App-to-App Communication
The App-to-App Communication Runbook is designed for App Administrators and Cluster Administrators to handle configuration and troubleshooting of app communication within a cluster. It covers scenarios related to public and private key management, access control, and caching issues that commonly arise.
App communication basics
- Public and Private Keys: Each application has a public key stored at the cluster level, while its private key is stored as an app-level secret in a vault. These keys are essential for secure app-to-app communication.
- Admin Roles:
- App Admins manage individual app configurations and key associations.
- Cluster Admins handle cluster-level configurations, including key-related issues.
Note: Refer to the topic on built-in roles for more information about App and Cluster Admin roles.
Frequently asked questions (FAQ)
Q: Why is my app redirecting to the IDP login page repeatedly? A: This may be due to a misalignment between public and private keys. Clear the caches and verify that both keys match using JWT.IO with the RS512 algorithm. Regenerate keys if necessary.
Q: How can I clear the cache for the App.PublicKey and App.PrivateKey values?
A: Use App.PublicKey.clearCacheLocalOnlyAllApps() and App.PrivateKey.clearCacheLocalOnlyAllApps() commands, or apply the cache clearing script to clear it cluster-wide.
Q: What should I do if an app action is unauthorized?
A: Verify the caller app's key and check the role associated with the caller app. Ensure that it has the appropriate permissions for the action.
Q: How do I manually regenerate a key pair?
A: Use RSA512 encryption with a 2048-bit key length. Make sure to format the key properly with -----BEGIN PUBLIC KEY-----\n and \n-----END PUBLIC KEY----- (similarly for the private key) before updating the configuration.
A sample key pair (using RSA encryption with 2048-bit key length) would look like this:
- Sample public key
-----BEGIN PUBLIC KEY-----
...
-----END PUBLIC KEY------ Sample private key
-----BEGIN PRIVATE KEY-----
...
-----END PRIVATE KEY-----After updating the keys, the cached value must be cleared from all apps in the cluster. Refer to the section Clear the caches for more details.