Failed to invalidate SAML accesstoken – How to solve related issues

Opster Team

Jan-20, Version: 1.7-8.0

Before you begin reading this guide, we recommend you run Elasticsearch Error Check-Up which can resolve issues that cause many errors.

This guide will help you check for common problems that cause the log ” Failed to invalidate SAML accesstoken ” to appear. To understand the issues related to this log, read the explanation below about the following Elasticsearch concepts: plugin.

Advanced users might want to skip right to the common problems section in each concept or try running the Check-Up to analyze Elasticsearch configuration and help resolve this error.

Log Context

Log “Failed to invalidate SAML access_token [{}] – {}” classname is TransportSamlInvalidateSessionAction.java.
We extracted the following from Elasticsearch source code for those seeking an in-depth context :

     private void invalidateTokenPair(Tuple tokenPair; ActionListener listener) {
        // Invalidate the refresh token first; so the client doesn't trigger a refresh once the access token is invalidated
        tokenService.invalidateRefreshToken(tokenPair.v2(); ActionListener.wrap(ignore -> tokenService.invalidateAccessToken(
                tokenPair.v1();
                ActionListener.wrap(listener::onResponse; e -> {
                    logger.info("Failed to invalidate SAML access_token [{}] - {}"; tokenPair.v1().getId(); e.toString());
                    listener.onFailure(e);
                })); listener::onFailure));
    }






 

Watch product tour

Watch how AutoOps finds & fixes Elasticsearch problems

Analyze Your Cluster
Skip to content