Skip to main content
V
vshanmugavelayu11-Garnet
11-Garnet
February 13, 2025
Question

Invalid token exception JWTTokenGenerationResource JWT_ISSUER_INVALID Issuer of the token is invalid

  • February 13, 2025
  • 1 reply
  • 887 views

Facing issue to validate Connection on ThingWorx OData connection while using SSO with Microsoft Entra

 

2025-02-12 07:53:10,084 INFO [ajp-nio-127.0.0.1-8011-exec-5] wt.jwt.oauth2.token.AuditLogger.Log - Start verifying JWT access token.
2025-02-12 07:53:10,084 DEBUG [ajp-nio-127.0.0.1-8011-exec-5] wt.jwt.oauth2.token.AuditLogger.Log - getVerifier() --> start
2025-02-12 07:53:10,084 DEBUG [ajp-nio-127.0.0.1-8011-exec-5] wt.jwt.oauth2.token.AuditLogger.Log - Azure AD verifyMandatoryAttributes() --> start
2025-02-12 07:53:10,084 DEBUG [ajp-nio-127.0.0.1-8011-exec-5] wt.jwt.oauth2.token.AuditLogger.Log - OAuth2 verifyMandatoryAttributes() --> start
2025-02-12 07:53:10,084 ERROR [ajp-nio-127.0.0.1-8011-exec-5] wt.jwt.oauth2.token.AuditLogger.Log - Invalid token exception: (wt.jwt.servlet.JWTTokenGenerationResource/JWT_ISSUER_INVALID) wt.util.WTException: Issuer of the token is invalid.
at wt.jwt.framework.JWTTokenVerifierDelegate.verifyIssuer(JWTTokenVerifierDelegate.java:148)
at wt.jwt.framework.JWTTokenVerifierDelegate.verifyMandatoryAttributes(JWTTokenVerifierDelegate.java:334)
at wt.jwt.oauth2.token.OAuth2JWTTokenValidationDelegate.verifyMandatoryAttributes(OAuth2JWTTokenValidationDelegate.java:84)
at wt.jwt.oauth2.token.AzureADOAuth2JWTTokenValidationDelegate.verifyMandatoryAttributes(AzureADOAuth2JWTTokenValidationDelegate.java:74)
at wt.jwt.framework.JWTTokenServiceProvider.verifyToken(JWTTokenServiceProvider.java:190)
at wt.jwt.framework.JWTTokenServiceProvider.getClaims(JWTTokenServiceProvider.java:140)
at wt.jwt.oauth2.token.JWTLocalTokenService.loadAuthentication(JWTLocalTokenService.java:94)
at org.springframework.security.oauth2.provider.authentication.OAuth2AuthenticationManager.authenticate(OAuth2AuthenticationManager.java:87)
at com.ptc.eauth.identity.oauth2.rs.ResourceAwareOAuth2AuthenticationManager.authenticate(ResourceAwareOAuth2AuthenticationManager.java:44)
at org.springframework.security.oauth2.provider.authentication.OAuth2AuthenticationProcessingFilter.doFilter(OAuth2AuthenticationProcessingFilter.java:156)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334)
at org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:105)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334)
at org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:215)
at org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:178)
at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:354)
at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:267)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:197)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:97)
at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:543)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:135)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:92)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:78)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:367)
at org.apache.coyote.ajp.AjpProcessor.service(AjpProcessor.java:526)
at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:65)
at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:882)
at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1657)
at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49)
at org.apache.tomcat.util.threads.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1191)
at org.apache.tomcat.util.threads.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:659)
at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
at java.base/java.lang.Thread.run(Thread.java:834)

    1 reply

    V
    24-Ruby III
    VladimirN24-Ruby III
    24-Ruby III
    February 13, 2025

    Take a look - "ThingWorx Navigate configured with SSO (direct connection to Entra ID) fails to retrieve data from Windchill": https://www.ptc.com/en/support/article/CS415824 

      V
      vnamboodheriCommunity Manager
      Community Manager
      February 20, 2025

      Hello @vshanmugavelayu

       

      It looks like you have a response from a community champion. If it helped you solve your question please mark the reply as the Accepted Solution. 
      Of course, if you have more to share on your issue, please let the Community know so other community members can continue to help you.

      Thanks,
      Vivek N.
      Community Moderation Team.

      Terms & ConditionsCookie settingsAccessibility statement