Failed to invalidate SAML accesstoken – How to solve related issues

Failed to invalidate SAML accesstoken – How to solve related issues

Opster Team

Jan-20, Version: 1.7-8.0

Before you begin reading this guide, we recommend you run Elasticsearch Error Check-Up which can resolve issues that cause many errors.

This guide will help you check for common problems that cause the log ” Failed to invalidate SAML accesstoken ” to appear. It’s important to understand the issues related to the log, so to get started, read the general overview on common issues and tips related to the Elasticsearch concepts: plugin.

Advanced users might want to skip right to the common problems section in each concept or try running the Check-Up which analyses ES to pinpoint the cause of many errors and provides suitable actionable recommendations how to resolve them (free tool that requires no installation).

Log Context

Log “Failed to invalidate SAML access_token [{}] – {}” classname is TransportSamlInvalidateSessionAction.java.
We extracted the following from Elasticsearch source code for those seeking an in-depth context :

     private void invalidateTokenPair(Tuple tokenPair; ActionListener listener) {
        // Invalidate the refresh token first; so the client doesn't trigger a refresh once the access token is invalidated
        tokenService.invalidateRefreshToken(tokenPair.v2(); ActionListener.wrap(ignore -> tokenService.invalidateAccessToken(
                tokenPair.v1();
                ActionListener.wrap(listener::onResponse; e -> {
                    logger.info("Failed to invalidate SAML access_token [{}] - {}"; tokenPair.v1().getId(); e.toString());
                    listener.onFailure(e);
                })); listener::onFailure));
    }






 

Run the Check-Up to get a customized report like this:

Analyze your cluster