--- title: Troubleshooting API client HTTP 5xx errors description: Kong Gateway might return HTTP 502 when there is misconfiguration or miscommunication between the Ping Identity plugin for Kong Gateway and PingAuthorize Server. component: pingauthorize version: 10.1 page_id: pingauthorize:pingauthorize_integrations:paz_kong_5xx_errors canonical_url: https://docs.pingidentity.com/pingauthorize/10.1/pingauthorize_integrations/paz_kong_5xx_errors.html revdate: January 10, 2023 section_ids: about-this-task: About this task steps: Steps example: Example: example-2: Example: --- # Troubleshooting API client HTTP 5xx errors ## About this task Kong Gateway might return `HTTP 502` when there is misconfiguration or miscommunication between the Ping Identity plugin for Kong Gateway and PingAuthorize Server. | | | | - | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | | The plugin for Kong Gateway logs warning messages to the Kong Gateway error log when it encounters problems communicating with PingAuthorize.For more information, see [Enabling error logging in Kong Gateway](paz_kong_error_log.html). | ## Steps 1. Check the `ping-auth` shared secret value in Kong Gateway to confirm it matches your PingAuthorize environment. ### Example: If the `ping-auth` Config.Shared Secret value doesn't match the PingAuthorize sideband client's shared secret value, the Kong error log message might indicate that the plugin received an `HTTP 401` error from PingAuthorize, which gets translated to a 5xx error sent to the API client. For example: ``` 2022/03/28 16:19:49 [warn] 78#0: *85187 [lua] network_handler.lua:145: is_failed_request(): [ping-auth] Sideband request denied with status code 401: The Gateway Token is invalid ``` 1. If there is a shared secret mismatch, go to Configuration → Web Services and Applications → Sideband API Shared Secrets in the PingAuthorize administrative console. 2. Update the shared secret value for PingAuthorize. 3. Copy the value to the Config.Shared Secret field in the Kong Gateway `ping-auth` plugin configuration. 2. Check the `ping-auth` Config.Service URL value in Kong Gateway to confirm that it matches your PingAuthorize environment. ### Example: If the Config.Service URL value doesn't contain the hostname and HTTPS Connection Handler port configured for your PingAuthorize server, the Kong error log message might indicate that the plugin received an invalid response from the server. For example: ``` 2022/03/28 16:19:49 [error] 78#0: *90929 [lua] access.lua:114: handle_response(): [ping-auth] Unable to parse JSON body returned from policy provider. Error: Expected value but found T_END at character 1 ``` 1. If necessary, confirm that the values entered in the Config.Service Url field of the `ping-auth` plugin in Kong Gateway correspond to the hostname and HTTPS Connection Handler port of your PingAuthorize server. You can find this port number in the PingAuthorize administrative console by going to **Configuration → System → Connection Handlers**. 2. Update any mismatched values in **Config.Service Url**.