Issue while deploying JWT proxy through apigeetool

Not applicable

Hi @Dino

We are trying a scenario to generate and validate JWT based on your code sample in GitHub

https://github.com/apigee/iloveapis2015-jwt-jwe-jws/tree/master/jwt_signed/apiproxy

But we are getting an error when we try to deploy it using apigeetool. We are using the below command

apigeetool deployproxy -u username -o myorg -e test -n proxyname -d .

However we are getting an error and the error message is as below -

Deployment on test successful
"jwt_signed" Revision 1
error
environment = test
base path = /
Partial Failure: {"status":"deployed","type":["router"],"uUID":"128875b4-2e2c-48
03-ab44-ef03c2b27145"}Partial Failure: {"status":"deployed","type":["router"],"u
UID":"d1947fa3-0689-47b5-abef-d70e6e19e815"}Partial Failure: {"status":"deployed
","type":["router"],"uUID":"df2fbeec-b028-4d3c-bb96-a827b235166e"}

and we are not able to deploy the proxy. Also we noticed that the base path in the above message shows / while in the code it shows /jwt_signed.

Can you please check and guide us on what could be the issue.

Adding @Pranjali

Regards,

Shwetha

1 2 162
2 REPLIES 2

The basePath thing you noticed - is not an issue. There is a basepath for each proxy endpoint, and there is a distinct basepath for the proxy bundle. The proxy bundle basepath in your case is / . The proxy endpoint basepath is /jwt_signed.

As for why there is a "partial failure" message upon deployment, since the release of the jwt_signed example in 2015, the runtime security configuration for Apigee Edge has changed. This prevents Java code that uses reflection from being deployed. The jwt_signed example that previously worked without problem, now does not work. Unfortunately.

Apigee is actively working on an officially supported JWT policy. This should be ready within a few weeks. In the meantime you can try using nodejs code or a JS callout do do the signing and verification.

Hi @Dino,

I get the same (similar) failure (

Partial Failure: {"status":"deployed","type":["router"],"uUID":"...) when trying to deploy the oidc-core proxy from the Github OIDC demo (

https://github.com/DinoChiesa/Apigee-Edge-OIDC-Demonstration))

Has there also been a change in Edge which could explain the failure?

I recognized that when excluding the following policies:

<Name>Java-GenerateIdToken-1</Name>

<Name>Java-GenerateIdToken-2</Name>

the deployment succeeds (but so does not the tracing of course..)

Thanks for a hint!