3

SBO 2311HF1 Service Layer issue - async logins bug...

 7 months ago
source link: https://community.sap.com/t5/customer-relationship-management-q-a/sbo-2311hf1-service-layer-issue-async-logins-bug-help/qaq-p/13594010
Go to the source link to view the article. You can view the picture content, updated content and better typesetting reading experience. If the link is broken, please click the button below to view the snapshot at that time.
neoserver,ios ssh client

SBO 2311HF1 Service Layer issue - async logins bug - help!

I believe with the changes in the last few patches we've found an issue with Service Layer failing. We have upgraded from 2108HF1 which was flawless in terms of logging in (although far from flawless in other areas), to 2311HF1 and are now seeing this login behaviour.

When more than 1 login is requested to Service Layer before a response has been issued, all requests apart from one (maybe the first or last?!) will fail with the following returned error:

{"error":{"code":"401","details":[{"code":"","message":""}],"message":"Internal error: Get access token error,{\"error\":\"invalid_client\",\"error_description\":\"Client authentication with signed JWT failed: Token reuse detected\"}."}}

This behaviour is consistent and shows up in the SL logs time and time again. You can see this where any login requests more than a single request before the response will result in this issue.

I believe this is due to the login changes in the past year or so which have permeated through the admin/control pages etc, and also seem to make SL slightly slower to login also.

Log extract showing 3 API requests requiring login, only 1 works the other 2 fail. It seems like there needs to be a queue/lock mechanism in place to handle these one after another if SL is now "consulting" with an local external auth mechanism.

[Fri Feb 02 10:05:34 2024] [192.168.4.103] [pid=15144] [Request] "POST /b1s/v2/Login HTTP/1.1"
Host:sapserver:50000
OData-Version:4.0
OData-MaxVersion:4.0
Accept:application/json;odata.metadata=minimal
Accept-Charset:UTF-8
User-Agent:Microsoft.OData.Client/7.20.0
Connection:Keep-Alive
traceparent:00-e5c620d420926388cd85c99e82b2c206-26888ed84b10b1dd-00
Content-Type:application/json;odata.metadata=minimal
Content-Length:82
X-Forwarded-Proto:https

**********************************************************************************

[Fri Feb 02 10:05:34 2024] [192.168.4.103] [pid=15144] [Request] "POST /b1s/v2/Login HTTP/1.1"
Host:sapserver:50000
OData-Version:4.0
OData-MaxVersion:4.0
Accept:application/json;odata.metadata=minimal
Accept-Charset:UTF-8
User-Agent:Microsoft.OData.Client/7.20.0
Connection:Keep-Alive
traceparent:00-233ce6b94219cf6d960db050098fc376-941d46b0949dfab9-00
Content-Type:application/json;odata.metadata=minimal
Content-Length:82
X-Forwarded-Proto:https

**********************************************************************************

[Fri Feb 02 10:05:34 2024] [192.168.4.103] [pid=15144] [Request] "POST /b1s/v2/Login HTTP/1.1"
Host:sapserver:50000
OData-Version:4.0
OData-MaxVersion:4.0
Accept:application/json;odata.metadata=minimal
Accept-Charset:UTF-8
User-Agent:Microsoft.OData.Client/7.20.0
Connection:Keep-Alive
traceparent:00-cb1ead6233f310a515519e6303fbe202-7aad577539cbfe51-00
Content-Type:application/json;odata.metadata=minimal
Content-Length:82
X-Forwarded-Proto:https

**********************************************************************************

[Fri Feb 02 10:05:34 2024] [192.168.4.103] [pid=15144] [Response] "POST /b1s/v2/Login HTTP/1.1"
Status Code:[500 Internal Server Error]
Date:Thu, 01 Feb 2024 23:05:34 GMT
Server:Apache
Content-Type:application/json;charset=utf-8

{
"error" : {
"code" : "401",
"details" : [
{
"code" : "",
"message" : ""
}
],
"message" : "Internal error: Get access token error,{\"error\":\"invalid_client\",\"error_description\":\"Client authentication with signed JWT failed: Token reuse detected\"}."
}
}

[Fri Feb 02 10:05:34 2024] [192.168.4.103] [pid=15144] [Response] "POST /b1s/v2/Login HTTP/1.1"
Status Code:[500 Internal Server Error]
Date:Thu, 01 Feb 2024 23:05:34 GMT
Server:Apache
Content-Type:application/json;charset=utf-8

{
"error" : {
"code" : "401",
"details" : [
{
"code" : "",
"message" : ""
}
],
"message" : "Internal error: Get access token error,{\"error\":\"invalid_client\",\"error_description\":\"Client authentication with signed JWT failed: Token reuse detected\"}."
}
}

[Fri Feb 02 10:05:34 2024] [192.168.4.103] [pid=15144] [Response] "POST /b1s/v2/Login HTTP/1.1"
Status Code:[200 OK]
Date:Thu, 01 Feb 2024 23:05:34 GMT
Server:Apache
Content-Type:application/json;odata.metadata=minimal;charset=utf-8
Set-Cookie:********************************************************************

{
"@odata.context" : "https://sapserver:50000/b1s/v2/$metadata#B1Sessions/$entity",
"SessionId" : "67d11b44-c156-11ee-c000-00155dd85d00-13656-13068",
"Version" : "1000230",
"SessionTimeout" : 10
}

Can anyone provide a work around or suggestion to solve or mitigate this unwanted SL behaviour?


report

Recommend

About Joyk


Aggregate valuable and interesting links.
Joyk means Joy of geeK