Wikis - Page

Knowledge Document: Login to GroupWise fails with Advanced Authentication enabled

0 Likes

Environment

Advanced Authentication
AA 6.4.0
GroupWise
GW 18.5


Symptoms

Users are not able to login to GroupWise when Advanced authentication is enabled.
Users get an error loging into GroupWise after authenticating through AA
Users receive one of the following error messages

In the GroupWise client:    User Access Denied
In GroupWise Web Server Error:    User Access Denied
In GW Messenger:     Login failed

Problem occurs for some users but not for others
Problem began after running third party application

Cause

Third party application changed the Active Directory DN attribute for the problem users to be all UPPERCASE instead of just the first letter being Uppercase.

Resolution

Change the DN back to First letter uppercase.

Additional Information

When AA and GW are integrated, the user enters name and password in the GW Client,  GW sends an authentication request to AA, AA authenticates the user to the directory, and AA returns results to GW.   In this case logs showed that AA successfully authenticated the problem users to the directory without fail, but the GroupWise POA log showed an error on the GW side. 

The Advanced Authentication UWSGI log shows successful login attempts by the problem users, as follows:

Line 74845: 2024-04-10 13:03:38 INFO  [aucore.logger.client] CEF:0|NetIQ|AA|6.4.0.0|100|User logon started|4|ep=OSP ep_addr=10.0.10.150 event=GroupWise OAUTH method_name=PASSWORD:1 session_id=xdU1iqbgdwFmiBsIg4C62qoG3NyWxUUoz tenant_id=def0def0def0def0def0def0def0def0 tenant_name=TOP user_name=SOMETHING\\someone p=22604

Line  74882: 2024-04-10 13:03:44 INFO  [aucore.logger.client] CEF:0|NetIQ|AA|6.4.0.0|101|User was successfully logged on|7|chain_name=Password Only ep=OSP ep_addr=10.0.10.150 event=GroupWise OAUTH method_name=PASSWORD:1 session_id=xdU1iqbgdwFmiBsIg4C62qoG3NyWxUUoz template_owner=SOMETHING\\someone tenant_id=def0def0def0def0def0def0def0def0 tenant_name=TOP user_name=SOMETHING\\someone p=1487

The GroupWise POA log shows the error:

8:20:12 B70C *** NEW APP CONNECTION, Tbl Entry=47, Check ID=1712737238
8:20:12 B70C C/S Login Windows  Net Id=someone ::GW Id=SOMEONE ::

And later

15:27:08 B65B Notifying client at: 10.2.103.209 UDP port 64649
15:27:08 C441 C/S Login Admin Service  ::GW Id= SOMEONE:: ::ffff:192.168.2.15
15:27:08 C441 Validating OAuth2 token with the AA server (SOMEONE)
15:27:08 C441 Error on request to AA server: HTTP 400 (SOMEONE)
15:27:08 C441 Error: Required User Database rights not granted [D01B] User: SOMEONE (SOMEONE)

Access article on support portal

Labels:

Support Tips/Knowledge Docs
Comment List
Related
Recommended