ibeam icon indicating copy to clipboard operation
ibeam copied to clipboard
verified publisher icon Voyz

Issue with Authentification *Access denied*

Open rvie17 opened this issue 3 months ago • 3 comments

Hi Voyz first of all thank you for your great work. Ibeam was working perfectly for a few months and then yesterday it doesn't succeed to authenticate anymore.

To Reproduce If you could just confirm that IBeam is still working fine on your side ?

Full terminal report `2025-09-04 06:11:27,058|I| ############ Starting IBeam version 0.5.8 ############ 2025-09-04 06:11:27,061|I| Secrets source: env 2025-09-04 06:11:27,062|I| Health server started at port=5001 2025-09-04 06:11:27,062|I| Configuration: {'INPUTS_DIR': '/srv/inputs', 'OUTPUTS_DIR': '/srv/outputs', 'GATEWAY_DIR': '/srv/clientportal.gw', 'CHROME_DRIVER_PATH': '/usr/bin/chromedriver', 'GATEWAY_STARTUP': 20, 'GATEWAY_PROCESS_MATCH': 'ibgroup.web.core.clientportal.gw.GatewayStart', 'MAINTENANCE_INTERVAL': 60, 'SPAWN_NEW_PROCESSES': False, 'LOG_LEVEL': 'DEBUG', 'LOG_TO_FILE': True, 'LOG_FORMAT': '%(asctime)s|%(levelname)-.1s| %(message)s', 'REQUEST_RETRIES': 2, 'REQUEST_TIMEOUT': 15, 'RESTART_FAILED_SESSIONS': True, 'RESTART_WAIT': 15, 'REAUTHENTICATE_WAIT': 15, 'HEALTH_SERVER_PORT': 5001, 'SECRETS_SOURCE': 'env', 'GCP_SECRETS_URL': None, 'START_ACTIVE': True, 'GATEWAY_BASE_URL': 'https://localhost:5000', 'ROUTE_AUTH': '/sso/Login?forwardTo=22&RL=1&ip2loc=on', 'ROUTE_VALIDATE': '/v1/portal/sso/validate', 'ROUTE_REAUTHENTICATE': '/v1/portal/iserver/reauthenticate?force=true', 'ROUTE_INITIALISE': '/v1/api/iserver/auth/ssodh/init', 'ROUTE_AUTH_STATUS': '/v1/api/iserver/auth/status', 'ROUTE_TICKLE': '/v1/api/tickle', 'ROUTE_LOGOUT': '/v1/api/logout', 'USER_NAME_EL': None, 'PASSWORD_EL': 'NAME@@password', 'SUBMIT_EL': 'CSS_SELECTOR@@.btn.btn-lg.btn-primary', 'ERROR_EL': None, 'SUCCESS_EL_TEXT': 'TAG_NAME@@Client login succeeds', 'LIVE_PAPER_TOGGLE_EL': 'FOR@@label[for=toggle1]', 'USE_PAPER_ACCOUNT': True, 'OAUTH_TIMEOUT': 30, 'PAGE_LOAD_TIMEOUT': 30, 'ERROR_SCREENSHOTS': False, 'MAX_FAILED_AUTH': 5, 'MIN_PRESUBMIT_BUFFER': 5, 'MAX_PRESUBMIT_BUFFER': 30, 'MAX_IMMEDIATE_ATTEMPTS': 10, 'IBKEY_PROMO_EL_CLASS': 'CLASS_NAME@@ibkey-promo-skip', 'AUTHENTICATION_STRATEGY': 'B', 'MAX_STATUS_CHECK_RETRIES': 120, 'MAX_REAUTHENTICATE_RETRIES': 3, 'UI_SCALING': 1.0, 'TWO_FA_EL_ID': 'ID@@twofactbase', 'TWO_FA_NOTIFICATION_EL': 'CLASS_NAME@@login-step-notification', 'TWO_FA_INPUT_EL_ID': 'ID@@xyz-field-bronze-response', 'TWO_FA_HANDLER': None, 'STRICT_TWO_FA_CODE': True, 'TWO_FA_SELECT_EL_ID': 'ID@@xyz-field-bronze-response', 'TWO_FA_SELECT_TARGET': 'IB Key', 'CUSTOM_TWO_FA_HANDLER': 'custom_two_fa_handler.CustomTwoFaHandler'} 2025-09-04 06:11:27,062|I| Gateway not found, starting new one... 2025-09-04 06:11:27,062|I| Note that the Gateway log below may display "Open https://localhost:[PORT] to login" - ignore this command. 2025-09-04 06:11:27,062|I| Starting Gateway as Linux process with params: ['bash', 'bin/run.sh', 'root/conf.yaml'] running
runtime path : root:dist/ibgroup.web.core.iblink.router.clientportal.gw.jar:build/lib/runtime/* config file : root/conf.yaml 2025-09-04 06:11:27,067|I| Gateway started with pids: [11] 2025-09-04 06:11:27,068|D| GET https://localhost:5000 (unverified) 2025-09-04 06:11:27,069|I| Gateway running but not serving yet. Consider increasing IBEAM_GATEWAY_STARTUP timeout. Error: <urlopen error [Errno 111] Connection refused> 2025-09-04 06:11:27,069|I| Gateway connection established 2025-09-04 06:11:27,069|D| POST https://localhost:5000/v1/api/tickle (unverified) 2025-09-04 06:11:27,070|I| Gateway running but not serving yet. Consider increasing IBEAM_GATEWAY_STARTUP timeout. Error: <urlopen error [Errno 111] Connection refused> 2025-09-04 06:11:27,070|I| NO SESSION Status(running=True, session=False, connected=False, authenticated=False, competing=False, collision=False, session_id=None, server_name=None, server_version=None, expires=None) 2025-09-04 06:11:27,070|I| Authentication strategy: "B" 2025-09-04 06:11:27,070|I| No active sessions, logging in... 2025-09-04 06:11:27,070|I| Loading auth webpage at https://localhost:5000/sso/Login?forwardTo=22&RL=1&ip2loc=on WARNING: An illegal reflective access operation has occurred WARNING: Illegal reflective access by io.netty.util.internal.ReflectionUtil (file:/srv/clientportal.gw/build/lib/runtime/netty-common-4.1.15.Final.jar) to constructor java.nio.DirectByteBuffer(long,int) WARNING: Please consider reporting this to the maintainers of io.netty.util.internal.ReflectionUtil WARNING: Use --illegal-access=warn to enable warnings of further illegal reflective access operations WARNING: All illegal access operations will be denied in a future release -> mount demo on /demo Java Version: 11.0.24

version: a27ed42161ad96c53e715ca5c5e3e3fa4cff5262 Mon, 24 Apr 2023 15:41:53 -0400

This is the Client Portal Gateway for any issues, please contact [email protected] and include a copy of your logs

https://www.interactivebrokers.com/api/doc.html

Open https://localhost:5000 to login App demo is available after you login under: https://localhost:5000/demo#/ 2025-09-04 06:11:39,220|W| Cannot determine the version of IBKR website, assuming version 1 2025-09-04 06:11:39,220|D| Targets: {'PASSWORD': Target(NAME@@password), 'SUBMIT': Target(CSS_SELECTOR@@.btn.btn-lg.btn-primary), 'SUCCESS': Target(TAG_NAME@@Client login succeeds), 'IBKEY_PROMO': Target(CLASS_NAME@@ibkey-promo-skip), 'TWO_FA': Target(ID@@twofactbase), 'TWO_FA_NOTIFICATION': Target(CLASS_NAME@@login-step-notification), 'TWO_FA_INPUT': Target(ID@@xyz-field-bronze-response), 'TWO_FA_SELECT': Target(ID@@xyz-field-bronze-response), 'LIVE_PAPER_TOGGLE': Target(FOR@@label[for=toggle1]), 'USER_NAME': Target(NAME@@user_name), 'ERROR': Target(CSS_SELECTOR@@.alert.alert-danger.margin-top-10)} 2025-09-04 06:12:14,405|E| Timeout reached when waiting for authentication. The website seems to not be loaded correctly. Consider increasing IBEAM_PAGE_LOAD_TIMEOUT. Website URL: https://localhost:5000/sso/Login?forwardTo=22&RL=1&ip2loc=on

Exception: File "/srv/ibeam/ibeam_starter.py", line 181, in success, shutdown, status = client.start_and_authenticate() File "/srv/ibeam/src/gateway_client.py", line 62, in start_and_authenticate success, shutdown, status = self.strategy_handler.try_authenticating(request_retries=request_retries) File "/srv/ibeam/src/handlers/strategy_handler.py", line 85, in try_authenticating return self._authentication_strategy_B(status, request_retries) File "/srv/ibeam/src/handlers/strategy_handler.py", line 140, in _authentication_strategy_B return self._log_in(status) File "/srv/ibeam/src/handlers/strategy_handler.py", line 151, in _log_in success, shutdown = self.login_handler.login() File "/srv/ibeam/src/handlers/login_handler.py", line 504, in login self.handle_timeout_exception(e, targets, driver, website_version, self.route_auth, self.base_url, self.outputs_dir) File "/srv/ibeam/src/handlers/login_handler.py", line 470, in login wait_and_identify_trigger = self.load_page(targets, driver, self.base_url, self.route_auth) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ File "/srv/ibeam/src/handlers/login_handler.py", line 443, in load_page wait_and_identify_trigger(is_clickable(targets['USER_NAME']), skip_identify=True) File "/srv/ibeam/src/handlers/login_handler.py", line 67, in _wait_and_identify_trigger trigger = WebDriverWait(driver, timeout).until(any_of(*expected_conditions)) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ File "/opt/venv/lib/python3.11/site-packages/selenium/webdriver/support/wait.py", line 95, in until raise TimeoutException(message, screen, stacktrace)

<class 'selenium.common.exceptions.TimeoutException'> Message:

2025-09-04 06:12:14,405|I| Cleaning up the resources. Display: <pyvirtualdisplay.display.Display object at 0xef129bcdf990> | Driver: <selenium.webdriver.chrome.webdriver.WebDriver (session="61b6c56b1a1faa133e53e2a9bcf66581")> 2025-09-04 06:12:14,437|I| Logging in failed 2025-09-04 06:12:14,440|I| Starting maintenance with interval 60 seconds`

Also when I try to connect using the UI throught this URL https://localhost:5000/sso/Login

Image

Environment IBeam version: 0.5.8 Docker image or standalone: Lastest OS: 22.04.5 LTS Server is located in the US but it wasn't an issue for the last few months

Additional context

And then it doesn't manage to succeed to login even after a few hours ... If you have any of things to test/try to help you let me know

rvie17 avatar Sep 04 '25 06:09 rvie17

hey @rvie17 thanks for the kind words and for the detailed bug report! 👍

Sorry to hear things stopped working on your end after such a good streak. IBeam seems to work just fine on my end, so I'm assuming there is some configuration/network issue.

Access Denied usually points at an unauthorised IP/DNS reaching the Gateway. However, given this is in the login flow, I'd imagine something unexpected is happening - I can't recall seeing this error page.

Did you try contacting the IBKR support regarding this error? If you're seeing it when manually accessing the login page, then it is something they may be able to help you out with

Voyz avatar Sep 13 '25 08:09 Voyz

Access Denied

"my IP" is not authorized to access this domain

Please establish your connection through api.ibkr.com instead.

Should you require assistance, please contact your account administrator and reference error code: 0.4f182117.1763118209.ac6a1c0b.

long timer user ( years thanks!), made no changes hadnt looked for a while and got this on my login screen now. I was bypassing using 1.api but went back to just api.ibkr and still getting issue. reset my router but think its still same IP (its premissioned in yaml)

corbinhudson avatar Nov 14 '25 11:11 corbinhudson

Hey, sorry you're running into this again. My comment would be same as before:

Did you try contacting the IBKR support regarding this error? If you're seeing it when manually accessing the login page, then it is something they may be able to help you out with

Voyz avatar Nov 16 '25 11:11 Voyz