JWT Authorization and Central User Manager

Im using REST Resource to call services from a client app (Angular). The client is sending a JWT token with every HTTP request to IS. The JWT token is valid, because the IS returns response data and also in the Security Log is:

Successful login to the Integration Server for user XY on port 5555 -> 'restv2/...'

If the user is created on the IS (localhost:5555 Security > User Management), everything is OK. But when I create a user on the MWS (localhost:8585 User Management -> Users) and call the IS service with him, the IS can authorize the user and returns the response data, but right after that the Central User Manager is somehow called and it cant authorize the user.

This happens:

  1. Client calls a IS service with a MWS user
  2. Service.Log ->
    Successful login to the Integration Server for user XY on port 5555 -> 'restv2/...'
  3. IS successfully returns response data to client
  4. Server.Log ->
    [ISS.0024.0009E] The Central User Manager authentication failed with an exception.Unexpected Error: [POP.003.0141] The username/password you entered is invalid.
  5. After a couple of calls the Central User Manager blocks the user
    [ISS.0024.0009E] The Central User Manager authentication failed with an exception.Unexpected Error: [POP.003.0167] Too many failed login attempts for: "XY". You may try to login again in 5 minutes.
  6. The client can still call the services with the JWT token, but not with Basic authentication. Also the user cant login to MWS.

Is there a way to prevent the Central User Manager authentication to happen for MWS users, when the JWT authentication is correct? Why is it even called? And why it cant handle a JWT token?

Hi Martin,

Which version are you using? Please note that similar reported problem was fixed in

IS_10.5_Core_Fix2 and IS_10.3_Core_Fix9

Regards,
-Kalpesh.

Hi, Im currently at IS_10.3_Core_Fix1.
Thank you for helping. I will apply the Fix9