Highlighted
Trusted Contributor.
Trusted Contributor.
373 views

LDAP input validation failure in Fortify 19.20

Jump to solution

Dear Colleagues,

I have migrated Fortify from 17.20 to 19.20 via 18.20 successfully and it was working absolutely fine.  The LDAP accounts were also migrated successfully and i was able to login with my AD credentials.

However, while upgrading, the default installation path was taken as C:/users however i wanted it as O:\Fortify, for the same, i updated the tomcat properties and added variable as -Dfortify.home = O:/Fortify and redeployed the war file.

The Fortify opened in maintenance mode and I kept on following the same process as i did earlier, the DB migration script this time was completely commented for both 18.20 & 19.20 and i did perform the seeding twice for 18.20 & 19.20 which was successful. (Don't know i didn't had to do it.)

Post this upgrade, i am not able to login using my AD credentials, i am getting authentication failure error for my AD credentials on the UI. I could login using our admin service account and when i checked the LDAP settings which are same as other environments, when i tried establishing the connection, i am  getting an exception "Validation Failure. Please review and correct your configuration settings before trying again. Resource of type LDAP configuration contained invalid data: Input validation failed at"

Please note we are using ldaps on 636 port.

Could you please help me?

0 Likes
1 Solution

Accepted Solutions
Highlighted
Micro Focus Expert
Micro Focus Expert

Re: LDAP input validation failure in Fortify 19.20

Jump to solution

When you changed the location of fortify.home did you move the files from the old location to the new? If not, then you need to login with the default admin account and reconfigure the LDAP settings, as previously mentioned.

If you haven't already tried, copy the contents of the fortify.home/ssc/conf directory to the new location. There is a secret.key that is used to encode/decode the credentials. In this specific instance the credential is for the LDAP connection.

 

View solution in original post

10 Replies
Highlighted
Super Contributor.. Super Contributor..
Super Contributor..

Re: LDAP input validation failure in Fortify 19.20

Jump to solution

Did you check that the LDAP password in the Fortify configuration is correct? I'd go ahead and re-enter that password into the UI as a first step.

I had a similar thing happen where the LDAP configuration got munged after the 19.2 upgrade.. re-entering this information in the LDAP server setup via the SSC UI fixed the issue.

Luckily you had a local administrator account allowing you to login! 🙂

Good luck

0 Likes
Highlighted
Trusted Contributor.
Trusted Contributor.

Re: LDAP input validation failure in Fortify 19.20

Jump to solution

Dear Rhelsens,
Thanks for the inputs. But i don't know the password of LDAP 😞
I did click on Show password checkbox but the password shown in this way ******.
Is there any other way to know the LDAP password?

 

Also on my DEV environment, looks like i did try login with wrong password many times and now ssc log says even for the admin account,

"LDAP: error code 19 - Exceed password retry limit. Account locked." 😞

Is the account get auto unlocked after sometime or we need to do something else? Could you please help?

0 Likes
Highlighted
Super Contributor.. Super Contributor..
Super Contributor..

Re: LDAP input validation failure in Fortify 19.20

Jump to solution

Hi,

If you do not know the password for the account you are using to bind to LDAP, you should contact your IT administrators about the password.

I assume you are using a service account to connect to LDAP, whoever created/owns that account would know the password or be able to reset it.

Sorry cannot offer much more suggestion. I think this configuration info is stored on the SSC server (encrypted)  in files in this directory: C:\Windows\ServiceProfiles\LocalService\.fortify\ssc\conf\ and somehow the encrypted data gets corrupted during the 19.2 upgrade, hence you needing to re-enter it. But that is just a hunch as it happened to me.

Best of luck finding out the correct password, in dev you could probably use your own Windows credentials just to test binding to LDAP to determine if this is the actual issue.

 

 

0 Likes
Highlighted
Frequent Contributor.
Frequent Contributor.

Re: LDAP input validation failure in Fortify 19.20

Jump to solution

I am facing somewhat similar issue. I installed Fortify 19.20, and configured with  LDAP (OID), after configuration I am able to see LDAP users from UI , but I am not able to login to SSC using these LDAP users, I get 

/ssc/j_spring_security_check [WARN] org.springframework.security.authentication.event.LoggerListener - Authentication event AuthenticationFailureBadCredentialsEvent: pande; exception: Bad credentials though everything seems correct.

Is there a way or any other log, to get more info/details on why it failed? I want to set the log messages to give more details than the warning??

0 Likes
Highlighted
Trusted Contributor.
Trusted Contributor.

Re: LDAP input validation failure in Fortify 19.20

Jump to solution

Hi All,

Now i am not able to login with any account at all 😞 Not even my LDAP account and not even with service account.

One of the solution adviced is, to login into Fortify with service account (If you can) and add a new LDAP server same like old one keeping the old one as well.

And try if that works.

0 Likes
Highlighted
Micro Focus Expert
Micro Focus Expert

Re: LDAP input validation failure in Fortify 19.20

Jump to solution

When you changed the location of fortify.home did you move the files from the old location to the new? If not, then you need to login with the default admin account and reconfigure the LDAP settings, as previously mentioned.

If you haven't already tried, copy the contents of the fortify.home/ssc/conf directory to the new location. There is a secret.key that is used to encode/decode the credentials. In this specific instance the credential is for the LDAP connection.

 

View solution in original post

Highlighted
Trusted Contributor.
Trusted Contributor.

Re: LDAP input validation failure in Fortify 19.20

Jump to solution
Hi @ebell

Thanks for reaching out.

Previously we had the fortify folder in O: drive, now we installed it in default path i.e. C:/users/username/.fortify

So, you mean, i should copy the \conf folder from O: drive to C: drive and restart the tomcat service?

Will it enable the LDAP connection again? 
0 Likes
Highlighted
Micro Focus Expert
Micro Focus Expert

Re: LDAP input validation failure in Fortify 19.20

Jump to solution

Yes, it should if you copy the contents of conf (specifically the secret.key) from the fortify.home location when SSC was working to the new fortify.home location.

0 Likes
Highlighted
Trusted Contributor.
Trusted Contributor.

Re: LDAP input validation failure in Fortify 19.20

Jump to solution
Dear @ebell,
Thanks very much for the solution. This worked for my DEV environment.
I copied the \conf folder from older installation (O:Drive) to new installation C:Drive and restarted the tomcat and it started working. I was able to login using my AD creds and also able to reset password of admin account.
Could you please let me know what data does the \Conf folder holds with respect to LDAP?

But, when i copied the \conf folder in another env (TEST), the Fortify opened in maintenance mode which did not happen in DEV env. Why does this happen?
Also, even after this, i was not able to login using my AD credentials but able to login with admin account. Does this mean , there is an issue with my LDAP connection and i need to reach out to IT admin?
0 Likes
Highlighted
Micro Focus Expert
Micro Focus Expert

Re: LDAP input validation failure in Fortify 19.20

Jump to solution

The only thing LDAP "related" is the secret.key. The settings and credentials are actually stored in the database. Nothing else in the conf file is LDAP related.

The secret.key should be unique in each SSC installation/instance.

In your other environment, you mentioned SSC started in maintenance mode. This implies the folder is either in the wrong location or doesn't contain all the files. In the conf folder you have:

  • app.properties - this file contains information relative to the application (i.e., host URL, etc.)
  • datasource.properties - this file contains information related to connecting to the database
  • fortify.license - license file
  • log4j2.xml - related to logging
  • secret.key - used while encoding/decoding credentials stored in properties file or database
  • version.properties - this file contains information related to the version of SSC you are running, what version you upgraded from as well as whether the next start should be in maintenance mode. If this file is missing, you will start in maintenance mode. If this file contains the following: maintenance.mode=true you will start in maintenance mode as well.

 

  •  
0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.