IDA Key issues after fresh deployment

Owned by Loganathan Sekar
Last updated: Jul 30, 2020
1 min read

Problem

It is seen in recent deployments of IDA services that after a fresh deployments the the keys generated seems to have some issues resulting in errors like “No unique alias“ or “No such alias“.

Solution

This is issue due to below reasons:

  1. “No unique alias“: Duplicate keys (same AppID and RefID) getting inserted due to the IDA services starting in parallel.

    1. To fix this issue follow the below steps:

      1. Stop IDA services

      2. In the Key Alias table of IDA DB remove any Duplicate entries of key alias, especially KERNEL SIGN.

      3. Start one IDA service such as authentication-internal-service, after it is up then start other services. The first service will create an entry of the key alias, then other service started later will pick it, avoiding creation of duplicate key.

    2. To prevent the issue altogether in a fresh deployment, start the IDA services one by one after a fresh deployment, it can be started in any order. The first service needs to be completely started before starting the other services.

  2. “No such alias“: The key for IDA AppID and IDA-FIR RefID gets created in Internal Auth service (using get public key API), but the same key is not getting loaded to other Auth services due to some issue in SoftHsm over http.

    1. To fix this issue follow the below steps:

      1. It is assumed the key for IDA AppID and IDA-FIR RefID is already inserted in IDA DB.

      2. Just restart the IDA services. Now the key for IDA/IDA-FIR will be loaded by the all services.

These issues will be addressed in forth coming release.

Filter by label

There are no items with the selected labels at this time.