Created by Amine Benarbia on Feb 12, 2022
Purpose (problem description)

This page will help you to investigate the error "Sorry username or password invalid" generated while trying to log into HD,using LDAP.

 

Observed in CAST AIP
Release
Yes/No
8.3.x(tick)
8.2.x(tick)
8.1.x(tick)
8.0.x(tick)
7.3.x(tick)
Observed on RDBMS
RDBMS
Yes/No
Oracle Server(error)
Microsoft SQL Server(error)
CSS3 (tick)
CSS2(tick)
CSS1(tick)
Step by Step scenario
  1. Configure LDAP settings in web.xml.
  2. Launch the dashboard.
  3. Login using the credentials.
Action Plan

  1. If the HD is deloyed via an LDAP then this can be due to Authentification, refer to the following page in order to validate the Authentification, Health Dashboard - LDAP connection - How to validate the Authentication

  2. Make sure you are using the proper values for your implementation.  The values used changed between version 8.2 and 8.3, so if you are migrating versions make sure you are using the proper values for your version.
  3. Be careful with making changes in the configuration files as the format of them matters for proper execution.  For example, if you are removing comments in an xml file, make sure that you have removed the start and end comments so that all the information in the file is properly parsed.
  4. If you are using SAML for Authentication, then:
    1. Verify the properties in the security.properties file with the SAML administrators, especially in regards to the name of the group attribute. A few organizations have modified this from the default setting of 'Group'.
    2. Do not use self-signed certificates for HTTPS access - These can be used, but are very problematic and are not suggested. It takes a lot of correct configuration to get these to work. The best approach is to obtain the proper certificate that is already in place at a customer's organization and use that certificate.
    3. Do not use localhost when generating the spring metadata xml file. No localhost values should be in the CAST xml configuration and when browsing to the spring metadata location, do not use localhost.
    4. Turn on SAML tracing if having issues. There is a section in the log4j2.xml file that can be uncommented for debug tracing similar to what is done for LDAP: Configuring the Log and Audit Trail

  5. If you are using 7.2.0 HD with Firefox 27.0.1 then refer to the below , in all other cases go to next step

    After deploying a 7.2.0 HD dashboard with default options, we will not be ale to connect with Firefox 27.0.1 with the default user vpad/cast or cast/cast .
    This is encountered when you try to click or copy-paste the HD url into the browser, this issue has a workaround where you have to do hard reload of the URL i.e. select the url and click enter to reload the page. Using the default credentials after the hard reload allows to access the HD without the mentioned error.

    Note: This issue has been investigated by R&D and below is the conclusion derived:

    We click or copy paste the url to the application analytics dashboard, the url is escaped by the browser yet displayed unescaped (this is why a hard reload by clicking then returning resolve). The login request is then sent with inconsistent urls in the request header parameters by firefox, resulting in the failure (url provided by firefox is incorrect)
    Issue can be corrected by not clicking an email link or copy pasting from an escaped url or renaming the war file. It is likely we will not be able to provide programmatic solutions in the current context.

  6. Activate the debug mode, for this please refer to Health Dashboard - Information - How to activate the Debug trace on HD logs
  7. Try to log in to HD.
  8. Search for errors in the generated log file.
  9. Check if your error correspond to one of the cases listed in Errors and fix it
  10. After resolving the issue, you should have the following debug log file output: Health Dashboard - Information - LDAP connection - Debug free log
  11. if not resolved, then please contact CAST Technical Support with Relevant Input

  

Errors

 Error of type Root exception is java.net.UnknownHostException: <XXXX>

For example:

Query result example

17:23:02,079 | DEBUG | http-bio-8080-exec-5 | org.springframework.security.web.authentication.www.BasicAuthenticationFilter | Authentication request for failed: org.springframework.security.authentication.InternalAuthenticationServiceException: corpxxx.castsoftware.com:389; nested exception is javax.naming.CommunicationException: corpxxx.castsoftware.com:389 [Root exception is java.net.UnknownHostException: corpxxx.castsoftware.com]

This error is raised because of one of the following reasons:

  1. You have configured an incorrect LDAP URL in web.xml. Navigate to XXXXXXXXX in order to configure the LDAP Url accordingly.
  2. You have configured an incorrect Domain in web.xml file. Navigate to XXXXXXXXX in order to configure the LDAP Url accordingly.


Error of type LDAP: error code 49 - 80090308: LdapErr: DSID-0C0903A9, comment: AcceptSecurityContext error, data 52e, v1db1

For example:

Query result example

17:17:31,019 | DEBUG | http-bio-8080-exec-3 | org.springframework.security.web.authentication.www.BasicAuthenticationFilter | Authentication request for failed: org.springframework.security.authentication.InternalAuthenticationServiceException: [LDAP: error code 49 - 80090308: LdapErr: DSID-0C0903A9, comment: AcceptSecurityContext error, data 52e, v1db1 ]; nested exception is javax.naming.AuthenticationException: [LDAP: error code 49 - 80090308: LdapErr: DSID-0C0903A9, comment: AcceptSecurityContext error, data 52e, v1db1 ]

This error is either due to an expected behavior or configuration issue

  1. Expected behavior:
    • You have entered an incorrect user on Dashboard login screen
    • You have entered an incorrect password on Dashboard login screen
  2. Configuration issue
    • You have configure an incorrect User in web.xml file
    • You have entered an incorrect Password  in web.xml file

Error of type BadCredentialsException: Bad credentials

For example:

Query result example

11:02:24,746 | DEBUG | http-bio-8080-exec-10 | org.springframework.security.web.authentication.www.BasicAuthenticationFilter | Authentication request for failed: org.springframework.security.authentication.BadCredentialsException: Bad credentials

  1. Expected behavior:
  • You have entered an incorrect user on Dashboard login screen.
  • You have entered an incorrect password on Dashboard login screen


     2. Configuration issue

    • You have configure an incorrect User in web.xml file
    • You have entered an incorrect Password  in web.xml file

PS: Depending on your LDAP setup you may see at times both Error Case 2 and Error Case 3 messages immediately after each other.

  

Notes/comments


Related Pages

Cast Engineering Dashboard and the CAST Application Analytics Dashboard have different LDAP implementations, so you should refer to the page of each dashboard for assistance.  For assistance with the CAST Engineering Dashboard and LDAP, please see the following pages:

CAST Engineering Dashboard - WAR Deployment - LDAP - Connection issues