Solved: Re: Failed to parse key: policy(Generate-JWT-RS256...

Srinivas-telstr · 03-31-2022 01:00 AM

Hello Mate,

I am trying to generate jwt with no success...below are the details.

{

"fault": {

"faultstring": "Failed to parse key: policy(Generate-JWT-RS256)",

"detail": {

"errorcode": "steps.jwt.KeyParsingFailed"

}

policy:

<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<GenerateJWT name="Generate-JWT-RS256" enabled="true" continueOnError="false">
<Algorithm>RS256</Algorithm>
<PrivateKey>
<Value ref="private.privatekey"/>
<Id>private_key</Id>
</PrivateKey>
<Id/>

<Subject>Salesforce JWT for Oauth Token</Subject>

<Issuer ref="JWT_Issuer"/>
<Audience ref="JWT_Audience"/>
<ExpiresIn ref="JWT_ExpiresIn"/>
<AdditionalClaims>
<Claim name="prn" ref="JWT_prn"/>
</AdditionalClaims>
<OutputVariable>output-jwt</OutputVariable>
<DisplayName>Generate-JWT-RS256</DisplayName>
</GenerateJWT>

could you please suggest what is wrong..

dchiesa1

How to get the key in above format?

There are many options. one of them is probably right for you depending on where you are starting from.

View solution in original post

dchiesa1

This message tells you that the GenerateJWT policy is unable to parse the private key.

According to the configuration you showed,

   ...
  <PrivateKey>
    <Value ref="private.privatekey"/>
    <Id>private_key</Id>
  </PrivateKey>
   ...

...the private key is contained in a context variable called private.privatekey . All of that looks fine.

Because the algorithm you specified is RS256, you need an RSA private key in that variable. The contents of that variable should be something like this:

OR

If there is something other than of THAT FORM in the context variable, or if the context variable is empty or unset, then the policy will issue the "Failed to parse key" error that you observed.

Srinivas-telstr

Hello Sir..

How to get the key in above format? When i trace the log below is the log

i am using parameter called JWT_privatekey, but that is not showing in trace

-<VariableAccess>

</VariableAccess>

dchiesa1

I am using parameter called JWT_privatekey, but that is not showing in trace

Are you sure? Your prior policy configuration showed this:

  ...
 <PrivateKey>
  <Value ref="private.privatekey"/>
  <Id>private_key</Id>
 </PrivateKey>
  ...

The private. prefix is required here. And Apigee automatically masks accesses (reads or writes) to variables that have the private. prefix, so you will never see it in the trace session.

If you want to see a private variable in trace, you need to add a new policy, like AssignMessage, and assign from one variable to another. like this:

<AssignMessage name='AM-Diagnostics'>
  <AssignVariable>
    <Name>doesnot-matter</Name>
    <Ref>private.privatekey</Ref>
  </AssignVariable>
</AssignMessage>

If you attach this into your proxy flow, the variable doesnot-matter will appear in Trace, and it will have the value of the private.privatekey variable.

dchiesa1

How to get the key in above format?

There are many options. one of them is probably right for you depending on where you are starting from.

Srinivas-telstr

Hello dchiesa1,

I am integrating two Salesforce instances using apigee edge, As a part of that i have created an API for target instance and tested by using postman. It is working fine with 201 response code with created record id.

But when i am testing the same via salesforce(source), i am getting 200 response and record is not getting created in target. What should i do now? I need record gets created..

dchiesa1

Hi Srinivas

It looks like you have a new question. Kindly as a new question by clicking the blue box in the upper right corner. We can address it there.