Troubleshooting Flow Access

This section helps you identify, diagnose, and resolve common issues in Flow Access.

mTLS

When using mTLS authentication, the server returns a 4xx HTTP response without a detailed error message in the response body if the request is misconfigured. Common misconfigurations include missing required fields, an unexpected organization value, or a service account that lacks access to the requested flow. The response also includes an X-Auth-Event-Id header, which provides an event identifier. Use this identifier to find the specific failure reason in Kibana, under the logs* data view.

For example, if the organization does not match the expected value for the flow, a log entry similar to the following can be found in Kibana by querying for the event ID "be2db02c-32c5-489c-9206-da972570c9be":

Unexpected organizational unit: 'wrong_org',
event id: 'be2db02c-32c5-489c-9206-da972570c9be',
organization: 'expected_org',
subject: 'O=gridos,CN=ca128c3f-0cbd-420d-8aa4-0685d64d4bc6',
client: 10.116.250.52,
server: _,
request: "POST /connect/flows/rs/verification-rest-api-generic HTTP/1.1",
host: "gridos.mtls.env-connect-mvp-ingress.local"

OIDC

When you create an OIDC service account, you might run into issues when validating the JSONiq script. Use the following list to understand and troubleshoot the most common error types:

Validation errors: Occur when the JSONiq script is successfully parsed, but fails during execution. These errors also occur when JSONiq script runs but does not return a boolean value (true or false).
Syntax errors: Occur when the JSONiq code contains invalid syntax, such as missing characters or malformed expressions.
Parsing errors: Occur when the payload contains malformed JSON or script that cannot be parsed.

Was this page helpful?