This article aims to assist in resolving the issue of attempting to scan but ending up with a “Bad org token” error message.
The “Bad org token” error message essentially means one thing:
WhiteSource couldn’t locate the specified org token (apiKey) in the specified environment.
There are usually 2 configuration mistakes that lead to this error message:
The specified wss.url is not the one your organization is hosted on
The org token (apiKey) is incorrect (spelling mistake, copy-paste problem and so on).
Is your “apiKey” property in the Unified Agent configuration file correct?
Is your “wss.url” correct?
Are you using the parameters “-apiKey” or “-wss.url” in your command line execution of the Unified Agent? If so, note that they override the parameters in the UA configuration file
Are you referring to the correct configuration file in your command?
In case you continue receiving the ‘Bad org token’ message after verifying your answers to questions A-C above, WhiteSource recommends that you isolate the issue, by attempting to execute the scan locally on your machine, to rule out any issues passing the above parameters to the WhiteSource agent via your CI/CD server’s pipeline.
Appendix - more about the configuration parameters in question
The wss.url parameter
The wss.url parameter is the one that directs the scanning agent to the correct environment, in which the specified org token should be verified. If your organization is hosted on https://app-eu.whitesourcesoftware.com/, for example, but the wss.url value is https://saas.whitesourcesoftware.com/ , correcting this will probably fix the issue and allow you to finish your scans.
The wss.url parameter can be specified in more than one way.
Please refer to the following article for more elaborate information about this parameter:
The apiKey parameter
The apiKey parameter in the UA configuration should contain the same ‘API Key’ value which organization admins have access to, by navigating to the ‘Integrate’ tab in the UI: