• State Suggested Answer
  • Locked Locked
  • Replies 23 replies
  • Answers 2 answers
  • Subscribers 93 subscribers
  • Views 6099 views
  • Users 0 members are here
Options
Related
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Web SSO - v802

smmellac
over 5 years ago

Trying to test SSO connectivity after upgrading to v8.0.2. Made the following changes

- Authn module - Active directory user account (role based)

- Updated the QER\WebPortal\BaseURL

Below is the error i see in the logs

2018-12-11 09:45:41.2555  INFO (    WebLog gfbbddew5mfu1vshzf4no0an) : Module instance created: VI_Session

2018-12-11 09:45:41.2711  INFO (    WebLog gfbbddew5mfu1vshzf4no0an) : Session gfbbddew5mfu1vshzf4no0an started

2018-12-11 09:45:41.2711  INFO (    WebLog gfbbddew5mfu1vshzf4no0an) : Authenticating session using RoleBasedADSAccount

2018-12-11 09:45:42.3024  WARN (    WebLog gfbbddew5mfu1vshzf4no0an) : System.Exception: Single-sign-on failed, URL was /IdentityManager/ ---> System.AggregateException: One or more errors occurred. ---> VI.Base.ViException: Failed to authenticate user. ---> VI.Base.ViException: The current user could not be determined.

Checked F5 logs as well and it seems like the servers are not even attempting to hit F5 configured URL

Please advise

  • 0 over 5 years ago

    Can you confirm that an employee is linked to this Active Directory account? Also they will need a role

  • 0 over 5 years ago in reply to Troy Grandy

    Employee is linked to AD account. Is there a specific role they need in 1IM?

  • 0 over 5 years ago in reply to smmellac

    All users get a base role by default so that part should already be covered. I don't expect it to be the AD domain not set in authenticated domains under configuration parameters it would show that as an error

    TargetSystem\ADS\AuthenticationDomains

    What are you inputting for the login? Is it domain\username

  • 0 over 5 years ago in reply to Troy Grandy

    Sorry my apologies I thought you said Active Directory user account (manual input/role based)

  • 0 over 5 years ago in reply to Troy Grandy

    I just had this exact same issue in my lab, the issue was caused by the authentication in IIS being set to Anonymous and Windows Authentication. I disabled Anonymous and was then able to login using SSO

  • 0 over 5 years ago in reply to Troy Grandy

    I have anonymous authn disabled and Basic and windows authn enabled

  • 0 over 5 years ago in reply to smmellac

    That combination works for me. Is the site added to the Local Intranet sites in Internet Explorer?

  • 0 over 5 years ago in reply to Troy Grandy

    Yes, it is added to the local intranet sites

  • 0 over 5 years ago in reply to smmellac

    I have seen you mentioned F5. Are you using a load-balancer to access the web portal?

  • 0 over 5 years ago in reply to Markus Weiss-Ehlers

    Markus,

    I have tried with https://<servername>/IdentityManager and that doesnt work either. Below is the complete stack trace

    2018-12-11 14:57:00.0691 WARN ( WebLog qhwdiv035g1cfzjkqddnnvcs) : System.Exception: Single-sign-on failed, URL was /IdentityManager/ ---> System.AggregateException: One or more errors occurred. ---> VI.Base.ViException: Failed to authenticate user. ---> VI.Base.ViException: The current user could not be determined.
    at VI.DB.Auth.AdsAccountHelper.GetSsoIdentity(IAuthProps props)
    at VI.DB.Auth.AuthModRoleBasedADSAccountBase.GetWindowsIdentity(IResolve services, IAuthProps props)
    at VI.DB.Auth.AuthModRoleBasedADSAccountBase.GetPersonDataAsync(IDbSession dbSession, IResolve services, IAuthProps props, CancellationToken cancellationToken)
    at VI.DB.Auth.AuthModRoleBasedBase.<AuthenticateAsync>d__1.MoveNext()
    --- End of stack trace from previous location where exception was thrown ---
    at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
    at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
    at VI.DB.Auth.DbAuthenticator.<AuthenticateAsync>d__10.MoveNext()
    --- End of inner exception stack trace ---
    at VI.DB.Auth.DbAuthenticator.<AuthenticateAsync>d__10.MoveNext()
    --- End of stack trace from previous location where exception was thrown ---
    at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
    at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
    at VI.DB.Entities.SessionFactoryImpl.<>c__DisplayClass16_0.<<OpenAsync>b__0>d.MoveNext()
    --- End of stack trace from previous location where exception was thrown ---
    at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
    at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
    at VI.DB.Entities.SessionFactoryImpl.<_OpenAsync>d__19.MoveNext()
    --- End of stack trace from previous location where exception was thrown ---
    at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
    at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
    at VI.DB.Entities.SessionFactoryImpl.<OpenAsync>d__16.MoveNext()
    --- End of inner exception stack trace ---
    at System.Threading.Tasks.Task`1.GetResultCore(Boolean waitCompletionNotification)
    at VI.Base.SyncActions.Do[T](Func`1 function)
    at VI.DB.Implementation.Connection.Authenticate(IAuthProps props)
    at VI.WebRuntime.UserSession.HandleLogin(IAuthPropCollector auth)
    at VI.WebRuntime.UserSession.Authenticate(IAuthPropCollector auth)
    at VI.WebRuntime.Communication.RequestAuthenticationModule.TrySingleSignOn(HttpContextBase context, IUserSession userSession)
    --- End of inner exception stack trace --- System.Exception: Single-sign-on failed, URL was /IdentityManager/ ---> System.AggregateException: One or more errors occurred. ---> VI.Base.ViException: Failed to authenticate user. ---> VI.Base.ViException: The current user could not be determined.
    at VI.DB.Auth.AdsAccountHelper.GetSsoIdentity(IAuthProps props)
    at VI.DB.Auth.AuthModRoleBasedADSAccountBase.GetWindowsIdentity(IResolve services, IAuthProps props)
    at VI.DB.Auth.AuthModRoleBasedADSAccountBase.GetPersonDataAsync(IDbSession dbSession, IResolve services, IAuthProps props, CancellationToken cancellationToken)
    at VI.DB.Auth.AuthModRoleBasedBase.<AuthenticateAsync>d__1.MoveNext()
    --- End of stack trace from previous location where exception was thrown ---
    at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
    at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
    at VI.DB.Auth.DbAuthenticator.<AuthenticateAsync>d__10.MoveNext()
    --- End of inner exception stack trace ---
    at VI.DB.Auth.DbAuthenticator.<AuthenticateAsync>d__10.MoveNext()
    --- End of stack trace from previous location where exception was thrown ---
    at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
    at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
    at VI.DB.Entities.SessionFactoryImpl.<>c__DisplayClass16_0.<<OpenAsync>b__0>d.MoveNext()
    --- End of stack trace from previous location where exception was thrown ---
    at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
    at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
    at VI.DB.Entities.SessionFactoryImpl.<_OpenAsync>d__19.MoveNext()
    --- End of stack trace from previous location where exception was thrown ---
    at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
    at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
    at VI.DB.Entities.SessionFactoryImpl.<OpenAsync>d__16.MoveNext()
    --- End of inner exception stack trace ---
    at System.Threading.Tasks.Task`1.GetResultCore(Boolean waitCompletionNotification)
    at VI.Base.SyncActions.Do[T](Func`1 function)
    at VI.DB.Implementation.Connection.Authenticate(IAuthProps props)
    at VI.WebRuntime.UserSession.HandleLogin(IAuthPropCollector auth)
    at VI.WebRuntime.UserSession.Authenticate(IAuthPropCollector auth)
    at VI.WebRuntime.Communication.RequestAuthenticationModule.TrySingleSignOn(HttpContextBase context, IUserSession userSession)
    --- End of inner exception stack trace ---
    2018-12-11 14:57:00.0847 INFO ( WebLog qhwdiv035g1cfzjkqddnnvcs) : Creating form VI_Session Start