Overview
When configuring M-Files to use ForgeRock (OpenAM) as Oauth/OpenID identity provider, you may run into an error saying "The JWT token did not pass validation".
Usually, ForgeRock uses opaque tokens instead of JWT, in which case this error indicates that your configuration on M-Files' side uses the wrong access token type.
Solution
If your configuration is expected to use opaque tokens, make sure the following settings in your M-Files configuration are set as shown here:
- UseAccessTokenInWeb = true
- UseIdTokenAsAccessToken = false
- PreserveClientSpecificSetting_UseIdTokenAsAccessToken = true
- PreserveServerSpecificSetting_AccessTokenType = true
- AccessTokenType = opaque
If you don't expect your configuration to use opaque tokens, then make sure that logging is enabled in the M-Files' configuration (in your configuration, go to Settings > Server > set "Show advanced options" to Yes > set "EnableLogging" to true), reproduce the error, and check M-Files server's Windows Event Viewer's Application log for details on which part of the JWT validation failed.
Refer to this article for possible causes of the JWT token validation failure when actually using a JWT token.
