OAuth Token is Not Refreshing
search cancel

OAuth Token is Not Refreshing

book

Article ID: 265677

calendar_today

Updated On:

Products

CA Service Desk Manager CA Service Management - Service Desk Manager

Issue/Introduction

Observing a failure to generate the Oauth access token.  We can configure the mailbox and create an OAuth token successfully on the initial attempt

After 90 minutes or so, the following error is generated

ERROR  [ForkJoinPool-1-worker-3] c.c.S.m.c.JavaMailIMAPClient - [ID:([email protected]),HN:(outlook.office365.com)] -> [IMAPS|993] Failed to connect to the Store.
javax.mail.AuthenticationFailedException: AUTHENTICATE failed.

ERROR  [ForkJoinPool-1-worker-3] c.c.S.m.ConnectSession - Failed to get a fresh access token...can not proceed further....
javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

Environment

CA Service Desk Manager 17.3 and above

Cause

There is an issue with the configuration in place.  Sometimes attributed following an RU update, but may also happen after security updates have been applied by the local environment or OAuth provider.

Resolution

The given error may arise if there is additional security configurations that need to be taken to account, depending on the mail service provider in use.

For Microsoft based services such as Office 365, the above has been addressed by allowing communication on port 443 for Exchange Online Protection.

Applicable to all Oauth services:  there may be additional security due to the scope value being used in the configuration, two factor authentication, Captcha being enforced; such settings are unique to each implementation.

We recommend going over the documentation on defining a mailbox with your local security admins, if anything had changed recently, if any security settings were recently introduced (especially applicable if the integration had suddenly stopped working).  The backend certificates stored in the nx.keystore may no longer be valid and need to be recreated.

Additional Information

This article discusses the backend nx.keystore file, how to read its contents, and how to recreate the keystore as needed

See also Google Mail OAuth access token not refreshed after expiration

Powered by Wolken Software