Authentication fails for users from Database Directory Service on IS

We have LDAP(database based directory)
image
connected to the MWS and I can see it under the Common Directory Service of IS as well. And we can successfully login to MWS with the user from the LDAP. But the same user (who is under TNPartners ACL) fails with authentication error while trying to access an IS service with Default ACL for Read/Write/Execute. The old server that we have migrated from, having the same exact settings with the same user/password doesn’t throw this error. Has anyone faced this issue?

[CommonLib.CDS.0002W] (tid=1079) [002] [POP.012.0001.wm_xt_dbdirsvc] Directory could not authenticate this user com.webMethods.portal.PortalException: [POP.012.0001.wm_xt_dbdirsvc] Directory could not authenticate this user
at com.webMethods.portal.portlet.wm_xt_dbdirsvc.service.DbDirPrincipalProvider.authenticateImpl(DbDirPrincipalProvider.java:68) ~[wm-directory-components.jar:10.15.0.0008-0328]
at com.webMethods.portal.service.dir.impl.DirPrincipalProvider.authenticateUserEx(DirPrincipalProvider.java:152) ~[wm-caf-server.jar:10.15.0.0008-0328]
at com.webMethods.portal.mech.dir.impl.DirSystemMechanics$3.visit(DirSystemMechanics.java:623) ~[wm-caf-server.jar:10.15.0.0008-0328]
at com.webMethods.portal.mech.dir.impl.DirSystemMechanics.visitDirServices(DirSystemMechanics.java:837) [wm-caf-server.jar:10.15.0.0008-0328]
at com.webMethods.portal.mech.dir.impl.DirSystemMechanics.authenticateUser(DirSystemMechanics.java:490) [wm-caf-server.jar:10.15.0.0008-0328]
at com.webMethods.portal.bizPolicy.command.dir.AuthenticateUser._authenticateUser(AuthenticateUser.java:471) [wm-caf-server.jar:10.15.0.0008-0328]
at com.webMethods.portal.bizPolicy.command.dir.AuthenticateUser.authenticateUser(AuthenticateUser.java:498) [wm-caf-server.jar:10.15.0.0008-0328]
at com.webMethods.portal.bizPolicy.biz.dir.impl.DirSystemBizPolicy.authenticateUser(DirSystemBizPolicy.java:127) [wm-caf-server.jar:10.15.0.0008-0328]
at com.webMethods.sc.directory.impl.DirectorySession.authenticateUser(DirectorySession.java:177) [wm-directory.jar:10.15.0.0008-0328]
at com.webMethods.sc.directory.impl.DirectorySession.authenticateUser(DirectorySession.java:168) [wm-directory.jar:10.15.0.0008-0328]
at com.wm.app.b2b.server.cds.CDSUserManager.authenticateUser(CDSUserManager.java:222) [wm-isserver.jar:10.15.0.0000-0674]
at com.wm.app.b2b.server.UserManager.authenticateUser(UserManager.java:1197) [wm-isserver.jar:10.15.0.0000-0674]
at com.wm.app.b2b.server.auth.jaas.BasicLoginModule.authenticate(BasicLoginModule.java:93) [wm-isserver.jar:10.15.0.0000-0674]
at com.softwareag.security.jaas.login.SagAbstractLoginModule.login(SagAbstractLoginModule.java:273) [com.softwareag.security.sin.common_10.15.0.0000-0476.jar:10.15.0.0000-0476]
at javax.security.auth.login.LoginContext.invoke(LoginContext.java:747) [?:?]
at javax.security.auth.login.LoginContext$4.run(LoginContext.java:672) [?:?]
at javax.security.auth.login.LoginContext$4.run(LoginContext.java:670) [?:?]
at java.security.AccessController.doPrivileged(Native Method) ~[?:?]
at javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:670) [?:?]
at javax.security.auth.login.LoginContext.login(LoginContext.java:581) [?:?]
at com.wm.app.b2b.server.AuthenticationManager.authenticate_JAAS(AuthenticationManager.java:183) [wm-isserver.jar:10.15.0.0000-0674]
at com.wm.app.b2b.server.AuthenticationManager.authenticate(AuthenticationManager.java:109) [wm-isserver.jar:10.15.0.0000-0674]
at com.wm.app.b2b.server.HTTPState.getBasicAuthenticatedUser(HTTPState.java:1182) [wm-isserver.jar:10.15.0.0000-0674]
at com.wm.app.b2b.server.HTTPState.getAuthenticatedUser(HTTPState.java:1067) [wm-isserver.jar:10.15.0.0000-0674]
at com.wm.app.b2b.server.HTTPState.processHeader(HTTPState.java:313) [wm-isserver.jar:10.15.0.0000-0674]
at com.wm.app.b2b.server.Dispatch.processHeader(Dispatch.java:235) [wm-isserver.jar:10.15.0.0000-0674]
at com.wm.app.b2b.server.Dispatch.run(Dispatch.java:368) [wm-isserver.jar:10.15.0.0000-0674]
at com.wm.util.pool.PooledThread.run(PooledThread.java:127) [wm-isclient.jar:1.0.3]
at java.lang.Thread.run(Thread.java:829) [?:?]
[ISS.0024.0009E] (tid=1079) The Central User Manager authentication failed with an exception.Unexpected Error: [POP.003.0141] The username/password you entered is invalid.
[ISS.0012.0012W] (tid=1079) Authentication of user “user” failed with exception: Login Failure: all modules ignored.
[ISS.0053.0002C] (tid=1079) Access denied for user on port 5555 → ‘invoke/’ from

Have you tried to restart your IS ?

The exception “[ISS.0024.0009E] (tid=1079) The Central User Manager authentication failed with an exception.Unexpected Error: [POP.003.0141] The username/password you entered is invalid.” says the username/password is not matching. Since you are able to login to MWS with the same user, I would suggest to check the fix levels of MWS FIX and MWS CDS FIX. Better to have the latest fixes on both the side.

1 Like

Are you having issues with only 1 user or all AD users?

1 Like

Thanks, I have done this. Still will check for any available fixes.

All users in that AD. This is Database based directory.
image

Yes, tried it, didn’t help.

Try connecting LDAP using Apache Directory Studio or a different LDAP browser.

According to this log, the service account credentials you use to connect LDAP is wrong. Use the same credentials on LDAP browser, if it connects, update username and password and try again.

I use the same credentials to log into the MWS and the login is successful. Please note this is a directory from the database not the LDAP where we connect with ldap://:. Sorry if the title of my post is misleading.

Did you set the ACLs for the user you are trying to log on to?

This issue is resolved. The root cause was a missing configuration on the wm-mws-library.jar in the IS which needs to be added in order to authenticate users from this particular directory. Thank you all for your contributions.