cancel
Showing results for 
Search instead for 
Did you mean: 

Error 49 - the supplied credential is invalid for <ldap server> when trying Mobile App login...

John_Szefcyk
Confirmed Champ
Confirmed Champ

Let me paint a picture.

Customer XYZ is installing the Mobile Application Broker on a machine inside a DMZ.  They have SSL enabled and are also using LDAP for auto-logon with OnBase.  Within their domain they are able to log into the OnBase Client and OnBase Web Client using LDAP auto-logon. 

From their Mobile Applicaiton server they are able to access the AppServer/service.asmx page no problem.  From their mobile device, they are able to access the MobileBroker/servicetobroker.asmx.  When they try to access the Mobile App (on an Android device), the Mobile App yields a "username cannot be null" error and diagnostics console on the AppServer shows "login failed for <USER> on <DSN>".

When I enable LDAP/NT Authentication logging, OnBase connects to the LDAP server successfully but when OnBase tries to send the network credentials to LDAP, LDAP gives an error 49 - The Supplied credential is invalided for <ldap server> and it lists the server configured in their LDAP configuration (which just earlier in the diagnostics console was successfully connected to).

What could be preventing OnBase from authenticating to the LDAP server from IIS (7.0) within a DMZ? 

NOTE - When they blanked out the domain setting in the web.config for the Mobile Broker and logged into the Mobile App via OnBase authentication, the user was still presented with the "username cannot be null" message but the mobile app logged in.  Also, the Mobile Broker yielded no errors in Diagnostics Console.

1 REPLY 1

AdamShaneHyland
Employee
Employee

Hi John,

The Mobile Apps do not support NT/LDAP with autologin as the other OnBase modules do (ie the OnBase Thick Client or the OnBase Web Client).  When the OnBase system is configured for autologin over NT or LDAP, the Mobile Apps is always going to assume interactive authentication.  This is because there is no way for a mobile device to be verified against a domain at this time.

Typically, the "username cannot be null" refers to a virtual directory being configured for Windows Security.  This means that when an application (ie Internet Explorer for the Web Client or the Android Phone with the Mobile Apps) attempts to view the files in theMobile Apps virtual directory, IIS is going to attempt to retrieve the credentials for the logged in user in order to authenticate the user.  With IE, there is an option to pass those credentails when requested by IIS, but with the mobile devices they are not aware of this functionality thus are not able to pass any credentials to IIS.

The first thing that I would check out is to make sure that the virtual directory for the Mobile Apps Broker is configured for anonymous authentication (ie Anonymous Authentication is enabled and Windows Security is disabled).  

Let me know if this works for you.

Take care.

Getting started

Find what you came for

We want to make your experience in Hyland Connect as valuable as possible, so we put together some helpful links.