Expand my Community achievements bar.

Join us in celebrating the outstanding achievement of our AEM Community Member of the Year!
SOLVED

problems logging in with authentication token.

Avatar

Former Community Member

I have a test application which creates a room from Java. It generates the auth token as follows.

String roomName = "dynamically_created_room1";
       
        AccountManager collabAcctMngr = new AccountManager(CollaborationConstants.COLLABORATION_ACCT_URL);
        collabAcctMngr.login(CollaborationConstants.COLLABORATION_ACCT_ID,CollaborationConstants.COLLABORATION_ACCT_PASSWORD);
        collabAcctMngr.createRoom(roomName,true);//: Deletes the room on exit
        Session collabSession = collabAcctMngr.getSession(roomName);
        collabSession.secret = CollaborationConstants.COLLABORATION_ACCT_SHARED_SECRET;
       
   
       
        String token = collabSession.getAuthenticationToken(CollaborationConstants.COLLABORATION_ACCT_SHARED_SECRET,
                "jeff-" + "-phelps","uid1",UserRoles.PUBLISHER);
       
       
       
       
        log.info("token = " + token);

The room is created fine.

I then run my flex CollaborationTest application

<s:WindowedApplication xmlns:fx="http://ns.adobe.com/mxml/2009"
                       xmlns:s="library://ns.adobe.com/flex/spark"
                       xmlns:rtc="http://ns.adobe.com/rtc"
                       xmlns:mx="library://ns.adobe.com/flex/mx">
    <fx:Declarations>
        <!-- Place non-visual elements (e.g., services, value objects) here -->
        <rtc:AdobeHSAuthenticator id="auth" userName="" password="" protocol="rtmfp" authenticationKey="{AUTH_KEY}"/>
        <rtc:RoomSettings id="roomSettings" autoPromote="true" guestsMustKnock="false"/>
    </fx:Declarations>
   
   
    <fx:Script>
       
        <![CDATA[
       
            public const COLLABORATION_ACCT_URL:String = "https://collaboration.adobelivecycle.com/endlessmind";
          
            public const AUTH_KEY:String ="exx=eDpqZWZmLS1waGVscHM6OmVuZGxlc3NtaW5kOnVpZDE6ZHluYW1pY2FsbHlfY3JlYXRlZF9yb29tMTo1MDo0YTI4NmFjN2FkYzk4ZTI3YTZkNWYwMmVhYWE5ZTgwNzUwYjRiZjFl";
           
            private var testRoomURL:String = "https://collaboration.adobelivecycle.com/endlessmind/dynamically_created_room1";

            protected function button1_clickHandler(event:MouseEvent):void {
                cSession.roomURL = testRoomURL;
                cSession.login();
            }

        ]]>
    </fx:Script>
   
    <mx:Panel title="Test the ability to log into a room with a authentication key">
        <s:Button label="PUSH TO LOGIN" click="button1_clickHandler(event)"/>
        <rtc:ConnectSessionContainer authenticator="{auth}" initialRoomSettings="{roomSettings}" id="cSession" width="100%"
                                     height="100%" autoLogin="false" >
       
        </rtc:ConnectSessionContainer>
    </mx:Panel>
   
   
</s:WindowedApplication>

When I push the button to login, I received the following exception

requestInfo https://collaboration.adobelivecycle.com/endlessmind/dynamically_created_room1?exx=eDpqZWZmLS1waGVsc...
11:51:46 GMT-0600    #THROWING ERROR# bad authentication key
Error: Invalid username or password:Login again
    at com.adobe.rtc.authentication::AbstractAuthenticator/onLoginFailure()[/Users/arun/Work/aponnusa_theoden.corp.adobe.com_1666/depot/branches/connect/1104/cocomoPlayer10.1/src/com/adobe/rtc/authentication/AbstractAuthenticator.as:200]
    at com.adobe.rtc.authentication::AbstractAuthenticator/onAuthorizationFailure()[/Users/arun/Work/aponnusa_theoden.corp.adobe.com_1666/depot/branches/connect/1104/cocomoPlayer10.1/src/com/adobe/rtc/authentication/AbstractAuthenticator.as:215]
    at com.adobe.rtc.session.sessionClasses::MeetingInfoService/onComplete()[/Users/arun/Work/aponnusa_theoden.corp.adobe.com_1666/depot/branches/connect/1104/cocomoPlayer10.1/src/com/adobe/rtc/session/sessionClasses/MeetingInfoService.as:331]
    at flash.events::EventDispatcher/dispatchEventFunction()
    at flash.events::EventDispatcher/dispatchEvent()
    at flash.net::URLLoader/onComplete()

Any help is greatly appreciated.

Thanks.

Jeff

1 Accepted Solution

Avatar

Correct answer by
Employee

I looked at the log and I see a lot of message about invalid tokens. The main reason is usually that the "shared secret" you are using is wrong. Please check the value for the shared secret in the DevPortal and make sure that is what you are using in your application.

Also, remember that external authentication tokens are "one shot": They are valid for the duration of a single session of the specified room, so if you start a room, stop it and start it again you'll have to generate new tokens.

View solution in original post

16 Replies

Avatar

Level 3

Hi,

The auth token expires after 15 minutes if you don't use the keepAlive API.  Do you run CollaborationTest immediately after getting the auth token or more than 15 minutes after?

-Jamie

Avatar

Former Community Member

Hi Jamie,

I run the CollaborationTest app immediately after generating the token.

Thanks.

Avatar

Former Community Member

Also. I noticed in the LCCS_Developer_Guide.pdf there are screen shots of a browser based room editor.

But. I have seen nothing like that on my LCCS developer portal.

Does my company need to buy developer account in order for this to work correctly ?

If so. Adobe. Why not just state that, instead of having me spend needless hours working through

what may be the problem.

Can someone give me something here on this login problem.

Avatar

Former Community Member

hey,i already made the auth token work like a charm ,in a free test account.

might you have some bugs in your code.

Avatar

Former Community Member

I posted the code verbatim as it came from Flash Builder 4.5

The only method that works for me with respect to room login is.

1) User name and password.

2) User name only.

The authenticationToken method does not work for me. Also. Are there any examples showing the use of AdobeHSAuthenticat authenticationURL property ?

Avatar

Former Community Member

Hi there,

I think you're referring to the Room Console, which is part of the SDK

Application. It's free.

I'd have to agree with Vincent - if external authentication didn't work,

we'd have lots of angry customers. I don't see anything obvious in your

code.. You have a hard-coded auth token in your code, but I'm guessing you

copied that from the output of the java code. I'd check all your inputs

(secret, room name, etc) to make sure you don't have a typo somewhere. Also,

perhaps remove the username/password fields from your authenticator, since

they start as null (I don't think this is the issue, but it's possible).

nigel

Avatar

Former Community Member

Hi Nigel,

I understant what you're saying about others using the external authentication. But. It's not working for me at this point.

I tried removing the userName, and password fields as you suggested. But. I get the same results. And. You're absolutely

right about cutting and pasting the authToken that has been generated by Java code.

In prodcution, the authCodes are dynamically generated, then passed to the Flex application via the web-tier. I created this

small test case in an effort to isolate what may be the potential room login problem. But. To no avail. The room login problem is

the same.

I did peruse the AbstractAuthenticator code. From the comments in the code, it appears at first glance, that the exception being thrown

is because I'm not authorized to use the room.

/**

         * @private

        */

        public function onAuthorizationFailure():void

        {

           //

           // Authentication succeeded (the credentials are valid), but authorization failed

           // (access is denied). This case is currently treated as an authentication failure.

           //

           onLoginFailure();


        }

This code comment is what led me to believe that this may be a case of production account vs. Developer account problem.

Avatar

Correct answer by
Employee

I looked at the log and I see a lot of message about invalid tokens. The main reason is usually that the "shared secret" you are using is wrong. Please check the value for the shared secret in the DevPortal and make sure that is what you are using in your application.

Also, remember that external authentication tokens are "one shot": They are valid for the duration of a single session of the specified room, so if you start a room, stop it and start it again you'll have to generate new tokens.

Avatar

Former Community Member

Raff,

the Account Shared secret is cut and pasted directly from the Dev Portal.

The room is deleted and recreated each run of the of the test, also, a token is genned each pass through the test.

public void testAuthTokenGeneration() throws Exception {
       
        String roomName = "dynamically_created_room1";
       
        AccountManager collabAcctMngr = new AccountManager(CollaborationConstants.COLLABORATION_ACCT_URL);
        collabAcctMngr.login(CollaborationConstants.COLLABORATION_ACCT_ID,CollaborationConstants.COLLABORATION_ACCT_PASSWORD);
       
        collabAcctMngr.deleteRoom(roomName);
        collabAcctMngr.createRoom(roomName,true);//: Deletes the room on exit
        Session collabSession = collabAcctMngr.getSession(roomName);
        collabSession.secret = CollaborationConstants.COLLABORATION_ACCT_SHARED_SECRET;
       
   
       
        String token = collabSession.getAuthenticationToken(CollaborationConstants.COLLABORATION_ACCT_SHARED_SECRET,
                "uid1","uid1",UserRoles.PUBLISHER);
       
       
   
       
       
        log.info("token = " + token);
       
       
       
    }

The log token output is used by the Flex Air application.

But. Thanks for the information.

Avatar

Level 3

Hi,

I tried your code and was able to get it working after fixing 3 mistakes:

1.  Remove this line from your Java code:  collabSession.secret = ...

     This is not something that you should be setting on the session object.  You only pass in your secret when calling getAuthenticationToken.

2.  I don't think we allow underscores in room names.

3.  You have space that shouldn't be here:  "https://collaboration.adobelivecycle.com/endlessmind/dynamically_creat ed_room1"

-Jamie

Avatar

Former Community Member

I accidentally pushed the answered button.

My bad.

Avatar

Former Community Member

Jamie,

YOU ROCK !!!

BIG TIME BINGO.

Let me say it again.

YOU FREAKING ROCK

Thanks a whole bunch.

Avatar

Level 3

Has anyone else seen an intermittent problem with authentication tokens?

It seems like once in a while an authentication token that I create using the server API doesn't work for me and I get a bad authentication key error. I can't seem to narrow down the pattern of when or why it happens. Is it possible that some authenitcation keys for a room get removed while others stay valid?

I have a log file segment that shows the request info for a room I created this morning.

6/26/2011 13:24:23.608 [INFO] xoomxo Creating LCCS session using credentials. url: https://connectnow.acrobat.com/xoomxo/loungef4f957f5, userId: KOOKIE, token: exx=eDpLT09LSUU6Onhvb214bzozNTE5OmxvdW5nZWY0Zjk1N2Y1OjUwOjBjZTA0ZGQ1N2NkMjY2YmUwM2Y3MmQ2YjIzODY0YTRkNjE4YjM3MjM=

13:24:23 GMT-0700    LCCS SDK Version : 1.5.0    Player Version : WIN 10,3,181,14

13:24:23 GMT-0700    requestInfo https://connectnow.acrobat.com/xoomxo/loungef4f957f5?exx=eDpLT09LSUU6Onhvb214bzozNTE5OmxvdW5nZWY0Zjk...

13:24:23 GMT-0700    #THROWING ERROR# bad authentication key

Let me know if I can provide any more info.

Thanks,

Barry

Avatar

Level 3

With the way I am creating tokens, there is potential that tokens could be created across different room sessions. Not sure if that explains the issue I saw yesterday but depending on how sessions are garbage collected on the server I think it's possible. Anyway, I am going to change my server side code so that I do a keep alive on all rooms until they are finished. A room that only has a single session suits my use case better, so using the keep alive API should help me to emulate that.

I'll post again if I see this problem recurring after I make my changes.

Thanks,

Barry

Avatar

Employee

Barry,

I am not sure I understand the problem.

The way external authentication works is the following:

- you create a room (or you reuse an existing room)

- you create a session token by calling AccountManager.getSession().

- that session token will be valid for the next "run" of that room.

- if you call AccountManager.getSession() again, you will get the same session token back (it's still valid). You can call AccountManager.invalidateSession() to make that session token invalid and give you a new one next time you call getSession()

- if a user enters the room the rooms becomes "active" and the session "countdown" starts (actually there is no session countdown. Your session token will be valid until current session ends).

- if a user exits the room, after a few minutes the room will become "inactive". At that point the session is considered terminated and the authentication session token is invalidated (deleted).

- if at this point a user tries to enter the room again with an old session token it will receive an error (cannot login)

I don't know how the behaviour you see matches this but here is a couple of suggestion:

- try to call getSession() every time you need a new authentication token. This is an overkill but if it works it may explain part of your problem (you cache session tokens and don't dispose them correctly when a room ends).

- if you are using external authentication and get a login error, go back to your server and get another authentication token (this may require calling getSession() to make sure you are getting a token for the current session).

Again, if everything was correct and you had full control of when rooms starts and end (i.e. you are monitoring the rooms via the server-to-server hooks) you should be able to create a session token once and reuse it until the room ends.

Avatar

Level 3

Thanks Raff,

Yeah, in order to make my logic bullet proof I think I need to create the token at the time the user is about to enter the room. That way I can be guaranteed that they will be joined with the current existing session.

I can see how I may have use cases whereby some users trying to enter the room might be tied to sessions that have been terminated, although I'm not completely sure this is what happened. It's certainly possible.

In order to be 100% sure I'm going to go with your suggestion. I'll let you know if I see any problems once I've re-factored things.

Thanks,

Barry