Problems with new enrollment portal after upgrading to 6.4.3 Patch 1

I recently upgraded my Adv. Auth. test environment to 6.4.3.1.  After the upgrade, I can no longer authenticate to the new enrollment portal.  I'm using AD as the repository.  Login to Admin, Helpdesk, and the legacy enrollment portal all work just fine, but it seems anything that uses the OSP fails, I get this error in the browser:

{"status":"error","errors":[{"location":"server","name":"Internal Server Error","description":"ParseError ERROR: Something went wrong: {\n  \"error\":\"server_error\",\n  \"error_description\":\"Unexpected error.\",\n  \"sub_error\":\"exception\"\n}"}]}


Everything else seems fine, it's just the new enrollment portal that I can no longer login to.

I also see this in the system log:

<13>1 2024-06-27T12:23:39.992Z advauth AA - - - CEF:0|NetIQ|AA|6.4.3.1|100|User logon started|4|ep=OSP ep_addr=10.5.0.114 event=Authenticators Management method_name=LDAP_PASSWORD:1 session_id=7a82i1GG0OOYxAcBE6Uy8VAqVe228wFQ tenant_id=def0def0def0def0def0def0def0def0 tenant_name=TOP user_name=AD\\matt p=202
<12>1 2024-06-27T12:23:42.830Z advauth AA - - - CEF:0|NetIQ|AA|6.4.3.1|101|User was successfully logged on|7|chain_name=LDAP Password Only ep=OSP ep_addr=10.5.0.114 event=Authenticators Management method_name=LDAP_PASSWORD:1 session_id=7a82i1GG0OOYxAcBE6Uy8VAqVe228wFQ template_owner=AD\\matt tenant_id=def0def0def0def0def0def0def0def0 tenant_name=TOP user_name=AD\\matt p=202
<13>1 2024-06-27T12:23:43.216Z advauth AA - - - CEF:0|NetIQ|AA|6.4.3.1|2|Request failed|4|dtz=Etc/UTC dvc=10.5.0.32 dvchost=advauth.milford.weisberg.net dvcpid=181 externalId=7a82i1GG0OOYxAcBE6Uy8VAqVe228wFQ outcome=failure reason={"status": "error", "errors": [{"location": "server", "name": "AuError", "msgid": "AUCORE-1056", "description": "User not found"}], "reason": "USER_NOT_FOUND"} rt=1719505423215
<13>1 2024-06-27T12:23:43.241Z advauth AA - - - CEF:0|NetIQ|AA|6.4.3.1|2|Request failed|4|dtz=Etc/UTC dvc=10.5.0.32 dvchost=advauth.milford.weisberg.net dvcpid=175 outcome=failure reason={"status":"error","errors":[{"location":"server","name":"Internal Server Error","description":"ParseError ERROR: Something went wrong: {\\n  \\"error\\":\\"server_error\\",\\n  \\"error_description\\":\\"Unexpected error.\\",\\n  \\"sub_error\\":\\"exception\\"\\n}"}]} rt=1719505423240

It's like the LDAP auth to AD works and then AA cannot find my user for some reason?

Any ideas?

Also, I think my OAuth integration with NAM broke as well, but I haven't tested that throughly yet.

Matt

  • 0  

    Here is some more info, I see this in the WebAuth logs:

    Preamble: [OIDP TOP]
    Txn: W1qc5R7kRAmDFGvre9VEqQ
    Priority Level: FINE
    Java: internal.osp.oidp.service.oauth2.handler.RequestHandler.setJsonError() [1105] thread=http-nio-0.0.0.0-10089-exec-1
    Time: 2024-06-27T18:33:54.810+0000
    Log Data: Error processing OAuth 2.0 request.: internal.osp.oidp.service.oauth2.handler.HandlerException: Unexpected error.
             =>internal.osp.oidp.service.exceptions.OSPPrincipalNotFoundException: Unable to locate principal with identifier "LDAP Password Only\matt".
          internal.osp.oidp.service.oauth2.handler.AuthCodeResolve: AuthCodeResolve.java: handle: 360
          internal.osp.oidp.service.oauth2.handler.Token: Token.java: handle: 54
          internal.osp.oidp.service.oauth2.handler.OAuth2Handler: OAuth2Handler.java: processRequest: 535
          internal.osp.oidp.service.servlets.handler.AuthenticationServiceRequestHandler: AuthenticationServiceRequestHandler.java: handleRequest: 285
          internal.osp.framework.handler.TenantRequestHandler: TenantRequestHandler.java: handleRequest: 156
          internal.osp.framework.handler.OSPHandler: OSPHandler.java: handleRequest: 162
          internal.osp.framework.servlet.OSPServlet: OSPServlet.java: process: 297
          internal.osp.framework.servlet.OSPServlet: OSPServlet.java: doPost: 195
          internal.osp.servlet.http.HttpServlet: HttpServlet.java: service: 126
          internal.osp.servlet.http.HttpServlet: HttpServlet.java: service: 162
          internal.osp.servlet.javax.ServletJavax: ServletJavax.java: service: 81
          org.apache.catalina.core.ApplicationFilterChain: ApplicationFilterChain.java: internalDoFilter: 209
          org.apache.catalina.core.ApplicationFilterChain: ApplicationFilterChain.java: doFilter: 153
          org.apache.tomcat.websocket.server.WsFilter: WsFilter.java: doFilter: 51
          org.apache.catalina.core.ApplicationFilterChain: ApplicationFilterChain.java: internalDoFilter: 178
          org.apache.catalina.core.ApplicationFilterChain: ApplicationFilterChain.java: doFilter: 153
          org.apache.catalina.core.StandardWrapperValve: StandardWrapperValve.java: invoke: 168
          org.apache.catalina.core.StandardContextValve: StandardContextValve.java: invoke: 90
          org.apache.catalina.authenticator.AuthenticatorBase: AuthenticatorBase.java: invoke: 596
          org.apache.catalina.core.StandardHostValve: StandardHostValve.java: invoke: 130
          org.apache.catalina.valves.ErrorReportValve: ErrorReportValve.java: invoke: 93
          org.apache.catalina.valves.AbstractAccessLogValve: AbstractAccessLogValve.java: invoke: 670
          org.apache.catalina.core.StandardEngineValve: StandardEngineValve.java: invoke: 74
          org.apache.catalina.connector.CoyoteAdapter: CoyoteAdapter.java: service: 342
          org.apache.coyote.http11.Http11Processor: Http11Processor.java: service: 390
          org.apache.coyote.AbstractProcessorLight: AbstractProcessorLight.java: process: 63
          org.apache.coyote.AbstractProtocol$ConnectionHandler: AbstractProtocol.java: process: 928
          org.apache.tomcat.util.net.NioEndpoint$SocketProcessor: NioEndpoint.java: doRun: 1,794
          org.apache.tomcat.util.net.SocketProcessorBase: SocketProcessorBase.java: run: 52
          org.apache.tomcat.util.threads.ThreadPoolExecutor: ThreadPoolExecutor.java: runWorker: 1,191
          org.apache.tomcat.util.threads.ThreadPoolExecutor$Worker: ThreadPoolExecutor.java: run: 659
          org.apache.tomcat.util.threads.TaskThread$WrappingRunnable: TaskThread.java: run: 61
          java.lang.Thread: null: run: -1
          Caused by:
          internal.osp.oidp.service.exceptions.OSPPrincipalNotFoundException: Unable to locate principal with identifier "LDAP Password Only\matt".
          internal.osp.oidp.aa.NaafAuthenticationSource: NaafAuthenticationSource.java: fromPrincipalEncoding: 941
          internal.osp.oidp.aa.NaafAuthenticationSource: NaafAuthenticationSource.java: fromPrincipalEncoding: 102
          internal.osp.oidp.service.oauth2.handler.AuthCodeResolve: AuthCodeResolve.java: handle: 203
          internal.osp.oidp.service.oauth2.handler.Token: Token.java: handle: 54
          internal.osp.oidp.service.oauth2.handler.OAuth2Handler: OAuth2Handler.java: processRequest: 535
          internal.osp.oidp.service.servlets.handler.AuthenticationServiceRequestHandler: AuthenticationServiceRequestHandler.java: handleRequest: 285
          internal.osp.framework.handler.TenantRequestHandler: TenantRequestHandler.java: handleRequest: 156
          internal.osp.framework.handler.OSPHandler: OSPHandler.java: handleRequest: 162
          internal.osp.framework.servlet.OSPServlet: OSPServlet.java: process: 297
          internal.osp.framework.servlet.OSPServlet: OSPServlet.java: doPost: 195
          internal.osp.servlet.http.HttpServlet: HttpServlet.java: service: 126
          internal.osp.servlet.http.HttpServlet: HttpServlet.java: service: 162
          internal.osp.servlet.javax.ServletJavax: ServletJavax.java: service: 81
          org.apache.catalina.core.ApplicationFilterChain: ApplicationFilterChain.java: internalDoFilter: 209
          org.apache.catalina.core.ApplicationFilterChain: ApplicationFilterChain.java: doFilter: 153
          org.apache.tomcat.websocket.server.WsFilter: WsFilter.java: doFilter: 51
          org.apache.catalina.core.ApplicationFilterChain: ApplicationFilterChain.java: internalDoFilter: 178
          org.apache.catalina.core.ApplicationFilterChain: ApplicationFilterChain.java: doFilter: 153
          org.apache.catalina.core.StandardWrapperValve: StandardWrapperValve.java: invoke: 168
          org.apache.catalina.core.StandardContextValve: StandardContextValve.java: invoke: 90
          org.apache.catalina.authenticator.AuthenticatorBase: AuthenticatorBase.java: invoke: 596
          org.apache.catalina.core.StandardHostValve: StandardHostValve.java: invoke: 130
          org.apache.catalina.valves.ErrorReportValve: ErrorReportValve.java: invoke: 93
          org.apache.catalina.valves.AbstractAccessLogValve: AbstractAccessLogValve.java: invoke: 670
          org.apache.catalina.core.StandardEngineValve: StandardEngineValve.java: invoke: 74
          org.apache.catalina.connector.CoyoteAdapter: CoyoteAdapter.java: service: 342
          org.apache.coyote.http11.Http11Processor: Http11Processor.java: service: 390
          org.apache.coyote.AbstractProcessorLight: AbstractProcessorLight.java: process: 63
          org.apache.coyote.AbstractProtocol$ConnectionHandler: AbstractProtocol.java: process: 928
          org.apache.tomcat.util.net.NioEndpoint$SocketProcessor: NioEndpoint.java: doRun: 1,794
          org.apache.tomcat.util.net.SocketProcessorBase: SocketProcessorBase.java: run: 52
          org.apache.tomcat.util.threads.ThreadPoolExecutor: ThreadPoolExecutor.java: runWorker: 1,191
          org.apache.tomcat.util.threads.ThreadPoolExecutor$Worker: ThreadPoolExecutor.java: run: 659
          org.apache.tomcat.util.threads.TaskThread$WrappingRunnable: TaskThread.java: run: 61
          java.lang.Thread: null: run: -1


    So it is something with the OSP, but I don't know how to fix it.

    Matt

  • 0   in reply to   

    Hi Matt!

    I have seen something similar on one test AA appliance upgraded to 6.4.3.

    When enabling debug logs I could see following in OSP log:

    Preamble: [OIDP TOP]
    Txn: p8krJr08Qy-GJomrE1n4pQ
    Priority Level: FINER
    Java: internal.osp.oidp.aa.rest.NaafRestRequest.issueRequestWithRetry() [536] thread=http-nio-0.0.0.0-10089-exec-2
    Elapsed time: 20.20 seconds
    Time: 2024-06-05T14:41:25.466+0000
    Log Data: Issue GET to http://127.0.0.1:6001/api/v1/users?user_name=EDIR%5C<user>&attributes=user_mobile_phone%2Cuser_email%2Crepo_obj_id%2Cuser_dn%2Cuser_cn%2Cuser_last_name%2Cuser_name%2Cuser_name_netbios%2Cuser_role_assignments%2Cuser_first_name%2Cuser_repository_alias%2Cuser_id%2Cbio_auth_code%2Cuser_sid%2CobjectGUID%2Cevent_name%2Crepo_name%2Cuser_upn%2Cuser_groups&tenant_name=TOP&endpoint_session_id=<sessionid>&txn=<txn>
       SSLSocketFactory: true
       HostnameVerifier: false
       Connect timeout: 500
       Read timeout: 20000
       Request headers:
          cookie: <redacted>
          Accept: application/json; charset=UTF-8
          X-Forwarded-For: <redacted>
          Accept-Language: en-GB,en;q=0.9,de-DE;q=0.8,de;q=0.7,en-US;q=0.6
    
    Preamble: [OIDP TOP]
    Txn: p8krJr08Qy-GJomrE1n4pQ
    Priority Level: FINE
    Java: internal.osp.oidp.aa.NaafSource.searchImpl() [1479] thread=http-nio-0.0.0.0-10089-exec-2
    Time: 2024-06-05T14:41:45.495+0000
    Log Data: Error contacting Advanced Authentication server while searching: internal.atlaslite.jcce.exception.CoreCommunicationException: Error communicating with AA server during user lookup.
             =>java.net.SocketTimeoutException: Read timed out
          internal.osp.oidp.aa.NaafSource: NaafSource.java: findUserEx: 2,592
          internal.osp.oidp.aa.NaafSource: NaafSource.java: searchImpl: 1,451
          internal.osp.oidp.service.source.data.DataSourceHasSearchImpl: DataSourceHasSearchImpl.java: search: 133
          internal.osp.oidp.aa.NaafAuthenticationSource: NaafAuthenticationSource.java: searchUser: 565
          internal.osp.oidp.aa.NaafAuthenticationSource: NaafAuthenticationSource.java: searchUserByNameEx: 528
          internal.osp.oidp.service.authentication.classes.AuthenticationClass$NamePrincipalFinder: AuthenticationClass.java: findPrincipals: 989
          internal.osp.oidp.service.authentication.classes.PrincipalFinder: PrincipalFinder.java: findPrincipals: 247
          internal.osp.oidp.service.authentication.classes.AuthenticationClass: AuthenticationClass.java: findPrincipals: 480
          internal.osp.oidp.service.authentication.classes.AuthenticationClass: AuthenticationClass.java: findPrincipals: 425
          internal.osp.oidp.service.authentication.classes.PrincipalSelectionAuthClass: PrincipalSelectionAuthClass.java: handlePostedData: 767
          internal.osp.oidp.service.authentication.classes.PrincipalSelectionAuthClass: PrincipalSelectionAuthClass.java: handlePostedData: 525
          internal.osp.oidp.service.authentication.classes.PrincipalSelectionAuthClass: PrincipalSelectionAuthClass.java: doAuthenticate: 272
          internal.osp.oidp.aa.auth.NaafSelectPrincipal: NaafSelectPrincipal.java: doAuthenticate: 174
          internal.osp.oidp.aa.auth.NaafSelectPrincipal: NaafSelectPrincipal.java: doAuthenticate: 55
          internal.osp.oidp.service.authentication.classes.AuthenticationClass: AuthenticationClass.java: authenticate: 553
          internal.osp.oidp.service.profile.authentication.MethodProfile: MethodProfile.java: authenticateMethod: 1,031
          internal.osp.oidp.service.profile.authentication.MethodProfile: MethodProfile.java: executeMethods: 710
          internal.osp.oidp.service.profile.authentication.ContractExecutionProfile: ContractExecutionProfile.java: exec: 820
          internal.osp.oidp.service.profile.authentication.ContractExecutionProfile: ContractExecutionProfile.java: execute: 779
          internal.osp.oidp.service.profile.LoginProfile: LoginProfile.java: executeContract: 1,008
          internal.osp.oidp.service.profile.LoginProfile: LoginProfile.java: login: 415
          internal.osp.oidp.service.profile.LoginProfile: LoginProfile.java: login: 325
          internal.osp.oidp.service.servlets.handler.CommonHandler: CommonHandler.java: processRequest: 581
          internal.osp.oidp.service.servlets.handler.AuthenticationServiceRequestHandler: AuthenticationServiceRequestHandler.java: handleRequest: 332
          internal.osp.framework.handler.TenantRequestHandler: TenantRequestHandler.java: handleRequest: 156
          internal.osp.framework.handler.OSPHandler: OSPHandler.java: handleRequest: 162
          internal.osp.framework.servlet.OSPServlet: OSPServlet.java: process: 273
          internal.osp.framework.servlet.OSPServlet: OSPServlet.java: doPost: 183
          internal.osp.servlet.http.HttpServlet: HttpServlet.java: service: 126
          internal.osp.servlet.http.HttpServlet: HttpServlet.java: service: 162
          internal.osp.servlet.javax.ServletJavax: ServletJavax.java: service: 81
          org.apache.catalina.core.ApplicationFilterChain: ApplicationFilterChain.java: internalDoFilter: 209
          org.apache.catalina.core.ApplicationFilterChain: ApplicationFilterChain.java: doFilter: 153
          org.apache.tomcat.websocket.server.WsFilter: WsFilter.java: doFilter: 51
          org.apache.catalina.core.ApplicationFilterChain: ApplicationFilterChain.java: internalDoFilter: 178
          org.apache.catalina.core.ApplicationFilterChain: ApplicationFilterChain.java: doFilter: 153
          org.apache.catalina.core.StandardWrapperValve: StandardWrapperValve.java: invoke: 168
          org.apache.catalina.core.StandardContextValve: StandardContextValve.java: invoke: 90
          org.apache.catalina.authenticator.AuthenticatorBase: AuthenticatorBase.java: invoke: 596
          org.apache.catalina.core.StandardHostValve: StandardHostValve.java: invoke: 130
          org.apache.catalina.valves.ErrorReportValve: ErrorReportValve.java: invoke: 93
          org.apache.catalina.valves.AbstractAccessLogValve: AbstractAccessLogValve.java: invoke: 670
          org.apache.catalina.core.StandardEngineValve: StandardEngineValve.java: invoke: 74
          org.apache.catalina.connector.CoyoteAdapter: CoyoteAdapter.java: service: 342
          org.apache.coyote.http11.Http11Processor: Http11Processor.java: service: 390
          org.apache.coyote.AbstractProcessorLight: AbstractProcessorLight.java: process: 63
          org.apache.coyote.AbstractProtocol$ConnectionHandler: AbstractProtocol.java: process: 928
          org.apache.tomcat.util.net.NioEndpoint$SocketProcessor: NioEndpoint.java: doRun: 1,794
          org.apache.tomcat.util.net.SocketProcessorBase: SocketProcessorBase.java: run: 52
          org.apache.tomcat.util.threads.ThreadPoolExecutor: ThreadPoolExecutor.java: runWorker: 1,191
          org.apache.tomcat.util.threads.ThreadPoolExecutor$Worker: ThreadPoolExecutor.java: run: 659
          org.apache.tomcat.util.threads.TaskThread$WrappingRunnable: TaskThread.java: run: 61
          java.lang.Thread: null: run: -1
          Caused by:
          java.net.SocketTimeoutException: Read timed out
          sun.nio.ch.NioSocketImpl: null: timedRead: -1
          sun.nio.ch.NioSocketImpl: null: implRead: -1
          sun.nio.ch.NioSocketImpl: null: read: -1
          sun.nio.ch.NioSocketImpl$1: null: read: -1
          java.net.Socket$SocketInputStream: null: read: -1
          java.io.BufferedInputStream: null: fill: -1
          java.io.BufferedInputStream: null: read1: -1
          java.io.BufferedInputStream: null: read: -1
          sun.net.www.http.HttpClient: null: parseHTTPHeader: -1
          sun.net.www.http.HttpClient: null: parseHTTP: -1
          sun.net.www.http.HttpClient: null: parseHTTPHeader: -1
          sun.net.www.http.HttpClient: null: parseHTTP: -1
          sun.net.www.protocol.http.HttpURLConnection: null: getInputStream0: -1
          sun.net.www.protocol.http.HttpURLConnection: null: getInputStream: -1
          java.net.HttpURLConnection: null: getResponseCode: -1
          internal.atlaslite.jcce.net.HttpRequest: HttpRequest.java: issue: 873
          internal.osp.oidp.aa.rest.NaafRestRequest: NaafRestRequest.java: issueRequestWithRetry: 539
          internal.osp.oidp.aa.rest.NaafRestRequest: NaafRestRequest.java: issueGet: 332
          internal.osp.oidp.aa.rest.ReadUser: ReadUser.java: issueRequest: 170
          internal.osp.oidp.aa.rest.ReadUser: ReadUser.java: issueRequest: 31
          internal.osp.oidp.aa.NaafSource: NaafSource.java: findUserEx: 2,512
          internal.osp.oidp.aa.NaafSource: NaafSource.java: searchImpl: 1,451
          internal.osp.oidp.service.source.data.DataSourceHasSearchImpl: DataSourceHasSearchImpl.java: search: 133
          internal.osp.oidp.aa.NaafAuthenticationSource: NaafAuthenticationSource.java: searchUser: 565
          internal.osp.oidp.aa.NaafAuthenticationSource: NaafAuthenticationSource.java: searchUserByNameEx: 528
          internal.osp.oidp.service.authentication.classes.AuthenticationClass$NamePrincipalFinder: AuthenticationClass.java: findPrincipals: 989
          internal.osp.oidp.service.authentication.classes.PrincipalFinder: PrincipalFinder.java: findPrincipals: 247
          internal.osp.oidp.service.authentication.classes.AuthenticationClass: AuthenticationClass.java: findPrincipals: 480
          internal.osp.oidp.service.authentication.classes.AuthenticationClass: AuthenticationClass.java: findPrincipals: 425
          internal.osp.oidp.service.authentication.classes.PrincipalSelectionAuthClass: PrincipalSelectionAuthClass.java: handlePostedData: 767
          internal.osp.oidp.service.authentication.classes.PrincipalSelectionAuthClass: PrincipalSelectionAuthClass.java: handlePostedData: 525
          internal.osp.oidp.service.authentication.classes.PrincipalSelectionAuthClass: PrincipalSelectionAuthClass.java: doAuthenticate: 272
          internal.osp.oidp.aa.auth.NaafSelectPrincipal: NaafSelectPrincipal.java: doAuthenticate: 174
          internal.osp.oidp.aa.auth.NaafSelectPrincipal: NaafSelectPrincipal.java: doAuthenticate: 55
          internal.osp.oidp.service.authentication.classes.AuthenticationClass: AuthenticationClass.java: authenticate: 553
          internal.osp.oidp.service.profile.authentication.MethodProfile: MethodProfile.java: authenticateMethod: 1,031
          internal.osp.oidp.service.profile.authentication.MethodProfile: MethodProfile.java: executeMethods: 710
          internal.osp.oidp.service.profile.authentication.ContractExecutionProfile: ContractExecutionProfile.java: exec: 820
          internal.osp.oidp.service.profile.authentication.ContractExecutionProfile: ContractExecutionProfile.java: execute: 779
          internal.osp.oidp.service.profile.LoginProfile: LoginProfile.java: executeContract: 1,008
          internal.osp.oidp.service.profile.LoginProfile: LoginProfile.java: login: 415
          internal.osp.oidp.service.profile.LoginProfile: LoginProfile.java: login: 325
          internal.osp.oidp.service.servlets.handler.CommonHandler: CommonHandler.java: processRequest: 581
          internal.osp.oidp.service.servlets.handler.AuthenticationServiceRequestHandler: AuthenticationServiceRequestHandler.java: handleRequest: 332
          internal.osp.framework.handler.TenantRequestHandler: TenantRequestHandler.java: handleRequest: 156
          internal.osp.framework.handler.OSPHandler: OSPHandler.java: handleRequest: 162
          internal.osp.framework.servlet.OSPServlet: OSPServlet.java: process: 273
          internal.osp.framework.servlet.OSPServlet: OSPServlet.java: doPost: 183
          internal.osp.servlet.http.HttpServlet: HttpServlet.java: service: 126
          internal.osp.servlet.http.HttpServlet: HttpServlet.java: service: 162
          internal.osp.servlet.javax.ServletJavax: ServletJavax.java: service: 81
          org.apache.catalina.core.ApplicationFilterChain: ApplicationFilterChain.java: internalDoFilter: 209
          org.apache.catalina.core.ApplicationFilterChain: ApplicationFilterChain.java: doFilter: 153
          org.apache.tomcat.websocket.server.WsFilter: WsFilter.java: doFilter: 51
          org.apache.catalina.core.ApplicationFilterChain: ApplicationFilterChain.java: internalDoFilter: 178
          org.apache.catalina.core.ApplicationFilterChain: ApplicationFilterChain.java: doFilter: 153
          org.apache.catalina.core.StandardWrapperValve: StandardWrapperValve.java: invoke: 168
          org.apache.catalina.core.StandardContextValve: StandardContextValve.java: invoke: 90
          org.apache.catalina.authenticator.AuthenticatorBase: AuthenticatorBase.java: invoke: 596
          org.apache.catalina.core.StandardHostValve: StandardHostValve.java: invoke: 130
          org.apache.catalina.valves.ErrorReportValve: ErrorReportValve.java: invoke: 93
          org.apache.catalina.valves.AbstractAccessLogValve: AbstractAccessLogValve.java: invoke: 670
          org.apache.catalina.core.StandardEngineValve: StandardEngineValve.java: invoke: 74
          org.apache.catalina.connector.CoyoteAdapter: CoyoteAdapter.java: service: 342
          org.apache.coyote.http11.Http11Processor: Http11Processor.java: service: 390
          org.apache.coyote.AbstractProcessorLight: AbstractProcessorLight.java: process: 63
          org.apache.coyote.AbstractProtocol$ConnectionHandler: AbstractProtocol.java: process: 928
          org.apache.tomcat.util.net.NioEndpoint$SocketProcessor: NioEndpoint.java: doRun: 1,794
          org.apache.tomcat.util.net.SocketProcessorBase: SocketProcessorBase.java: run: 52
          org.apache.tomcat.util.threads.ThreadPoolExecutor: ThreadPoolExecutor.java: runWorker: 1,191
          org.apache.tomcat.util.threads.ThreadPoolExecutor$Worker: ThreadPoolExecutor.java: run: 659
          org.apache.tomcat.util.threads.TaskThread$WrappingRunnable: TaskThread.java: run: 61
          java.lang.Thread: null: run: -1

    So it is call to http://127.0.0.1:6001/api/v1/users?user_name=EDIR%5C<user>&attributes=.... while searching for user in repository EDIR failing

    Interestingly, just before this call I can see similar call for searching for user in LOCAL repo. This one does not time out but properly return "not found" (since user does not exist in local repo):

    Preamble: [OIDP TOP]
    Txn: p8krJr08Qy-GJomrE1n4pQ
    Priority Level: FINER
    Java: internal.osp.oidp.aa.rest.NaafRestRequest.issueRequestWithRetry() [536] thread=http-nio-0.0.0.0-10089-exec-2
    Elapsed time: 93.178 milliseconds
    Time: 2024-06-05T14:41:25.372+0000
    Log Data: Issue GET to http://127.0.0.1:6001/api/v1/users?user_name=LOCAL%5C<user>&attributes=user_mobile_phone%2Cuser_email%2Crepo_obj_id%2Cuser_dn%2Cuser_cn%2Cuser_last_name%2Cuser_name%2Cuser_name_netbios%2Cuser_role_assignments%2Cuser_first_name%2Cuser_repository_alias%2Cuser_id%2Cbio_auth_code%2Cuser_sid%2CobjectGUID%2Cevent_name%2Crepo_name%2Cuser_upn%2Cuser_groups&tenant_name=TOP&endpoint_session_id=<sessionid>&txn=<txn>
       SSLSocketFactory: true
       HostnameVerifier: false
       Connect timeout: 500
       Read timeout: 20000
       Request headers:
          cookie: <redacted>
          Accept: application/json; charset=UTF-8
          X-Forwarded-For: <redacted>
          Accept-Language: en-GB,en;q=0.9,de-DE;q=0.8,de;q=0.7,en-US;q=0.6
       Status: 404
       Response headers:
          [HTTP/1.1 404 Not Found]
          Content-Length: 159
          Content-Type: application/json
       Response data:
          {
            "status":*****,
            "errors":[
              {
                "location":*****,
                "name":*****,
                "msgid":*****,
                "description":*****
              }
            ],
            "reason":*****
          }
    

    So it was failing whatever is running on port 6001.

    Unfortunately I did not have time to troubleshoot further since that was just a test appliance, but maybe you can check if you see similar calls failing.

    Kind regards,

    Sebastijan

    Kind regards,

    Sebastijan

    If you found this post useful, give it a “Like” or click on "Verify Answer" under the "More" button

  • 0

    Hi Matt, I have the same issue with a clean install no configuration at all. Same error when I access the enrollment portal.

  • 0   in reply to 

    Thanks for reporting this.  I was considering exporting my configuration and rebuilding from scratch, but I'll hold off at this point.

    I do have a support case open, but so far they just sent me documentation links on the new enrollment portal (even though I included detailed information on the issue including the logs).

    If I get any answers, I'll report back.

    Matt

  • 0 in reply to   

    Hi Matt my pleasure. I find out that by disabling the Enable New Enrollment UI set it to "OFF" then the enrollment page works in my case. And turning it back "ON" results in the issue coming back.

    Maybe you can use that in the support case.

    Kind regards

    Casper

  • 0 in reply to 

    Hi again Matt, sorry I just read your post again and could see you already knew that the legacy enrollment still works. ;-) So never mind my post.

  • 0

    Hi Matt,

    I had a similar issue. Do you have set "Username-less login enabled" in Methods- Fido2? 

  • 0  

    Hello Matt,

    A couple of questions on this, while we wait for TS to elevate this to Development.

    Can you tell me what are the values under Policies-> Login Options? What is the order of the repositories?

    Also, from what version have you upgraded? Have you renamed the local Admin user before the upgrade?

    Are users entering the DOMAIN\USER or just the user?

    Thanks.

    Regards,

    Luciano Testa

  • 0  

    Hello Matt,

    A couple of questions on this, while we wait for TS to elevate this to Development.

    Can you tell me what are the values under Policies-> Login Options? What is the order of the repositories?

    Also, from what version have you upgraded? Have you renamed the local Admin user before the upgrade?

    Are users entering the DOMAIN\USER or just the user?

    Thanks.

    Regards,

  • 0 in reply to 

    Hi again Matt, I have my NewUI enrollment working again. I found that under Policies->Web Authentication the Identity url was: Global.sol I updated it to my AA url and it worked. Maybe you can try it out as well ?

    Kind regards

    Casper