search cancel

JWT Status: Authentication Attempt Failed

book

Article ID: 201521

calendar_today

Updated On:

Products

CA Single Sign On Secure Proxy Server (SiteMinder) CA Single Sign On Agents (SiteMinder) CA Single Sign On Federation (SiteMinder) CA Single Sign On SOA Security Manager (SiteMinder) SITEMINDER

Issue/Introduction

 

We're running a Policy Server and when user tries to login with our
Custom Authentication Scheme (Custom JWT Authentication Scheme), the
Policy Server can't disabiguate the user, and it returns message :

  Status: Authentication Attempt Failed

How can we solve this ?

 

Cause

 

From the Policy Server perspective, when the Custom Authentication
Scheme gets executed, it returns the value 1, which means that the
Custom Authentication Scheme has failed. This is the reason why the
Policy Server cannot authenticate the user, as the Custom
Authentication Scheme failed.

Column 20 being "ReturnValue"

  [10/07/2020][16:39:04.292][16:39:04][2367586][139656121267968][SmAuthUser.cpp:5572][CSmAuthUser::Authenticate][][][][][][][][][][][][][1]

smtracedefault.log :

  [10/07/2020][16:39:04.291][16:39:04][2367586][139656121267968][SmAuthUser.cpp:5245]
  [CSmAuthUser::DisambiguateUser][][][][][][][][][][][][][][][][][][][][]
  [Enter function CSmAuthUser::DisambiguateUser][][][][][][][][][][][][][][][][]
  [][][][][][][][][][][][][][][][][][][][][]

  [10/07/2020][16:39:04.291][16:39:04][2367586][139656121267968][SmAuthUser.cpp:5297]
  [CSmAuthUser::Authenticate][][][][][][][][][][][][][][][][][][][][]
  [Enter function CSmAuthUser::Authenticate][][][][][][][][][][][][][][][][][][]
  [][][][][][][][][][][][][][][][][][][]

  [10/07/2020][16:39:04.291][16:39:04][2367586][139656121267968][SmObjCache.cpp:779]
  [CSmObjCache::Lookup][][][][][][][][][][][][][][][][][][][][]
  [Look up a cached object.][][][][06-0005f667-a822-1ca7-af4f-56b60a210000][][][]
  [][][][][][][][][][][][][][][][][][][][][][][][][][][][][][]

  [10/07/2020][16:39:04.291][16:39:04][2367586][139656121267968][SmAuthUser.cpp:782]
  [ServerTrace][][][][][][][][][][][][][][][][][][][][JWT auth scheme:  secret: 
  {"userClaim":"user.username","certAlias":"mycert","signatureAlgorithm":"RS512",
  "disableSignatureVerification":"no"}][SmJwtAuth:: JWT auth scheme:  secret: 
  {"userClaim":"user.username","certAlias":"mycert","signatureAlgorithm":"RS512",
  "disableSignatureVerification":"no"}][][][][][][][][][][][][][][][][][][][][][]
  [][][][][][][][][][][][][][][][]

  [10/07/2020][16:39:04.291][16:39:04][2367586][139656121267968][SmAuthUser.cpp:782]
  [ServerTrace][][][][][][][][][][][][][][][][][][][][eyJ0eXBlIjoiSldUIiwiYWxnIj
   [...]
  EPbDn2xqELT1NKr6WvcI0Df8JN9d_JmF-FurNjJzpNivXafrfdnR5uQkftLPRyFYNncK2G1Kv][][]
  [][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][]

  [10/07/2020][16:39:04.291][16:39:04][2367586][139656121267968][SmAuthUser.cpp:767]
  [][][][][][][][][][][][][][][][][][][][][][LogMessage:INFO:[sm-Server-03580] 
  SmJwtAuth:JWT token passed in as: eyJ0eXBlIjoiSldUIiwiYWxnIjoiUlM1MTIifQ.eyJpc
   [...]
  LT1NKr6WvcI0Df8JN9d_JmF-FurNjJzpNivXafrfdnR5uQkftLPRyFYNncK2G1Kv][][][][][][]
  [][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][]

  [10/07/2020][16:39:04.292][16:39:04][2367586][139656121267968][SmAuthUser.cpp:1777]
  [CSmAuthUser::SavePasswordState][][][][][][][][][][][][][][][][][][][][]
  [Enter function CSmAuthUser::SavePasswordState][][][][][][][][][][][][][][][]
  [][][][][][][][][][][][][][][][][][][][][][]

  [10/07/2020][16:39:04.292][16:39:04][2367586][139656121267968][SmAuthUser.cpp:1779]
  [CSmAuthUser::SavePasswordState][][][][][][][][][][][][][0][][][][][][][]
  [Leave function CSmAuthUser::SavePasswordState][][][][][][][][][][][][][][][][]
  [][][][][][][][][][][][][][][][][][][][][00:00:00.000010]

>>

  [10/07/2020][16:39:04.292][16:39:04][2367586][139656121267968][SmAuthUser.cpp:5572]
  [CSmAuthUser::Authenticate][][][][][][][][][][][][][1][][][][][][][]
  [Leave function CSmAuthUser::Authenticate][][][][][][][][][][][][][][][][][][]
  [][][][][][][][][][][][][][][][][][][00:00:00.139655156597]

<<

  [10/07/2020][16:39:04.292][16:39:04][2367586][139656121267968][SmAuthUser.cpp:5256]
  [CSmAuthUser::DisambiguateUser][][][][][][][][][][][][][1][][][][][][][]
  [Leave function CSmAuthUser::DisambiguateUser][][][][][][][][][][][][][][][][]
  [][][][][][][][][][][][][][][][][][][][][00:00:00.000823]

 

Environment

 

   Policy Server 12.8SP2 on RedHat 6.7;

 

Resolution

 

Set debug logs on the Custom Authentication Scheme, and bring
correction to the code to make it working completely.

 

Powered by Wolken Software