You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@fineract.apache.org by "Michael E." <mi...@gmail.com> on 2019/07/15 22:57:53 UTC
Fineract-CN - Invalid system token - Can't assign identity service to tenant
Hello,
Over the past few days I've been trying to setup a Fineract-CN instance I
can test with. Since my machine doesn't have enough RAM I tried deploying
in Google Cloud Compute.
Initially I followed this tutorial:
https://cwiki.apache.org/confluence/display/FINERACT/How+To+Build+Apache+Fineract+CN
I got through everything and got demo-server working, but only in
lite-mode. Since I wanted to try out the rest of the services I tried
running the full version. After making sure I had enough RAM I tried the
full version and kept running into failures during provisioning. I think I
have it narrowed down to this error:
12:19:29.115 [qtp1825419935-15] INFO o.a.f.c.l.c.ServiceExceptionFilter -
Responding with a service error ServiceError{code=409, message='The given
identity instance didnt recognize the system token as valid. Perhaps the
system keys for the provisioner or for the identity manager are
misconfigured?'}
12:20:29.192 [qtp1825419935-16] WARN provisioner-logger - The given
identity instance didn't recognize the system token as valid.
org.apache.fineract.cn.api.util.InvalidTokenException:
{"timestamp":1563193229188,"status":403,"error":"Forbidden","message":"Access
Denied","path":"/identity/v1/initialize"}
Since I couldn't figure out how to fix it, I decided to try running using
this docker-compose setup:
https://github.com/openMF/fineract-cn-containers
Unfortunately, during provisioning the exact same failure occurs. I tried
provisioning using the supplied script and manually sending the requests
via postman with a configuration I found here:
https://github.com/senacor/fineract-setup/tree/master/scripts/postman
As far as I can tell, the error occurs when assigning an identity service
to the new tenant, but I may be wrong as I just got into this project and
don't really understand the provisioning process.
I did find two previous threads discussing this issue but none of them seem
to reach a solution:
https://lists.apache.org/thread.html/c89909c56c4b8e500a6802d0601b0dd0f868a64a73e609c7071d3812@%3Cdev.fineract.apache.org%3E
https://lists.apache.org/thread.html/c726cd1161e61096c65bc51a5afd5db18f1b4e60c6dcc3e8b2fb9c3a@%3Cdev.fineract.apache.org%3E
Any help would be greatly appreciated.
Michael.
Re: Fineract-CN - Invalid system token - Can't assign identity
service to tenant
Posted by Courage Angeh <co...@gmail.com>.
Hi Micael,
Thanks so much for the update.
I was only able to catch up with this now. The RSA key provisioning process
was updated in the Fineract CN microservices, I updated the script
accordingly but I forgot to merge the new updates. I haven't been able to
continue work on the code base 'cause I don't have the necessary cloud
resources.
All that put aside, I would recommend you make the PR to the Mifos
code-based, then the code can be migrated to apache.
Best Regards,
Courage.
On Sat, Jul 20, 2019 at 5:19 PM Michael E. <mi...@gmail.com> wrote:
> I could submit a PR once I have it all working, just not sure what repo to
> submit to. fineract-cn-containers is still on the Mifos GitHub account when
> I was under the impression everything was moved to Apache.
>
> On Sat, Jul 20, 2019, 11:32 PM Michael Vorburger <mi...@vorburger.ch>
> wrote:
>
>> On Sat, 20 Jul 2019, 22:22 Michael E., <mi...@gmail.com> wrote:
>>
>>>
>>> Hi Awasum, Thanks for your response. Since my original email I have done
>>> some more investigation and found the source of the issue, at least in my
>>> case. The error in my original email (invalid system token) was appearing
>>> when using this docker setup:
>>> https://github.com/openMF/fineract-cn-containers . I also found a more
>>> recent version of this setup which uses a different module to generate the
>>> RSA keypair:
>>> https://github.com/Anh3h/fineract-cn-containers/tree/develop .
>>> Unfortunately this version didn't work either.
>>>
>>> I investigated the source of the error and found that it occured when
>>> assigning the identity service to a tenant through the provisioner. During
>>> this process the provisioner calls the /initialize endpoint of identity,
>>> which is authenticated by a system key (issued by provisioner). The issue
>>> was identity wouldn't accept this key.
>>>
>>> The key was not accepted because the docker image for the provisioner
>>> used in fineract-cn-containers, anh3h/fineract-cn-provisioner, is a
>>> modified version of provisioner that generates it's own RSA keypair,
>>> instead of using the one provided by environment vairables. The differing
>>> keys caused identity to not accept the system token created by provisioner.
>>> I'm not sure exaclty why this image was used. I built a new image which
>>> runs the latest provisioner from artifactory, and the provisioning process
>>> was able to continue. There are a few more issues with the provisioning
>>> script in fineract-cn-containers, which I was able to fix. I am currently
>>> in the process of creating a new docker-compose configuration, which I
>>> might be able to share if anyone is interested.
>>>
>>
>> I'm sure PRs for this would be welcome!
>>
>> As for the demo server, I didn't investigate the issue I was having with
>>> it much further, I find a docker configuration much easier to run,
>>> particularly when I can't run the demo server locally anyway since my
>>> computer lacks the resources to do so.
>>>
>>> If anyone has any questions about this let me know, I spent almost a
>>> week trying to get this to work so I'd like to make sure nobody else has to
>>> repeat my work.
>>>
>>
>> Again, IMHO the best, because it's the most "durable" (much more than
>> e.g. emails), is PRs which improve scripts, README etc.
>>
>> Michael.
>>>
>>> On Fri, Jul 19, 2019 at 9:42 PM Awasum Yannick <aw...@apache.org>
>>> wrote:
>>>
>>>>
>>>>
>>>> On Mon, Jul 15, 2019 at 11:58 PM Michael E. <mi...@gmail.com>
>>>> wrote:
>>>>
>>>>> Hello,
>>>>>
>>>>> Over the past few days I've been trying to setup a Fineract-CN
>>>>> instance I can test with. Since my machine doesn't have enough RAM I tried
>>>>> deploying in Google Cloud Compute.
>>>>>
>>>>> Initially I followed this tutorial:
>>>>>
>>>>> https://cwiki.apache.org/confluence/display/FINERACT/How+To+Build+Apache+Fineract+CN
>>>>>
>>>>>
>>>>> I got through everything and got demo-server working, but only in
>>>>> lite-mode. Since I wanted to try out the rest of the services I tried
>>>>> running the full version. After making sure I had enough RAM I tried the
>>>>> full version and kept running into failures during provisioning. I think I
>>>>> have it narrowed down to this error:
>>>>>
>>>>
>>>> Can you provide your full logs.
>>>>
>>>>>
>>>>> 12:19:29.115 [qtp1825419935-15] INFO
>>>>> o.a.f.c.l.c.ServiceExceptionFilter - Responding with a service error
>>>>> ServiceError{code=409, message='The given identity instance didnt recognize
>>>>> the system token as valid. Perhaps the system keys for the provisioner or
>>>>> for the identity manager are misconfigured?'}
>>>>> 12:20:29.192 [qtp1825419935-16] WARN provisioner-logger - The given
>>>>> identity instance didn't recognize the system token as valid.
>>>>> org.apache.fineract.cn.api.util.InvalidTokenException:
>>>>> {"timestamp":1563193229188,"status":403,"error":"Forbidden","message":"Access
>>>>> Denied","path":"/identity/v1/initialize"}
>>>>>
>>>>
>>>> Is everyone facing this error? I dont know whats goint wrong here? let
>>>> me run and see whats the problem....
>>>>
>>>>>
>>>>> Since I couldn't figure out how to fix it, I decided to try running
>>>>> using this docker-compose setup:
>>>>> https://github.com/openMF/fineract-cn-containers
>>>>>
>>>>> Unfortunately, during provisioning the exact same failure occurs. I
>>>>> tried provisioning using the supplied script and manually sending the
>>>>> requests via postman with a configuration I found here:
>>>>> https://github.com/senacor/fineract-setup/tree/master/scripts/postman
>>>>>
>>>>> As far as I can tell, the error occurs when assigning an identity
>>>>> service to the new tenant, but I may be wrong as I just got into this
>>>>> project and don't really understand the provisioning process.
>>>>>
>>>>> I did find two previous threads discussing this issue but none of them
>>>>> seem to reach a solution:
>>>>>
>>>>> https://lists.apache.org/thread.html/c89909c56c4b8e500a6802d0601b0dd0f868a64a73e609c7071d3812@%3Cdev.fineract.apache.org%3E
>>>>>
>>>>>
>>>>> https://lists.apache.org/thread.html/c726cd1161e61096c65bc51a5afd5db18f1b4e60c6dcc3e8b2fb9c3a@%3Cdev.fineract.apache.org%3E
>>>>>
>>>>>
>>>>> Any help would be greatly appreciated.
>>>>> Michael.
>>>>>
>>>>
>>>
>>> --
>>> מיכאל אלגאוי michael elgavi <mi...@gmail.com>
>>>
>>
Re: Fineract-CN - Invalid system token - Can't assign identity
service to tenant
Posted by "Michael E." <mi...@gmail.com>.
I could submit a PR once I have it all working, just not sure what repo to
submit to. fineract-cn-containers is still on the Mifos GitHub account when
I was under the impression everything was moved to Apache.
On Sat, Jul 20, 2019, 11:32 PM Michael Vorburger <mi...@vorburger.ch> wrote:
> On Sat, 20 Jul 2019, 22:22 Michael E., <mi...@gmail.com> wrote:
>
>>
>> Hi Awasum, Thanks for your response. Since my original email I have done
>> some more investigation and found the source of the issue, at least in my
>> case. The error in my original email (invalid system token) was appearing
>> when using this docker setup:
>> https://github.com/openMF/fineract-cn-containers . I also found a more
>> recent version of this setup which uses a different module to generate the
>> RSA keypair:
>> https://github.com/Anh3h/fineract-cn-containers/tree/develop .
>> Unfortunately this version didn't work either.
>>
>> I investigated the source of the error and found that it occured when
>> assigning the identity service to a tenant through the provisioner. During
>> this process the provisioner calls the /initialize endpoint of identity,
>> which is authenticated by a system key (issued by provisioner). The issue
>> was identity wouldn't accept this key.
>>
>> The key was not accepted because the docker image for the provisioner
>> used in fineract-cn-containers, anh3h/fineract-cn-provisioner, is a
>> modified version of provisioner that generates it's own RSA keypair,
>> instead of using the one provided by environment vairables. The differing
>> keys caused identity to not accept the system token created by provisioner.
>> I'm not sure exaclty why this image was used. I built a new image which
>> runs the latest provisioner from artifactory, and the provisioning process
>> was able to continue. There are a few more issues with the provisioning
>> script in fineract-cn-containers, which I was able to fix. I am currently
>> in the process of creating a new docker-compose configuration, which I
>> might be able to share if anyone is interested.
>>
>
> I'm sure PRs for this would be welcome!
>
> As for the demo server, I didn't investigate the issue I was having with
>> it much further, I find a docker configuration much easier to run,
>> particularly when I can't run the demo server locally anyway since my
>> computer lacks the resources to do so.
>>
>> If anyone has any questions about this let me know, I spent almost a week
>> trying to get this to work so I'd like to make sure nobody else has to
>> repeat my work.
>>
>
> Again, IMHO the best, because it's the most "durable" (much more than e.g.
> emails), is PRs which improve scripts, README etc.
>
> Michael.
>>
>> On Fri, Jul 19, 2019 at 9:42 PM Awasum Yannick <aw...@apache.org> wrote:
>>
>>>
>>>
>>> On Mon, Jul 15, 2019 at 11:58 PM Michael E. <mi...@gmail.com>
>>> wrote:
>>>
>>>> Hello,
>>>>
>>>> Over the past few days I've been trying to setup a Fineract-CN instance
>>>> I can test with. Since my machine doesn't have enough RAM I tried deploying
>>>> in Google Cloud Compute.
>>>>
>>>> Initially I followed this tutorial:
>>>>
>>>> https://cwiki.apache.org/confluence/display/FINERACT/How+To+Build+Apache+Fineract+CN
>>>>
>>>>
>>>> I got through everything and got demo-server working, but only in
>>>> lite-mode. Since I wanted to try out the rest of the services I tried
>>>> running the full version. After making sure I had enough RAM I tried the
>>>> full version and kept running into failures during provisioning. I think I
>>>> have it narrowed down to this error:
>>>>
>>>
>>> Can you provide your full logs.
>>>
>>>>
>>>> 12:19:29.115 [qtp1825419935-15] INFO
>>>> o.a.f.c.l.c.ServiceExceptionFilter - Responding with a service error
>>>> ServiceError{code=409, message='The given identity instance didnt recognize
>>>> the system token as valid. Perhaps the system keys for the provisioner or
>>>> for the identity manager are misconfigured?'}
>>>> 12:20:29.192 [qtp1825419935-16] WARN provisioner-logger - The given
>>>> identity instance didn't recognize the system token as valid.
>>>> org.apache.fineract.cn.api.util.InvalidTokenException:
>>>> {"timestamp":1563193229188,"status":403,"error":"Forbidden","message":"Access
>>>> Denied","path":"/identity/v1/initialize"}
>>>>
>>>
>>> Is everyone facing this error? I dont know whats goint wrong here? let
>>> me run and see whats the problem....
>>>
>>>>
>>>> Since I couldn't figure out how to fix it, I decided to try running
>>>> using this docker-compose setup:
>>>> https://github.com/openMF/fineract-cn-containers
>>>>
>>>> Unfortunately, during provisioning the exact same failure occurs. I
>>>> tried provisioning using the supplied script and manually sending the
>>>> requests via postman with a configuration I found here:
>>>> https://github.com/senacor/fineract-setup/tree/master/scripts/postman
>>>>
>>>> As far as I can tell, the error occurs when assigning an identity
>>>> service to the new tenant, but I may be wrong as I just got into this
>>>> project and don't really understand the provisioning process.
>>>>
>>>> I did find two previous threads discussing this issue but none of them
>>>> seem to reach a solution:
>>>>
>>>> https://lists.apache.org/thread.html/c89909c56c4b8e500a6802d0601b0dd0f868a64a73e609c7071d3812@%3Cdev.fineract.apache.org%3E
>>>>
>>>>
>>>> https://lists.apache.org/thread.html/c726cd1161e61096c65bc51a5afd5db18f1b4e60c6dcc3e8b2fb9c3a@%3Cdev.fineract.apache.org%3E
>>>>
>>>>
>>>> Any help would be greatly appreciated.
>>>> Michael.
>>>>
>>>
>>
>> --
>> מיכאל אלגאוי michael elgavi <mi...@gmail.com>
>>
>
Re: Fineract-CN - Invalid system token - Can't assign identity
service to tenant
Posted by Michael Vorburger <mi...@vorburger.ch>.
On Sat, 20 Jul 2019, 22:22 Michael E., <mi...@gmail.com> wrote:
>
> Hi Awasum, Thanks for your response. Since my original email I have done
> some more investigation and found the source of the issue, at least in my
> case. The error in my original email (invalid system token) was appearing
> when using this docker setup:
> https://github.com/openMF/fineract-cn-containers . I also found a more
> recent version of this setup which uses a different module to generate the
> RSA keypair: https://github.com/Anh3h/fineract-cn-containers/tree/develop .
> Unfortunately this version didn't work either.
>
> I investigated the source of the error and found that it occured when
> assigning the identity service to a tenant through the provisioner. During
> this process the provisioner calls the /initialize endpoint of identity,
> which is authenticated by a system key (issued by provisioner). The issue
> was identity wouldn't accept this key.
>
> The key was not accepted because the docker image for the provisioner used
> in fineract-cn-containers, anh3h/fineract-cn-provisioner, is a modified
> version of provisioner that generates it's own RSA keypair, instead of
> using the one provided by environment vairables. The differing keys caused
> identity to not accept the system token created by provisioner. I'm not
> sure exaclty why this image was used. I built a new image which runs the
> latest provisioner from artifactory, and the provisioning process was able
> to continue. There are a few more issues with the provisioning script in
> fineract-cn-containers, which I was able to fix. I am currently in the
> process of creating a new docker-compose configuration, which I might be
> able to share if anyone is interested.
>
I'm sure PRs for this would be welcome!
As for the demo server, I didn't investigate the issue I was having with it
> much further, I find a docker configuration much easier to run,
> particularly when I can't run the demo server locally anyway since my
> computer lacks the resources to do so.
>
> If anyone has any questions about this let me know, I spent almost a week
> trying to get this to work so I'd like to make sure nobody else has to
> repeat my work.
>
Again, IMHO the best, because it's the most "durable" (much more than e.g.
emails), is PRs which improve scripts, README etc.
Michael.
>
> On Fri, Jul 19, 2019 at 9:42 PM Awasum Yannick <aw...@apache.org> wrote:
>
>>
>>
>> On Mon, Jul 15, 2019 at 11:58 PM Michael E. <mi...@gmail.com>
>> wrote:
>>
>>> Hello,
>>>
>>> Over the past few days I've been trying to setup a Fineract-CN instance
>>> I can test with. Since my machine doesn't have enough RAM I tried deploying
>>> in Google Cloud Compute.
>>>
>>> Initially I followed this tutorial:
>>>
>>> https://cwiki.apache.org/confluence/display/FINERACT/How+To+Build+Apache+Fineract+CN
>>>
>>>
>>> I got through everything and got demo-server working, but only in
>>> lite-mode. Since I wanted to try out the rest of the services I tried
>>> running the full version. After making sure I had enough RAM I tried the
>>> full version and kept running into failures during provisioning. I think I
>>> have it narrowed down to this error:
>>>
>>
>> Can you provide your full logs.
>>
>>>
>>> 12:19:29.115 [qtp1825419935-15] INFO o.a.f.c.l.c.ServiceExceptionFilter
>>> - Responding with a service error ServiceError{code=409, message='The given
>>> identity instance didnt recognize the system token as valid. Perhaps the
>>> system keys for the provisioner or for the identity manager are
>>> misconfigured?'}
>>> 12:20:29.192 [qtp1825419935-16] WARN provisioner-logger - The given
>>> identity instance didn't recognize the system token as valid.
>>> org.apache.fineract.cn.api.util.InvalidTokenException:
>>> {"timestamp":1563193229188,"status":403,"error":"Forbidden","message":"Access
>>> Denied","path":"/identity/v1/initialize"}
>>>
>>
>> Is everyone facing this error? I dont know whats goint wrong here? let me
>> run and see whats the problem....
>>
>>>
>>> Since I couldn't figure out how to fix it, I decided to try running
>>> using this docker-compose setup:
>>> https://github.com/openMF/fineract-cn-containers
>>>
>>> Unfortunately, during provisioning the exact same failure occurs. I
>>> tried provisioning using the supplied script and manually sending the
>>> requests via postman with a configuration I found here:
>>> https://github.com/senacor/fineract-setup/tree/master/scripts/postman
>>>
>>> As far as I can tell, the error occurs when assigning an identity
>>> service to the new tenant, but I may be wrong as I just got into this
>>> project and don't really understand the provisioning process.
>>>
>>> I did find two previous threads discussing this issue but none of them
>>> seem to reach a solution:
>>>
>>> https://lists.apache.org/thread.html/c89909c56c4b8e500a6802d0601b0dd0f868a64a73e609c7071d3812@%3Cdev.fineract.apache.org%3E
>>>
>>>
>>> https://lists.apache.org/thread.html/c726cd1161e61096c65bc51a5afd5db18f1b4e60c6dcc3e8b2fb9c3a@%3Cdev.fineract.apache.org%3E
>>>
>>>
>>> Any help would be greatly appreciated.
>>> Michael.
>>>
>>
>
> --
> מיכאל אלגאוי michael elgavi <mi...@gmail.com>
>
Re: Fineract-CN - Invalid system token - Can't assign identity
service to tenant
Posted by "Michael E." <mi...@gmail.com>.
Hi Awasum, Thanks for your response. Since my original email I have done
some more investigation and found the source of the issue, at least in my
case. The error in my original email (invalid system token) was appearing
when using this docker setup:
https://github.com/openMF/fineract-cn-containers . I also found a more
recent version of this setup which uses a different module to generate the
RSA keypair: https://github.com/Anh3h/fineract-cn-containers/tree/develop .
Unfortunately this version didn't work either.
I investigated the source of the error and found that it occured when
assigning the identity service to a tenant through the provisioner. During
this process the provisioner calls the /initialize endpoint of identity,
which is authenticated by a system key (issued by provisioner). The issue
was identity wouldn't accept this key.
The key was not accepted because the docker image for the provisioner used
in fineract-cn-containers, anh3h/fineract-cn-provisioner, is a modified
version of provisioner that generates it's own RSA keypair, instead of
using the one provided by environment vairables. The differing keys caused
identity to not accept the system token created by provisioner. I'm not
sure exaclty why this image was used. I built a new image which runs the
latest provisioner from artifactory, and the provisioning process was able
to continue. There are a few more issues with the provisioning script in
fineract-cn-containers, which I was able to fix. I am currently in the
process of creating a new docker-compose configuration, which I might be
able to share if anyone is interested.
As for the demo server, I didn't investigate the issue I was having with it
much further, I find a docker configuration much easier to run,
particularly when I can't run the demo server locally anyway since my
computer lacks the resources to do so.
If anyone has any questions about this let me know, I spent almost a week
trying to get this to work so I'd like to make sure nobody else has to
repeat my work.
Michael.
On Fri, Jul 19, 2019 at 9:42 PM Awasum Yannick <aw...@apache.org> wrote:
>
>
> On Mon, Jul 15, 2019 at 11:58 PM Michael E. <mi...@gmail.com>
> wrote:
>
>> Hello,
>>
>> Over the past few days I've been trying to setup a Fineract-CN instance I
>> can test with. Since my machine doesn't have enough RAM I tried deploying
>> in Google Cloud Compute.
>>
>> Initially I followed this tutorial:
>>
>> https://cwiki.apache.org/confluence/display/FINERACT/How+To+Build+Apache+Fineract+CN
>>
>>
>> I got through everything and got demo-server working, but only in
>> lite-mode. Since I wanted to try out the rest of the services I tried
>> running the full version. After making sure I had enough RAM I tried the
>> full version and kept running into failures during provisioning. I think I
>> have it narrowed down to this error:
>>
>
> Can you provide your full logs.
>
>>
>> 12:19:29.115 [qtp1825419935-15] INFO o.a.f.c.l.c.ServiceExceptionFilter
>> - Responding with a service error ServiceError{code=409, message='The given
>> identity instance didnt recognize the system token as valid. Perhaps the
>> system keys for the provisioner or for the identity manager are
>> misconfigured?'}
>> 12:20:29.192 [qtp1825419935-16] WARN provisioner-logger - The given
>> identity instance didn't recognize the system token as valid.
>> org.apache.fineract.cn.api.util.InvalidTokenException:
>> {"timestamp":1563193229188,"status":403,"error":"Forbidden","message":"Access
>> Denied","path":"/identity/v1/initialize"}
>>
>
> Is everyone facing this error? I dont know whats goint wrong here? let me
> run and see whats the problem....
>
>>
>> Since I couldn't figure out how to fix it, I decided to try running using
>> this docker-compose setup:
>> https://github.com/openMF/fineract-cn-containers
>>
>> Unfortunately, during provisioning the exact same failure occurs. I tried
>> provisioning using the supplied script and manually sending the requests
>> via postman with a configuration I found here:
>> https://github.com/senacor/fineract-setup/tree/master/scripts/postman
>>
>> As far as I can tell, the error occurs when assigning an identity service
>> to the new tenant, but I may be wrong as I just got into this project and
>> don't really understand the provisioning process.
>>
>> I did find two previous threads discussing this issue but none of them
>> seem to reach a solution:
>>
>> https://lists.apache.org/thread.html/c89909c56c4b8e500a6802d0601b0dd0f868a64a73e609c7071d3812@%3Cdev.fineract.apache.org%3E
>>
>>
>> https://lists.apache.org/thread.html/c726cd1161e61096c65bc51a5afd5db18f1b4e60c6dcc3e8b2fb9c3a@%3Cdev.fineract.apache.org%3E
>>
>>
>> Any help would be greatly appreciated.
>> Michael.
>>
>
--
מיכאל אלגאוי michael elgavi <mi...@gmail.com>
Re: Fineract-CN - Invalid system token - Can't assign identity
service to tenant
Posted by Awasum Yannick <aw...@apache.org>.
On Mon, Jul 15, 2019 at 11:58 PM Michael E. <mi...@gmail.com>
wrote:
> Hello,
>
> Over the past few days I've been trying to setup a Fineract-CN instance I
> can test with. Since my machine doesn't have enough RAM I tried deploying
> in Google Cloud Compute.
>
> Initially I followed this tutorial:
>
> https://cwiki.apache.org/confluence/display/FINERACT/How+To+Build+Apache+Fineract+CN
>
>
> I got through everything and got demo-server working, but only in
> lite-mode. Since I wanted to try out the rest of the services I tried
> running the full version. After making sure I had enough RAM I tried the
> full version and kept running into failures during provisioning. I think I
> have it narrowed down to this error:
>
Can you provide your full logs.
>
> 12:19:29.115 [qtp1825419935-15] INFO o.a.f.c.l.c.ServiceExceptionFilter -
> Responding with a service error ServiceError{code=409, message='The given
> identity instance didnt recognize the system token as valid. Perhaps the
> system keys for the provisioner or for the identity manager are
> misconfigured?'}
> 12:20:29.192 [qtp1825419935-16] WARN provisioner-logger - The given
> identity instance didn't recognize the system token as valid.
> org.apache.fineract.cn.api.util.InvalidTokenException:
> {"timestamp":1563193229188,"status":403,"error":"Forbidden","message":"Access
> Denied","path":"/identity/v1/initialize"}
>
Is everyone facing this error? I dont know whats goint wrong here? let me
run and see whats the problem....
>
> Since I couldn't figure out how to fix it, I decided to try running using
> this docker-compose setup:
> https://github.com/openMF/fineract-cn-containers
>
> Unfortunately, during provisioning the exact same failure occurs. I tried
> provisioning using the supplied script and manually sending the requests
> via postman with a configuration I found here:
> https://github.com/senacor/fineract-setup/tree/master/scripts/postman
>
> As far as I can tell, the error occurs when assigning an identity service
> to the new tenant, but I may be wrong as I just got into this project and
> don't really understand the provisioning process.
>
> I did find two previous threads discussing this issue but none of them
> seem to reach a solution:
>
> https://lists.apache.org/thread.html/c89909c56c4b8e500a6802d0601b0dd0f868a64a73e609c7071d3812@%3Cdev.fineract.apache.org%3E
>
>
> https://lists.apache.org/thread.html/c726cd1161e61096c65bc51a5afd5db18f1b4e60c6dcc3e8b2fb9c3a@%3Cdev.fineract.apache.org%3E
>
>
> Any help would be greatly appreciated.
> Michael.
>