This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Hyland Community
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Using SSO for authenication but receiving Login failed with error "Either the credentials were incorrect or the specified account is locked"

Go to answer
Stephen_Dinh1
Confirmed Champ
Confirmed Champ

‎09-12-2019 10:42 AM

Our web server is setup to use SiteMinder authenticator.  The asp.net identity account has access to the registry key.  The token was copied from Web to App server using the Single Sign On Config app while running as administrator.

The problem is I'm getting an error saying the account is locked or incorrect.  However, the account is in good standing.

The following was pulled from the trace log on the App Server.

  1. authprops token is null
  2. Hyland.Authentication not present in configuration file.
  3. authType is single sign on.
  4. AuthenticationManager::loadProvider() using Hyland.Authentication.WebServiceCustomAuthProvider in assembly Hyland.Authentication.WebServices, Version=3.0.0.0, Culture=neutral, PublicKeyToken=c02e21dc39c53bb0
    Hyland.Authentication.WebServiceCustomAuthProvider - Payload Validation Successful.
  5. AuthenticationManager::AuthenticateUser() returned user ''

The 4th message indicates to me SSO authenticated successfully.  Or am I reading it wrong.  Where else should I look?  We have this setup successfully in Production but failing in our DR environment.

Labels:
0 Kudos
1 ACCEPTED ANSWER

Go to answer
Alex_French
Elite Collaborator
Elite Collaborator

‎09-12-2019 12:14 PM

Hi Stephen,

We use the Shibboleth SP in in IIS (and we used to use Oracle WebGate in IIS) to turn single-sign on into Siteminder-like authentication to AppNet (it is the SiteMinder license we have installed).

I think (4) says that the payload has been validated - it is formatted, it is trusted base don the shared keys - but five says it couldn't match a user to the SiteMinder payload.

Your AppNet web.config has a <Hyland.Authentication> section, that probably includes some <properties>.

<add key="userIDHeader" value="UID" /> will tell it to look for a username in an incoming server variable named "HTTP_UID".  That might need to be set to something specific to your SiteMinder setup.

You can also add these keys to that section of the AppNet web.config get more information logged for troubleshooting (pending other web.config mailslot settings too):

<add key="logUserName" value="true" />

<add key="logServerVariables" value="true />

Do you have the document "Single Sign-On for Shibboleth/SiteMinder"?  I don't think it has ever been easy to get through Community.  Version 1 was written in Twenty-Thirteen (I spelled that out because Community is trying to turn the digit two into an at-mention), I think by Ian Cordova in the Custom Solutions Group at the time.  It was immensely helpful to us when other Hyland employees didn't know he document existed, and as far as I can tell it is still relatively accurate today (we've done this on OnBase v17).  I'm happy to help you get a copy with some annotations that we made if you don't have it.


 

View answer in original post

3 REPLIES 3

Go to answer
Alex_French
Elite Collaborator
Elite Collaborator

‎09-12-2019 12:14 PM

Hi Stephen,

We use the Shibboleth SP in in IIS (and we used to use Oracle WebGate in IIS) to turn single-sign on into Siteminder-like authentication to AppNet (it is the SiteMinder license we have installed).

I think (4) says that the payload has been validated - it is formatted, it is trusted base don the shared keys - but five says it couldn't match a user to the SiteMinder payload.

Your AppNet web.config has a <Hyland.Authentication> section, that probably includes some <properties>.

<add key="userIDHeader" value="UID" /> will tell it to look for a username in an incoming server variable named "HTTP_UID".  That might need to be set to something specific to your SiteMinder setup.

You can also add these keys to that section of the AppNet web.config get more information logged for troubleshooting (pending other web.config mailslot settings too):

<add key="logUserName" value="true" />

<add key="logServerVariables" value="true />

Do you have the document "Single Sign-On for Shibboleth/SiteMinder"?  I don't think it has ever been easy to get through Community.  Version 1 was written in Twenty-Thirteen (I spelled that out because Community is trying to turn the digit two into an at-mention), I think by Ian Cordova in the Custom Solutions Group at the time.  It was immensely helpful to us when other Hyland employees didn't know he document existed, and as far as I can tell it is still relatively accurate today (we've done this on OnBase v17).  I'm happy to help you get a copy with some annotations that we made if you don't have it.


 

Go to answer
Stephen_Dinh1
Confirmed Champ
Confirmed Champ
In response to Alex_French

‎09-12-2019 12:41 PM

I was missing the following property  <add key="userIDHeader" value="UID" />. 

I feel like I'm fighting myself sometimes since I'll have the web.config file open and make changes there and/or have WAMCON open and make changes there.  This will blow each other's changes since I know I had the property in there one time or another.  Either way... THANK YOU!!

Do you mind sending me that document?  I feel like I've happened upon it before, but don't seem to have a saved copy.  Please send it to stephen.dinh@pemco.com.

0 Kudos

Go to answer
Bonginkosi_Lung
Champ in-the-making
Champ in-the-making
In response to Alex_French

‎10-15-2019 02:05 AM

Hi  Alex

 

Can you send me the document on lungam@bankservafrica.com

 

Thanks

0 Kudos
Getting started

Find what you came for

We want to make your experience in Hyland Connect as valuable as possible, so we put together some helpful links.

Copyright © 2024 Khoros, LLC