Problem/Symptom:
User is getting 500 Internal Server Error when try to login to Domino UI,
500 on GET request requestOfflineToken
Cause:
- Mismatch email in mongoDB vs what was in keycloak
{
"_id" : ObjectId("619b70a5b330268fdaf864e0"),
"idpId" : "498ae2d9-5996-446d-a33a-5046ae336cfb",
"loginId" : {
"id" : "user1",
"lowercaseId" : "user1"
},
"firstName" : "first",
"lastName" : "last",
"fullName" : "first last",
"email" : "first.a.last@company.com",
"created" : ISODate("2021-11-22T10:27:49.912Z"),
"planInfo" : {
"trialStartDate" : ISODate("2021-11-22T10:27:49.912Z"),
"freeRunsForAllProjects" : false
},
"_systemRoles" : [
"Practitioner"
],
"sshKeys" : [ ],
"gitDomainCredentials" : [ ],
"deactivatedFlag" : false,
"productOptIn" : true,
"marketingOptIn" : false,
"isDominoEmployee" : false,
"hashedApiKey" : "02771e03e79411ab8034dad1f94c0a8bbfb6609b"
}
In keycloak for above user id, the email is "first.a.last@company_ext.com"
- Some of users such as contractors may have multiple email addresses, like xxxx@company.com and xxxx@company_ext.com, and hence mismatch between what is in keycloak and what is in mongo, give us encrypted messages about offline token
Solution:
Perform MongoDB surgery to update the user email address to match what's in keycloak, please contact BMS Domino admin to run the command to resolve the issue.
db.users.update({"loginId.id" : "user1"},{$set: {"email" : "first.a.last@company_ext.com"}})
Comments
0 comments
Please sign in to leave a comment.