on 11-17-2011 2:11 PM
Hello IDM Gurus,
We are currently facing a weird issue with users logging into IDM UME; we are setting up users with a default password upon being imported into the Identity Center. Certain users are able to login with their default passwords while others are not; the ones that can't encounter "authentication failed" errors and eventually they get a "password locked" error, resulting in their password being locked in UME. Why could this possibly be happening randomly across the user base? I initially thought it was an error with the Keys.ini file not being linked properly, but then it shouldn't work for anyone; I also thought it could be that the users who couldn't login using the default credentials probably had some missing essential attributes, but that isn't the case since everyone is getting populated with the same list of attributes upon initial load and subsequent synchronizations. I finally thought it might be some sort of communication error on the backend, but can't justify it properly; looking at the security.log file on the UME server I find a couple of entries for user authentication failures and I also see that the User is not filled:
Login Module Flag Initialize Login Commit Abort Details
1. com.sap.engine.services.security.server.jaas.BasicPasswordLoginModule SUFFICIENT ok true true
Central Checks true #
#/System/Security/Authentication#sap.com/com.sap.security.core.admin#com.sap.engine.services.security.authentication.logincontext#Guest#0##n/a#SAPEngine_Application_Thread[impl:3]_24##0#0#Info#1#com.sap.engine.services.security.authentication.logincontext#Plain###LOGIN.FAILED
User: N/A
Authentication Stack: ticket
Login Module Flag Initialize Login Commit Abort Details
1. com.sap.security.core.server.jaas.EvaluateTicketLoginModule SUFFICIENT ok exception true java.security.SignatureException: Certificate (Issuer="OU=J2EE,CN=R1F", S/N=0) not found.
2. com.sap.engine.services.security.server.jaas.BasicPasswordLoginModule REQUISITE ok false false
3. com.sap.security.core.server.jaas.CreateTicketLoginModule OPTIONAL ok false true #
#System/Security/Authentication#sap.com/com.sap.security.core.admin#com.sap.engine.services.security.authentication.logincontext#Guest#0##n/a#SAPEngine_Application_Thread[impl:3]_14##0#0#Info#1#com.sap.engine.services.security.authentication.logincontext#Plain###LOGIN.FAILED
User: N/A
Authentication Stack: ticket
I was trying to specifically find authentication attempts for failed users but only ended up finding failed attempts with User field blank; why are the user fields blank? any ideas as to why certain users might be failing to authenticate?
Would greatly appreciate any advice / ideas as to why we might be facing these issues!
Thanks a lot in advance!
Best regards,
Sandeep
Edited by: Sandeep Jayendran on Nov 17, 2011 3:14 PM
closed; issue was resolved with verifying that Keys.ini was installed in all UME servers involved in load balancing; this was not the case with a few servers.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
User | Count |
---|---|
84 | |
24 | |
12 | |
9 | |
7 | |
6 | |
5 | |
5 | |
4 | |
4 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.