cancel
Showing results for 
Search instead for 
Did you mean: 

Unable to login to IDM UI

Former Member
0 Kudos

Hello IDM Gurus,

We are currently facing a weird issue with users logging into IDM UME; we are setting up users with a default password upon being imported into the Identity Center. Certain users are able to login with their default passwords while others are not; the ones that can't encounter "authentication failed" errors and eventually they get a "password locked" error, resulting in their password being locked in UME. Why could this possibly be happening randomly across the user base? I initially thought it was an error with the Keys.ini file not being linked properly, but then it shouldn't work for anyone; I also thought it could be that the users who couldn't login using the default credentials probably had some missing essential attributes, but that isn't the case since everyone is getting populated with the same list of attributes upon initial load and subsequent synchronizations. I finally thought it might be some sort of communication error on the backend, but can't justify it properly; looking at the security.log file on the UME server I find a couple of entries for user authentication failures and I also see that the User is not filled:


Login Module                                                               Flag        Initialize  Login      Commit     Abort      Details
1. com.sap.engine.services.security.server.jaas.BasicPasswordLoginModule   SUFFICIENT  ok          true       true                  
Central Checks                                                                                true                  #
#/System/Security/Authentication#sap.com/com.sap.security.core.admin#com.sap.engine.services.security.authentication.logincontext#Guest#0##n/a#SAPEngine_Application_Thread[impl:3]_24##0#0#Info#1#com.sap.engine.services.security.authentication.logincontext#Plain###LOGIN.FAILED
User: N/A
Authentication Stack: ticket
Login Module                                                               Flag        Initialize  Login      Commit     Abort      Details
1. com.sap.security.core.server.jaas.EvaluateTicketLoginModule             SUFFICIENT  ok          exception             true       java.security.SignatureException: Certificate (Issuer="OU=J2EE,CN=R1F", S/N=0) not found.
2. com.sap.engine.services.security.server.jaas.BasicPasswordLoginModule   REQUISITE   ok          false                 false      
3. com.sap.security.core.server.jaas.CreateTicketLoginModule               OPTIONAL    ok          false                 true       #
#System/Security/Authentication#sap.com/com.sap.security.core.admin#com.sap.engine.services.security.authentication.logincontext#Guest#0##n/a#SAPEngine_Application_Thread[impl:3]_14##0#0#Info#1#com.sap.engine.services.security.authentication.logincontext#Plain###LOGIN.FAILED
User: N/A
Authentication Stack: ticket

I was trying to specifically find authentication attempts for failed users but only ended up finding failed attempts with User field blank; why are the user fields blank? any ideas as to why certain users might be failing to authenticate?

Would greatly appreciate any advice / ideas as to why we might be facing these issues!

Thanks a lot in advance!

Best regards,

Sandeep

Edited by: Sandeep Jayendran on Nov 17, 2011 3:14 PM

Accepted Solutions (0)

Answers (1)

Answers (1)

Former Member
0 Kudos

closed; issue was resolved with verifying that Keys.ini was installed in all UME servers involved in load balancing; this was not the case with a few servers.