Gravatar for bciancio@trident-it.com

Question by bciancio, Jun 28, 2017 8:19 PM

Error while performing JWT flow for the requested user.

Please Note:

Here are some similar questions, that we've looked into regarding this topic.

a) https://answers.coveo.com/questions/10855/request-error-error-while-performing-jwt-flow-for.html

b) https://answers.coveo.com/questions/10270/error-while-performing-jwt-flow-for-the-requested.html

c) https://answers.coveo.com/questions/10270/error-while-performing-jwt-flow-for-the-requested.html


Background: We have installed Coveo for Salesforce in our sandbox1 org and configured a custom coveo search visualforce page to work in both communities and internal users. We have now installed Coveo for Salesforce into our sandbox2 and have run into issues with allowing our community users to use search, but our internal users seem to be able to access it fine.

Package Version: Coveo for SalesforceV2 - 2.44

Sandbox Type: Partial Sandbox

Org Id: 00D0q0000000N4g

Login Access Granted: Yes

Stacktrace:

{ "message": "Request Error : Error while performing JWT flow for the requested user.", "status": 400, "type": "Ajax Error (status: 400)", "name": "Ajax Error (status: 400)" }

Steps to Recreate:

1) Login to the community as the following test user.

2) Click the "Search" icon on the home page.

3) Error on the page and stacktrace above visible when more info is clicked.

Actions Taken:

a) In salesforce enabled all visualforce pages and classes for coveo for the community profile.

b) We've located this piece of documentation: Which is to Authorize Specific User Profiles or Permission sets access to Coveo, followed by not allowed JWT fallback. We have also made sure that our community users username is unique.

c) Tried combos of above documentation with/without jwt and using specific user profiles or all have access.

Any help/insights/speculation on what might be our root cause or issue would be appreciated.


Gravatar for amoreau@coveo.com

Comment by amoreau, Jun 28, 2017 9:00 PM

Thank you for the amount of details in your question. It really helps us know where the error might come from.

Have you tried connecting your second sandbox to the same Coveo Cloud organization? With Coveo for Salesforce Free and Express (I'm assuming you are using one of those versions, as they are the only ones using the JWT this way), you cannot link two Salesforce organizations to the same Coveo Cloud organization; the link has to be one-to-one.

Other than that, have you made sure the user who linked your Salesforce organization to your Coveo Cloud organization had full rights to your objects and fields? (see Creating a Dedicated Linking Account)
You must also ensure that the account you use as the guest user has access to the right fields (see Creating a Guest User for You Community).

Let me know if any of this helped you.

-Alex

1 Reply
Gravatar for amoreau@coveo.com

Answer by amoreau, Jun 29, 2017 5:15 PM

After a bit of investigation, it seems that your issue is caused by the SSL certificate used for your domain not including all of the CA certs in the chain.

You can find more information about the certificate here: https://www.ssllabs.com/ssltest/analyze.html?d=www.battleapp.info and here https://developer.salesforce.com/page/Specifying_Intermediate_CA_Certificates

Let me know if this helped!

-Alex

Gravatar for bciancio@trident-it.com

Comment by bciancio, Jul 3, 2017 2:14 PM

We've modified the SSL certificate chain to no longer have a missing link but still are getting the JWT flow error.

Do you have any other ideas on what could be causing the issue?

Ask a question