client.DefaultWebClient$DefaultRequestBodyUriSpec.retrieve(DefaultWebClient.java:364)\n\tat io.mosip.idrepository.core.helper.RestHelper.request(RestHelper.java:211)\n\tat io.mosip.idrepository.core.helper.RestHelper.requestSync(RestHelper.java:119)\n\t… 60 common frames omitted\n",“appName”:“id-authentication,id-authentication-external”}
{“@timestamp”:“2023-04-19T12:08:57.045Z”,“@version”:“1”,“message”:“Error connecting to OIDC service (WebClient) Problem in connecting to auth service or UNKNOWN Error.”,“logger_name”:“io.mosip.kernel.auth.defaultadapter.helper.TokenHelper”,“thread_name”:“main”,“level”:“ERROR”,“level_value”:40000,“appName”:“id-authentication,id-authentication-external”}
{“@timestamp”:“2023-04-19T12:08:57.045Z”,“@version”:“1”,“message”:“there is some issue with getting token with clienid and secret”,“logger_name”:“io.mosip.kernel.auth.defaultadapter.config.SelfTokenExchangeFilterFunction”,“thread_name”:“main”,“level”:“ERROR”,“level_value”:40000,“appName”:“id-authentication,id-authentication-external”}
To obtain the complete logs of the IDA authentication and IDA OTP service, you can use the following command:
kubectl -n <namespace> logs <pod-name> --previous
Please replace <namespace> and <pod-name> with the appropriate values for your setup.
Based on the exception you provided, it seems that there is an issue with connecting to the OIDC authentication service. To investigate this further, I will need the configuration properties files for the OIDC, kernel, and IDA modules. Additionally, please provide information on which version of OIDC you have deployed.
Please provide the requested information so that I can assist you further.
Hello @syed.salman,
What do you mean exactly by the configuration properties files for the OIDC, kernel, and IDA modules?
If you need configmaps and secret, from which namespace do you need them?
if you need files properties from config-server module, what files do you need them?
@slimab we face OIDC related issues as mentioned in IDA logs
due to connection issue to keycloak
due to wrong client ID / secret for the mpartner-default-auth in IDA config. Due to above reasons IDA might be not be able to create token and validate the same.
Resolution:
check the keycloak connectivity issue and fix.
In case keycloak init was done after config server deployment due to any reason, redeploy config server after deleting so that it gets correct secret and passes the same to IDA. Please do restart the IDA failing services once config server is redeployed.