Skip to main content

Qlik

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Announcements
Happy New Year! Cheers to another year of collaboration, connections and success.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
gianlucasaturno
Partner - Contributor
Partner - Contributor
‎2024-11-12 08:34 AM

OpenID Connect invalid_grant, MSIS9615 Exception on QEM API

Hello

We have configured our Enterprise Manager to login with SAML and authenticate API calls through personal access token via OpenID Connect, our idp is ADFS and everything works as expected except the token seems to expire after 8 hours, although we left the default configuration of 180 days.

8 hours after PAT generation from the Web console when we call the  https://{host}/attunityenterprisemanager/api/v1/login API passing the api-token we receive the following error:

--------------------------------------------------------------------------------------------------------------------------------------------------

System.AggregateException: One or more errors occurred. ---> System.Exception: invalid_grant, MSIS9615: The refresh token received in 'refresh_token' parameter has expired.

   at Attunity.Infrastructure.Globals.Authentication.OpenIdAuthManager.B.MoveNext()

   --- End of inner exception stack trace ---

   at System.Threading.Tasks.Task`1.GetResultCore(Boolean waitCompletionNotification)

   at Attunity.Infrastructure.HostManager.HostDispatcher.A(String , AuthUserRoleType& )

   at Attunity.Infrastructure.HostManager.HostDispatcher.ApiLoginInternal(Stream input, String& username, AuthUserRoleType& userRole, Boolean& receivedAuthenticationInfo)

   at Attunity.Infrastructure.HostManager.HostDispatcher.ApiLogin(Stream input)

---> (Inner Exception #0) System.Exception: invalid_grant, MSIS9615: The refresh token received in 'refresh_token' parameter has expired.

   at Attunity.Infrastructure.Globals.Authentication.OpenIdAuthManager.B.MoveNext()

--------------------------------------------------------------------------------------------------------------------------------------------------

My understanding is that the refresh_token should never expire since there is the default open_id_refresh_token_lifetime "0". Also how can I configure --open_id_refresh_token_lifetime to be less than 8hrs to see if I can force the token to be refreshed before it expires on adfs (there is an 8hrs limit there)aemctl.exe configuration set --open_id_refresh_token_lifetime only accepts a "number of days" value.

 

Here is our OpenID Connect Configuration as it appears on aemctl configuration show:

OpenID Connect Parameters:

--open_id_authority "https://adfs.companyname.com/adfs"
--open_id_client_id "89df8ec6-ff42-44f7-ae0d-6ef5335c24d0"
--open_id_base_scopes "openid offline_access profile"
--open_id_additional_scopes ""
--open_id_trusted_url_prefixes ""
--open_id_issuer ""
--open_id_claims_source "IdentityToken"
--api_token_daily_maintenance_time "00:00"
--api_token_lifetime "180"
--open_id_refresh_token_lifetime "0"
--open_id_user_name_field "preferred_username"
--open_id_display_name_field "name"
--open_id_group_field "groups"

 

Any input would be much appriciated. Thanks in advance

Gianluca

Labels (2)
Labels
174 Views
1 Reply
sureshkumar
Support
Support
‎2024-11-15 09:46 AM

Hello @gianlucasaturno 

Please open a support ticket with us to analyze further.

 

Regards,
Suresh

88 Views