Welcome Serena Central users! CLICK HERE
The migration of the Serena Central community is currently underway. Be sure to read THIS MESSAGE to get your new login set up to access your account.
mjuricek1 Absent Member.
Absent Member.
446 views

Password change - service not authorized


Hi all,

as we know, IDM UA 4.5.x does not support the SSO Header authentication
method anymore. But our customer is using SSO Header in his
infrastructure and he has not been agree to change it to SAML. Therefore
we have developed a next layer for UA (apache reverse proxy with Simple
SAML PHP module) which consumes a SSO Header from Airlock and creates a
SAML token. We were struggling several weeks with this but finally it
works.
Unfortunately we have one issue there. The Change password does not
work. If I click on the "Change password" link in the Identity
Self-Service tab, I get a blank content in the main frame. ...nothing is
in the OSP log file (OSP in debug mode) and something more is in
catalina.out but I do not know what can be a problem.

catalina:
2016-01-19 13:14:38,165 [http-bio-443-exec-2] DEBUG
com.novell.roa.resources.PwdMgtResources- [RBPM] service: password
2016-01-19 13:14:38,166 [http-bio-443-exec-2] ERROR
com.novell.roa.resources.PwdMgtResources- [RBPM] Service not
authorized.

Full catalina output is as an attachment.

Please, do you have any idea, what can be wrong?
btw. If the IDM authentication method is username/password we have no
issue. If we switch to the SAML authentication (with our proxy and
Airlock) then we have this issue.

Regards,
Milan


+----------------------------------------------------------------------+
|Filename: catalina.zip |
|Download: https://forums.netiq.com/attachment.php?attachmentid=403 |
+----------------------------------------------------------------------+

--
mjuricek
------------------------------------------------------------------------
mjuricek's Profile: https://forums.netiq.com/member.php?userid=1616
View this thread: https://forums.netiq.com/showthread.php?t=55156

Labels (1)
0 Likes
2 Replies
mjuricek1 Absent Member.
Absent Member.

Re: Password change - service not authorized


hmmm, maybe some cookies are missing...
I increase a log level from debug to trace I see a little bit more.

2016-01-19 15:01:44,678 [http-bio-443-exec-6] TRACE
com.novell.afw.theme.impl.core.ThemeManager- [RBPM] Method START
brandName=Neptune
2016-01-19 15:01:44,678 [http-bio-443-exec-6] TRACE
com.novell.afw.theme.impl.util.CacheExternalUtil- [RBPM] Theme object
RETRIEVED from cache: default-theme
2016-01-19 15:01:44,678 [http-bio-443-exec-6] TRACE
com.novell.afw.theme.impl.util.CacheExternalUtil- [RBPM] Theme object
RETRIEVED from cache: brand.
2016-01-19 15:01:44,679 [http-bio-443-exec-6] DEBUG
com.novell.afw.theme.servlet.ThemebrandServlet- [RBPM]
('Neptune'/'Mycustomer_H2.png') Returning 1435063402000 (RSRC 2015-06-23
14:43:22.366)
2016-01-19 15:01:44,692 [http-bio-443-exec-9] TRACE
com.sssw.fw.session.EboSessionManager- [RBPM] found portal session in
the HTTP session = com.sssw.fw.session.EboHttpSession@797cb544
2016-01-19 15:01:44,692 [http-bio-443-exec-9] TRACE
com.novell.soa.common.i18n.BestLocaleServletFilter- [RBPM] Using
Resource-Group[pwdmgt-resgrp] with bestLocale[en] for
/IDM/roa/v1/util/uuid
2016-01-19 15:01:44,693 [http-bio-443-exec-9] TRACE
com.novell.roa.resources.UtilResources- [RBPM] getUUID
2016-01-19 15:01:44,693 [http-bio-443-exec-9] TRACE
com.sssw.fw.session.EboSessionManager- [RBPM] found portal session in
the HTTP session = com.sssw.fw.session.EboHttpSession@797cb544
2016-01-19 15:01:44,740 [http-bio-443-exec-8] TRACE
com.sssw.fw.session.EboSessionManager- [RBPM] found portal session in
the HTTP session = com.sssw.fw.session.EboHttpSession@797cb544
2016-01-19 15:01:44,740 [http-bio-443-exec-8] TRACE
com.novell.soa.common.i18n.BestLocaleServletFilter- [RBPM] Using
Resource-Group[pwdmgt-resgrp] with bestLocale[en] for
/IDM/roa/v1/pwdmgt/user/cn%3Dpadmin%2Cou%3Dadmins%2Co%3Dswc-esl%2Cdc%3Ddata/password
2016-01-19 15:01:44,742 [http-bio-443-exec-8] TRACE
com.novell.roa.resources.PwdMgtResources- [RBPM]
processPasswordManagementResources GET
2016-01-19 15:01:44,742 [http-bio-443-exec-8] DEBUG
com.novell.roa.resources.PwdMgtResources- [RBPM] userDN:
cn=uaadmin,ou=admins,o=swc-esl,dc=data
2016-01-19 15:01:44,742 [http-bio-443-exec-8] DEBUG
com.novell.roa.resources.PwdMgtResources- [RBPM] service: password
2016-01-19 15:01:44,742 [http-bio-443-exec-8] TRACE
com.novell.pwdmgt.util.PasswordHelper- [RBPM]
isAccessManagerCookiePresent
2016-01-19 15:01:44,742 [http-bio-443-exec-8] TRACE
com.sssw.fw.session.EboSessionManager- [RBPM] found portal session in
the HTTP session = com.sssw.fw.session.EboHttpSession@797cb544
2016-01-19 15:01:44,742 [http-bio-443-exec-8] ERROR
com.novell.roa.resources.PwdMgtResources- [RBPM] Service not
authorized.

....I am digging more
m.


--
mjuricek
------------------------------------------------------------------------
mjuricek's Profile: https://forums.netiq.com/member.php?userid=1616
View this thread: https://forums.netiq.com/showthread.php?t=55156

0 Likes
Highlighted
dsouthard Contributor.
Contributor.

Re: Password change - service not authorized

Did you ever find resolution to this? I am encountering the same problem.

Thanks.
0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.