Unable to authenticate to reporting API using Kerberos authentication

Article Id: 159761
Status: Published
Updated On: 19-11-2012 04:06
Legacy Id: TECH219567
Products:
Data Loss Prevention Enforce
Issue/Introduction:

Unable to authenticate to reporting API using Kerberos authentication

Authentication fails with error AuthenticationFailedFault: Authentication failed. Details: null

Resolution:

Confirm the following

1. Local Administrator account works with Reporting API
2. You are able to log onto Enforce using AD user authentication

If the first 2 steps above are succesful

Make sure the following syntax is used to provide AD user details in the Reporting API client -

 

<Username>:<Active_Directory_Domain_In_Upper_Case>

OR

<Role>\<Username>:<Active_Directory_Domain_In_Upper_Case>

 

For example:

jdoe:ACME.COM
superuser\jdoe:ACME.COM

If this still does not address the issue, you may need to increase the Reporting API logging for further investigaton.

Enable logging:

Within Vontu\Protect\config\Manager.Logging.properties
set com.vontu.enforce.reportingapi.webservice.log.WebServiceSOAPLogHandler.level to INFO

Clean up the Enforce log directory so it is empty and only contains the tomcat directory. Restart the Services and replicate the problem and collect all logs.
You may want to review the following logs and ensure that they are created:

webservices_soap.log
manager_operational.log
tomcat logs

Specificy the following data is stored in these locations:

Audit log
Audit events will be generated for the following scenarios, and the detail of the event will always identify that it was a Web Service operation:

• A request is made with invalid credentials
• A request is made with a valid username, but invalid role
• A request is made with a valid username and role, but the password is incorrect
• A request is made with valid credentials, but the role specified does not have permission to access the Web Service

Audit events will not be generated for the following scenarios:
• A request is made that does not contain the expected Authentication Headers
• A request is made with valid credentials, but the user requested a report be run for which they do not have access

Operational log
The operational log events will be separated into two files. General events will be recorded in the Manager's operational log. A separate operational log will be used to record requests received by the Web Service. It will provide similar functionality as the tomcat access log.

Manager
The following events will be recorded in the manager operational log:
• Web Service operation failed (ie. you can a report and it encountered an error)