User authentication failure may fail when there are duplicates in the de_resource table.
Article ID: KB0094008
Updated On:
| Products | Versions |
|---|---|
| TIBCO BPM Enterprise (formerly TIBCO ActiveMatrix BPM) | - |
| Not Applicable | - |
Description
Description:
Symptoms:
Cause:
The X.509 authentication fails when there are duplicate LDAP DN's in the de_resource table.
All valid BPM users are stored in the de_resource table. The DN pattern for
a user is stored in a column - primarydn, in the same table. The alternative
steps mentioned in KB 41850 can lead to duplicate DN (distinguished
names) patterns. Due to these duplicate DN's, any service using a DN based
authentication will fail.
Symptoms:
Service Provider.
11 Nov 2015 06:58:55,443 [httpConnector_261] [INFO ]
com.tibco.amx.login.success - TIBCO-OGS_PA-901431: Request is successfully
authenticated. Properties - [ Principal=UID=admin, OU=system, localPort=50080,
remotePort=38502, localHost=127.0.0.1, remoteHost=127.0.0.1 ]
11 Nov 2015 06:58:55,450 [httpConnector_261] [ERROR]
com.tibco.n2.de.services.impl.SecurityServiceImpl - [ERROR] -
{DE_SECURITY_UNKNOWN_USER} - Unable to identify the user making a service
request. ¬{extendedMessage=`Unable to identify the user making a service
request. [null,userAdmin]`,
componentClassName=`com.tibco.n2.de.services.impl.SecurityServiceImpl`,
requestReceived=`Wed Nov 11 06:58:55 CET 2015`, hostAddress=`1.2.3.4`,
nodeName=`redacted`, eventType=`FAULT`, messageCategory=`SECURITY`,
componentId=`DE`, stackTrace=`com.tibco.n2.de.auth.UnknownResourceException:
Unable to identify the user making a service request. [null,userAdmin]
at
com.tibco.n2.de.auth.SystemAction.authorise(SystemAction.java:511)
at
com.tibco.n2.de.auth.SystemAction.authorise(SystemAction.java:477)
at
com.tibco.n2.de.auth.SystemAction.authorise(SystemAction.java:605)
...
Service Consumer.
11 Nov 2015 07:25:41,000 [tp_20] [ERROR]
com.tibco.amx.cf.logger.internal.proxies.operation.AsyncToAsyncOperationHandler
- TIBCO-AMX-CF-010008: Service Invocation Error for RequestID = "<guid>"
Parent RequestID = "null" Service Name = "<service>" Operation Name =
"<{endpointURI}operation>"
org.osoa.sca.ServiceRuntimeException: com.tibco.bx.core.faults.BxException:
BX-600012: Unable to process message for operation SERVICE in process PROCESS,
module /MODULE/Process Packages/PROCESS.xpdl, module version VERSION.
Caused by: com.tibco.bx.core.faults.BxException: BX-703001: Authorization
failed.
Caused by: java.lang.Exception: securityFault
Cause:
The X.509 authentication fails when there are duplicate LDAP DN's in the de_resource table.
Issue/Introduction
User authentication failure may fail when there are duplicates in the de_resource table.
Resolution
The de_resource table should contain unique primary DN for all users, which are authenticated via X.509. All duplicate rows will need to be deleted for these users from the de_resource table.
Additional Information
Feedback
Yes
No
Powered by
