The token supplied to the function is invalid

Jul 8, 2011 at 3:07 PM

A customer is using WAFFLE with a Jetty server. The most users can login without problems. But some user on the same machine are failing. On the server log we can see:

WARNING: error logging in user: The token supplied to the function is invalid

 

The customer is using the IE7 and Firefox. What can be the problem?

Volker

Coordinator
Jul 8, 2011 at 4:35 PM

It can be a lot of things, but specifically this means that the ticket that waffle is getting isn't valid. 

Make sure you're using 1.4 (and if not, upgrade). At least one bug was fixed that was causing this.

Jul 11, 2011 at 4:15 PM

Ok, the customer has update to the 1.4 but without any changes. Any other idea?

 

Volker

Coordinator
Jul 11, 2011 at 5:00 PM

I would try to track which specific user(s) this is happening to and isolate the full negotiate stack. It's very likely that the error is simply correct, the user logging in doesn't have the right creds. 

Jul 12, 2011 at 8:11 AM

We have track the user with the problem but we see no difference between the that working and which that not working.

> isolate the full negotiate stack

What you means with this?

 

> It's very likely that the error is simply correct, the user logging in doesn't have the right creds.

Which rights are needed? I would expect a login failed or a login as guest like if the user name is wrong. Token invalid sounds like the token was corrupted on transfer.

Coordinator
Jul 12, 2011 at 3:24 PM

I mean we need the server-side log of a single failed request/response. For example, it would be useful to know whether the client is doing NTLM or Kerberos and then whether it already succeeded or failed a negotiation earlier.

Invalid token is a generic message from SSPI, so it can be one of the millions of things that could have gone wrong.