Skip to content

pki tps-cert-find freezes during searching and will not return tokens or throw an error #5195

New issue
New issue
Open
Open
pki tps-cert-find freezes during searching and will not return tokens or throw an error#5195
@zjshermanburke

Description

@zjshermanburke
zjshermanburke
opened on Oct 10, 2025

Summary:

After enrolling a token for a DS user, attempting to perform tps-token-find or tps-token-find <CUID> behave indefinitely as though the
tps-token-find and tps-token-find <CUID> is searching for a token and will not return any results or errors. After stopping and restarting the server, tps-token-find <CUID> will return the information for the requested token, but tps-token-find still does not return results.

tps-token-del <CUID>, tps-token-find with no tokens present, and tpsclient function as expected.

Build:

OS: Fedora release 42 (Adams)
dogtag-pki-11.9.0~alpha1^20251009125009.424f58d5-1.fc42.x86_64
dogtag-pki-tps-11.9.0~alpha1^20251009125009.424f58d5-1.fc42.noarch
COPR: @pki/master

Steps to reproduce:

  1. Install DS, CA, KRA, TKS and TPS instances

  2. Enroll a token for a user using

# tpsclient < <token_enroll.txt>
  1. Perform tps-token-search:
# pki -d <path/to/certdb> -c <certdb_password> -n <TPSadmin_cert> -p <TPS_port>  tps-token-find

It won't succeed or fail, it will just hang up with:

Exact command
# pki -d <path/to/certdb> -c <certdb_password> -n <TPSadmin_cert> -p <TPS_port>  tps-token-find --debug
INFO: HTTP request: GET /tps/rest/tokens HTTP/1.1
FINE: - Host: pki1.example.com:25443
FINE: - Connection: Keep-Alive
FINE: - User-Agent: Apache-HttpClient/4.5.14 (Java/21.0.8)
FINE: - Cookie: JSESSIONID=38BEACAA81DF59D7F4B69360A77E7B1C
FINE: - Accept-Encoding: gzip,deflate
FINE: Request:

Expected Result:

tps-token-find will return tokens present in a list format or an error if the operation failed.

Actual Result:

tps-token-find does not return available tokens or return an error code.

INFO: HTTP request: GET /tps/rest/tokens HTTP/1.1
FINE: - Host: pki1.example.com:25443
FINE: - Connection: Keep-Alive
FINE: - User-Agent: Apache-HttpClient/4.5.14 (Java/21.0.8)
FINE: - Cookie: JSESSIONID=38BEACAA81DF59D7F4B69360A77E7B1C
FINE: - Accept-Encoding: gzip,deflate
FINE: Request:

Additional Info:

Stopping and starting the TPS service will cause tps-token-find <CUID> to succeed. Running:

# pki -d <path/to/certdb> -c <certdb_password> -n <TPSadmin_cert> -p <TPS_port> tps-token-find <CUID>

will succed and the token information will appear correctly (In this particular case, I modified the CS.cfg debug value from 10 to 0 and then restarted).

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions