Open alexlovelltroy opened 3 months ago
This seems to be caused by opaal failing to fetch the JWKS from hydra if hydra fails to start whenever BSS tries making a request to the /keys
endpoint. When this happens, it doesn't look like any of the code paths in opaal are returning an error or redirect (which is not suppose to happen). So in addition to making BSS's logging more informative, we also need to improve logging messages in opaal as well.
When debugging containers for the quickstart, I found log lines like those below:
Then bss died.
Clearly there's a problem with bss attempting to fetch a token for use in querying smd, but I can't tell enough information to start troubleshooting the issue.
What endpoint was used to obtain the EOF JWK?
Was the download successful, but the file was empty? Was there a problem with name resolution? Was the server on the other end slow? BSS has clearly exited because it believes that further attempts to start up will be unsuccessful. Why?
What about using SMD? Did SMD reject any requests due to failed JWT checks? If so which ones? Were there messages associated?