Time to time Provider not found for tenantId in the azserver logs in VIP Authentication Hub
Article ID: 385426
Updated On:
Products
Issue/Introduction
Running VIP Authentication Hub, time to time in the logs, some warnings appear that provider is not found.
| | ||----------------------+--------------------------------------|| laas_type | <type> || level | warn || method | GET || msg | Provider '<value>' || | not found for tenantId '<value>' || namespace | <value> || node | kube-<value>-default-<value> || pod | <value>-ssp-azserver-<value>-<value> || principalGroupIds | (empty) || principalHasGroupIds | false || principalName | <name>@example.com || principalType | USER || relVersion | 1.0 || scoping_constraints | <value> || service | azserver || sid | uuid-<value> || sub | <name>@example.com |
Environment
VIP Authentication Hub 3.3 and 3.2.2
Cause
The provider search logic works in a way where it first finds the provider at the tenant level and then fall back to the global level if not found at the tenant level.
In the process, a warning is logged if the provider is not found at the tenant level.
But the provider is still found at the system or global level.
Looking at the provider config, the origin is global, not tenant:
Provider config:
{ "providerName": "<name>", "version": "b13", "apiKey": "<key>", "certAlias": "", "url": https://vip.example.com/api, "providerHeaders": [
[...omitted for brevity...] ], "providerProperties": [ {
[...omitted for brevity...] ], "origin": "global", "ignoreSSLValidation": true, "providerId": "<value>",
[...omitted for brevity...]
As such, the provider and the custom claims will be found, not at the tenant level, but at the global level.
Resolution
Upgrade VIP Authentication Hub to the version 3.4 to get this message tagged as INFO instead of WARNING corrected in the fix DE620387.
Feedback
