Include user name in CWWKS1773E error message TS003412433 #11927
Assignees
Labels
bug
This bug is not present in a released version of Open Liberty
release bug
This bug is present in a released version of Open Liberty
release:20006
serviceability
Label used to track serviceability related issues
team:Security SSO
Milestone
Comments
barbj
added
bug
barbj
changed the title
ayoho
added a commit
to ayoho/open-liberty
that referenced
this issue
Apr 30, 2020
Adds the `sub` claim into this NLS message. Resolves OpenLiberty#11927
ayoho
modified the milestones:
[Iteration 20.9] April 20 - May 1,
[Iteration 20.10] May 4 - May 15
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
When the OpenID Connect runtime receives a JWT that is expires, an error similar to the following is be emitted:
WWKS1737E: The OpenID Connect client [client123] failed to validate the JSON Web Token. The cause of the error was: [CWWKS1773E: Validation failed for the token requested by [client123] because the token is outside of its valid range. This might have been caused by either the current time [2020-04-23T11:22:10.733Z] being after the token expiration time [2020-04-22T17:37:26.000Z] or the issue time [2020-01-01T00:00:00.000Z] being too far away from the current time [2020-04-23T11:22:10.733Z].]
It would be helpful to include the username associated with the JWT so that the administrator can more easily fix the problem.
For instance:
CWWKS1773E: Validation failed for the token with subject [tom@example.com] requested by [client123] because the token is outside of its valid range.
Diagnostic information:
The text was updated successfully, but these errors were encountered: