Anonymous_User Absent Member.
Absent Member.
1454 views

reCaptcha


Hi , I've configured the Forgotten Password option with reCaptcha
settings. It correctly shows the reCaptcha image verification codes, but
after I enter them or whatever character I get the message:

PWM 5032
An error occurred while validating captcha response. Please close your
brower and try again. If this error occurs repeatedly contact your
helpdesk.

The detailed log shows:
event: Fatal Event
instanceID: 9E90BC4296047096
timestamp: Wed Jun 06 10:08:47 ART 2012
level: FATAL
actor:
date: Wed Jun 06 10:08:47 ART 2012
source:
topic: password.pwm.servlet.CaptchaServlet
message: error org.apache.http.conn.HttpHostConnectException during
recaptcha api validation: 5032 ERROR_CAPTCHA_API_ERROR (unexpected error
during recpatcha API execution: Connection to http://www.google.com
refused)

I'm using an internet proxy on the server running sspr and I can
correctly browser to www.google.com, should I need to configure it
anywhere else?


--
mcando
------------------------------------------------------------------------
mcando's Profile: https://forums.netiq.com/member.php?userid=4268
View this thread: https://forums.netiq.com/showthread.php?t=47959

0 Likes
6 Replies
Anonymous_User Absent Member.
Absent Member.

Re: reCaptcha

My guess is that your proxy is upset. I just set this up for the first
time, generated and entered the public and private keys from the reCAPTCHA
site, and was able to move through the reCAPTCHA prompts very nicely.
Worst case, get a LAN trace from the server and post it somewhere for us
to access and review:

Code:
----------
sudo /usr/sbin/tcpdump -n -s 0 -w /tmp/recaptcha.cap
----------

Good luck.
0 Likes
Anonymous_User Absent Member.
Absent Member.

Re: reCaptcha


I ran into the same issue and got it working by adjusting proxy
settings.

Note that although you can log into the server as an interactive user,
kick open a web browser and hit an internet site...that has nothing to
do with the web application hitting the google.com api site.
That will be running with an entirely different credential set and may
not obey proxy settings (e.g. because they are for the browser - NOT
tomcat, etc.).

Use configuration mode -> settings -> integration/developer -> http
proxy
Enter your proxy like http://myProxyServer.company.com:8080 (colon &
port - adjust for your port if it is not 80)
I don't see an option for placing credentials in for auth for the
proxy...so in addition to setting the proxy URL, you need to allow
anonymous access to "google.com" from your proxy.

Hope that helps.

If you don't want to use a proxy, you can adjust routing rules (firewall
rules) as an alternative - remember - proxy settings are generally
per-application and are independent of network routing (i.e. firewall
rules). In this example, you would allow HTTP/HTTP traffic to be routed
right out to google.com IP addresses - this is less maintainable overall
in most enterprise setups...and thus the proxy is generally used
instead.


--
choponis
------------------------------------------------------------------------
choponis's Profile: https://forums.netiq.com/member.php?userid=5896
View this thread: https://forums.netiq.com/showthread.php?t=47959

0 Likes
Anonymous_User Absent Member.
Absent Member.

Re: reCaptcha


Yes, I've recently tried with configuration mode -> settings ->
integration/developer -> http proxy , also with authentication string
(I'm using SSPR v.3) in the format
http://username:password@servername:80 but now I'm having a 'login
failed' message as if the proxy user's password is not correct and thus
the account is being blocked. I can confirm the user's password is ok,
because it's a service user and it's being used by other applications as
well.
Unfortunately I'm not able to test a non proxy config or proxy w/o auth
because our policies do not allow us to.
I'm suspecting there's a bug in the way the username:password is being
sent but can't figure out by now.





choponis;236484 Wrote:
> I ran into the same issue and got it working by adjusting proxy
> settings.
>
> Note that although you can log into the server as an interactive user,
> kick open a web browser and hit an internet site...that has nothing to
> do with the web application hitting the google.com api site.
> That will be running with an entirely different credential set and may
> not obey proxy settings (e.g. because they are for the browser - NOT
> tomcat, etc.).
>
> Use configuration mode -> settings -> integration/developer -> http
> proxy
> Enter your proxy like http://myProxyServer.company.com:8080 (colon &
> port - adjust for your port if it is not 80)
> I don't see an option for placing credentials in for auth for the
> proxy...so in addition to setting the proxy URL, you need to allow
> anonymous access to "google.com" from your proxy.
>
> Hope that helps.
>
> If you don't want to use a proxy, you can adjust routing rules (firewall
> rules) as an alternative - remember - proxy settings are generally
> per-application and are independent of network routing (i.e. firewall
> rules). In this example, you would allow HTTP/HTTP traffic to be routed
> right out to google.com IP addresses - this is less maintainable overall
> in most enterprise setups...and thus the proxy is generally used
> instead.



--
mcando
------------------------------------------------------------------------
mcando's Profile: https://forums.netiq.com/member.php?userid=4268
View this thread: https://forums.netiq.com/showthread.php?t=47959

0 Likes
Anonymous_User Absent Member.
Absent Member.

Re: reCaptcha


1. Are you absolutely sure you are using port 80 for your proxy? It is
possible, but lots of folks set up proxies with port 8080 or others.
Don't want to insult you with such a basic question, but just looking at
all avenues. If it really is port 80, try dropping the port off your URL
string.
2. Is there another proxy you can use? Some companies may have multiple
proxies - not sure what your layout is, but when i have trouble with
one, i try our alternate for a remote site.
3. If you have to use a proxy with auth, can you at least simplify the
user's password? Make sure you don't have any special chars like "!" or
"%" in there. I would try a very simple username/password format to
eliminate the possibility of chars messing up the syntax when it is
"digested".
4. Is there a way to look at debug logs from your proxy side? Perhaps
you can see why auth is failing, etc.


mcando;236651 Wrote:
> Yes, I've recently tried with configuration mode -> settings ->
> integration/developer -> http proxy , also with authentication string
> (I'm using SSPR v.3) in the format
> http://username:password@servername:80 but now I'm having a 'login
> failed' message as if the proxy user's password is not correct and thus
> the account is being blocked. I can confirm the user's password is ok,
> because it's a service user and it's being used by other applications as
> well.
> Unfortunately I'm not able to test a non proxy config or proxy w/o auth
> because our policies do not allow us to.
> I'm suspecting there's a bug in the way the username:password is being
> sent but can't figure out by now.



--
choponis
------------------------------------------------------------------------
choponis's Profile: https://forums.netiq.com/member.php?userid=5896
View this thread: https://forums.netiq.com/showthread.php?t=47959

0 Likes
Anonymous_User Absent Member.
Absent Member.

Re: reCaptcha


I've found out what the problem was and like to share it..
It was in our proxy ACL rules, we use squid with eDirectory
authentication
which works perfectly with our workstations, but I had to explicitely
add an ACL rule with the SSPR server IP address and it worked.
Thank you guys for your support!



QUOTE=choponis;236700]1. Are you absolutely sure you are using port 80
for your proxy? It is possible, but lots of folks set up proxies with
port 8080 or others. Don't want to insult you with such a basic
question, but just looking at all avenues. If it really is port 80, try
dropping the port off your URL string.
2. Is there another proxy you can use? Some companies may have multiple
proxies - not sure what your layout is, but when i have trouble with
one, i try our alternate for a remote site.
3. If you have to use a proxy with auth, can you at least simplify the
user's password? Make sure you don't have any special chars like "!" or
"%" in there. I would try a very simple username/password format to
eliminate the possibility of chars messing up the syntax when it is
"digested".
4. Is there a way to look at debug logs from your proxy side? Perhaps
you can see why auth is failing, etc.


--
mcando
------------------------------------------------------------------------
mcando's Profile: https://forums.netiq.com/member.php?userid=4268
View this thread: https://forums.netiq.com/showthread.php?t=47959

0 Likes
Anonymous_User Absent Member.
Absent Member.

Re: reCaptcha

Great to hear! Thank-you for sharing your results.

--
Good luck.

If you find this post helpful and are logged into the web interface,
show your appreciation and click on the star below...
0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.