Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

JWTissuer - Keyset does not exist exception #621

Open
MarijnCatthoor opened this issue Jun 13, 2024 · 2 comments
Open

JWTissuer - Keyset does not exist exception #621

MarijnCatthoor opened this issue Jun 13, 2024 · 2 comments

Comments

@MarijnCatthoor
Copy link

We have implemented a custom policy based on the Invite sample. An Azure function generates an invite link which is mailed to the new user. That url directs the user to our Signup policy. All the steps in the signup policy are executed successfully (user is created), but in the last step (SendClaims) we get an exception:

{
    "Kind": "FatalException",
    "Content": {
      "Time": "8:27 AM",
      "Exception": {
        "Kind": "Handled",
        "HResult": "80090016",
        "Message": "Keyset does not exist\r\n",
        "Data": {}
      }
    }
  }

This happens in the JWTIssuer TechnicalProfile from the TrustFrameworkBase policy:

<ClaimsProvider>
      <DisplayName>Token Issuer</DisplayName>
      <TechnicalProfiles>
        <TechnicalProfile Id="JwtIssuer">
          <DisplayName>JWT Issuer</DisplayName>
          <Protocol Name="None" />
          <OutputTokenFormat>JWT</OutputTokenFormat>
          <Metadata>
            <Item Key="client_id">{service:te}</Item>
            <Item Key="issuer_refresh_token_user_identity_claim_type">objectId</Item>
            <Item Key="SendTokenResponseBodyWithJsonNumbers">true</Item>
          </Metadata>
          <CryptographicKeys>
            <Key Id="issuer_secret" StorageReferenceId="B2C_1A_TokenSigningKeyContainer" />
            <Key Id="issuer_refresh_token_key" StorageReferenceId="B2C_1A_TokenEncryptionKeyContainer" />
          </CryptographicKeys>
          <InputClaims />
          <OutputClaims />
        </TechnicalProfile>
      </TechnicalProfiles>
    </ClaimsProvider>

Which is called in the last step from the UserJourney:

<!-- Let the user fill in the signup form and create the account--> 
        <OrchestrationStep Order="3" Type="ClaimsExchange">
          <ClaimsExchanges>
            <ClaimsExchange Id="LocalAccountSignUpWithReadOnlyEmail" TechnicalProfileReferenceId="LocalAccountSignUpWithReadOnlyEmail" />
          </ClaimsExchanges>
        </OrchestrationStep>
        <!-- Issue an access token for the newly created account-->
        <OrchestrationStep Order="4" Type="SendClaims" CpimIssuerTechnicalProfileReferenceId="JwtIssuer" />
      </OrchestrationSteps>
      <ClientDefinition ReferenceId="DefaultWeb" />
    </UserJourney>

The error message suggests an issue with the certificate used to sign the token, however the configuration seems ok. All certificates are in place.

Anyone encountered the same error message or can guide is in the correct direction to solve this?
@gregcar
Copy link

gregcar commented Aug 19, 2024

Did you manage to get this fixed? I've got the same problem. Following the invite flow instructions I uploaded my new cer file and issuer_secret key accordingly.

@MarijnCatthoor
Copy link
Author

I wasn't working on solving this because of the vacation period, but the issue is still not fixed. I'm in contact with support and I'm working together with them in solving this.
I'll post something here if we find a solution.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@gregcar @MarijnCatthoor