This repository has been archived by the owner on Oct 10, 2023. It is now read-only.
Event Streams UI returns 401:Unauthorized after previously working successfully #163
Labels
bug
Something isn't working
Comments
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Issue Description
When attempting to use the Event Streams UI, operations fail and the error 401:Unauthorized is returned.
In particular, it is not possible to view topics.
The Event Streams admapi pod's log shows
2020-11-05 06:45:17 WARN com.ibm.eventstreams.httpserver.clients.IAMClient - Unable to Introspect Token: Call to IAM failed: javax.net.ssl.SSLHandshakeException: Failed to create SSL connection.
2020-11-05 06:45:17 WARN com.ibm.eventstreams.handlers.security.IAMCredentialsHandler - IAM credentials flow failed
The problem occurs because the Event Streams Operator does not notice that the cluster's certificate have changed (for example they have expired and been renewed), which results in a mismatch between the certificates in use by Event Streams and the certificates in use by Common Services authorization service (IAM) and the failure to create the SSL connection.
Issue Resolution
The Event Streams Operator now updates the local copies of the cluster certificates held by Event Streams, if the cluster certificate has changed.
Workaround
https://www.ibm.com/support/pages/cloud-pak-integration-refreshing-expired-certificates#3.%20Event%20Streams%20within%20Cloud%20Pak%20for%20Integration
Fix details
IBM Internal Issue Number - 6424
Fix target - Not yet available
The text was updated successfully, but these errors were encountered: