search cancel

"Invalid Credential" Error for JSON REST API webservice call for login

book

Article ID: 254874

calendar_today

Updated On:

Products

SITEMINDER

Issue/Introduction

- Auth Web Service Failing  on Access Gateway when JSON Request format is submitted 
- The same Web Service works fine with XML Request format 

Details:

-----------

 

##### Tested XML based auth Successfully with no issue 


**** POST -->  https://app.authaz.com/authazws/AuthRestService/login/authazapp/ws/test.html

**** Body --> 
<loginRequest>        
       <userName>user1</userName>
       <password>siteminder</password>
       <action>GET</action>         
</loginRequest>

 

**** Response -->  Status 200 

<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<loginResponse>
    <message>Authentication Successful</message>
    <resultCode>LOGIN_SUCCESS</resultCode>
    <sessionToken>E+V9XP5Eak6VKANRWErlTIakgZ2J7ua7m....S4wt5wV6sm</sessionToken>
    <authenticationResponses>
        <response>
            <name>SM_SERVERIDENTITYSPEC</name>
            <value></value>
        </response>
        <response>
            <name>SM_USERDN</name>
            <value>cn=user1,ou=people,dc=joeuserstore,dc=com</value>
        </response>
        <response>
            <name>SM_AUTHDIRNAME</name>
            <value>JoeCADir</value>
        </response>
        <response>
            <name>SM_USER</name>
            <value>user1</value>
        </response>
        <response>
            <name>SM_TRANSACTIONID</name>
            <value>0000000000000000000000000425fd0a-586f-63768995-53213700-1c403f9c4100</value>
        </response>
        <response>
            <name>SM_SERVERSESSIONSPEC</name>
           ......xKbCu6ycBc</value>
        </response>
        <response>
            <name>SM_AUTHDIRNAMESPACE</name>
            <value>LDAP:</value>
        </response>
        <response>
            <name>SM_AUTHTYPE</name>
            <value>Basic</value>
        </response>
        <response>
            <name>SMSSOZONE</name>
            <value>SM</value>
        </response>
        <response>
            <name>SM_AUTHREASON</name>
            <value>0</value>
        </response>
        <response>
            <name>SM_AUTHDIROID</name>
            <value>0e-9cf6d529-be12-43a0-8f65-dd704303534a</value>
        </response>
        <response>
            <name>SM_REALMOID</name>
            <value>06-0007a76d-6be9-1376-a2b1-25030afd0000</value>
        </response>
        <response>
            <name>SM_SERVERSESSIONID</name>
            <value>X8fstRVryOSLA3Q8kDLAPDiU/D8=</value>
        </response>
        <response>
            <name>SM_SESSIONDRIFT</name>
            <value>-1</value>
        </response>
        <response>
            <name>SM_UNIVERSALID</name>
            <value>user1</value>
        </response>
        <response>
            <name>SM_REALM</name>
            <value>AuthAzWebServiceRealm</value>
        </response>
        <response>
            <name>SM_AUTHDIRSERVER</name>
            <value>10.253.37.3:6677</value>
        </response>
        <response>
            <name>SM_TIMETOEXPIRE</name>
            <value>7200</value>
        </response>
    </authenticationResponses>
</loginResponse>

 

 


######  when testing the JSON request format 

 

***** POST -->  https://app.authaz.com/authazws/AuthRestService/login/authazapp/ws/test.html
***** Body --> 
 {"binaryCreds": "","password": "siteminder","userName": "user1","action": "POST"} 

 

***** Response -->  Status 400
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<loginFault>
    <errorMessage>Invalid users credentials.</errorMessage>
    <httpStatus>400</httpStatus>
</loginFault>

 

 


- Looking at the AuthAz log file, The following Exception is seen when triggering the json Auth Call 

2022-Nov-17 19:07:42,702 - ERROR - com.ca.soa.services.authaz.webservice.rest.ValidateRequestPayLoad - null
javax.xml.bind.UnmarshalException: null
 at javax.xml.bind.helpers.AbstractUnmarshallerImpl.createUnmarshalException(AbstractUnmarshallerImpl.java:310) ~[?:2.3.2]
 at com.sun.xml.bind.v2.runtime.unmarshaller.UnmarshallerImpl.createUnmarshalException(UnmarshallerImpl.java:548) ~[jaxb-impl.jar:2.3.5]
 at com.sun.xml.bind.v2.runtime.unmarshaller.UnmarshallerImpl.unmarshal0(UnmarshallerImpl.java:234) ~[jaxb-impl.jar:2.3.5]
 at com.sun.xml.bind.v2.runtime.unmarshaller.UnmarshallerImpl.unmarshal(UnmarshallerImpl.java:199) ~[jaxb-impl.jar:2.3.5]
 at javax.xml.bind.helpers.AbstractUnmarshallerImpl.unmarshal(AbstractUnmarshallerImpl.java:123) ~[?:2.3.2]
 at javax.xml.bind.helpers.AbstractUnmarshallerImpl.unmarshal(AbstractUnmarshallerImpl.java:106) ~[?:2.3.2]
 at com.ca.soa.services.authaz.webservice.util.ValidateAndMarshalPayLoad.getPayLoadObject(Unknown Source) ~[classes/:?]
 at com.ca.soa.services.authaz.webservice.rest.ValidateRequestPayLoad.readFrom(Unknown Source) ~[classes/:?]
 at com.ca.soa.services.authaz.webservice.rest.ValidateRequestPayLoad.readFrom(Unknown Source) ~[classes/:?]
 at org.glassfish.jersey.message.internal.ReaderInterceptorExecutor$TerminalReaderInterceptor.invokeReadFrom(ReaderInterceptorExecutor.java:233) ~[jersey-common.jar:?]
 at org.glassfish.jersey.message.internal.ReaderInterceptorExecutor$TerminalReaderInterceptor.aroundReadFrom(ReaderInterceptorExecutor.java:212) ~[jersey-common.jar:?]
 at org.glassfish.jersey.message.internal.ReaderInterceptorExecutor.proceed(ReaderInterceptorExecutor.java:132) ~[jersey-common.jar:?]
 at org.glassfish.jersey.server.internal.MappableExceptionWrapperInterceptor.aroundReadFrom(MappableExceptionWrapperInterceptor.java:49) ~[jersey-server.jar:?]
 at org.glassfish.jersey.message.internal.ReaderInterceptorExecutor.proceed(ReaderInterceptorExecutor.java:132) ~[jersey-common.jar:?]
 at org.glassfish.jersey.message.internal.MessageBodyFactory.readFrom(MessageBodyFactory.java:1072) ~[jersey-common.jar:?]
 at org.glassfish.jersey.message.internal.InboundMessageContext.readEntity(InboundMessageContext.java:885) ~[jersey-common.jar:?]
 at org.glassfish.jersey.server.ContainerRequest.readEntity(ContainerRequest.java:290) ~[jersey-server.jar:?]
 at org.glassfish.jersey.server.internal.inject.EntityParamValueParamProvider$EntityValueSupplier.apply(EntityParamValueParamProvider.java:73) ~[jersey-server.jar:?]
 at org.glassfish.jersey.server.internal.inject.EntityParamValueParamProvider$EntityValueSupplier.apply(EntityParamValueParamProvider.java:56) ~[jersey-server.jar:?]
 at org.glassfish.jersey.server.spi.internal.ParamValueFactoryWithSource.apply(ParamValueFactoryWithSource.java:50) ~[jersey-server.jar:?]
 at org.glassfish.jersey.server.spi.internal.ParameterValueHelper.getParameterValues(ParameterValueHelper.java:68) ~[jersey-server.jar:?]
 at org.glassfish.jersey.server.model.internal.JavaResourceMethodDispatcherProvider$AbstractMethodParamInvoker.getParamValues(JavaResourceMethodDispatcherProvider.java:109) ~[jersey-server.jar:?]
 at org.glassfish.jersey.server.model.internal.JavaResourceMethodDispatcherProvider$TypeOutInvoker.doDispatch(JavaResourceMethodDispatcherProvider.java:219) ~[jersey-server.jar:?]
 at org.glassfish.jersey.server.model.internal.AbstractJavaResourceMethodDispatcher.dispatch(AbstractJavaResourceMethodDispatcher.java:79) ~[jersey-server.jar:?]
 at org.glassfish.jersey.server.model.ResourceMethodInvoker.invoke(ResourceMethodInvoker.java:475) ~[jersey-server.jar:?]
 at org.glassfish.jersey.server.model.ResourceMethodInvoker.apply(ResourceMethodInvoker.java:397) ~[jersey-server.jar:?]
 at org.glassfish.jersey.server.model.ResourceMethodInvoker.apply(ResourceMethodInvoker.java:81) ~[jersey-server.jar:?]
 at org.glassfish.jersey.server.ServerRuntime$1.run(ServerRuntime.java:255) ~[jersey-server.jar:?]
 at org.glassfish.jersey.internal.Errors$1.call(Errors.java:248) ~[jersey-common.jar:?]
 at org.glassfish.jersey.internal.Errors$1.call(Errors.java:244) ~[jersey-common.jar:?]
 at org.glassfish.jersey.internal.Errors.process(Errors.java:292) ~[jersey-common.jar:?]
 at org.glassfish.jersey.internal.Errors.process(Errors.java:274) ~[jersey-common.jar:?]
 at org.glassfish.jersey.internal.Errors.process(Errors.java:244) ~[jersey-common.jar:?]
 at org.glassfish.jersey.process.internal.RequestScope.runInScope(RequestScope.java:265) ~[jersey-common.jar:?]
 at org.glassfish.jersey.server.ServerRuntime.process(ServerRuntime.java:234) ~[jersey-server.jar:?]
 at org.glassfish.jersey.server.ApplicationHandler.handle(ApplicationHandler.java:684) ~[jersey-server.jar:?]
 at org.glassfish.jersey.servlet.WebComponent.serviceImpl(WebComponent.java:394) ~[jersey-container-servlet-core.jar:?]
 at org.glassfish.jersey.servlet.WebComponent.service(WebComponent.java:346) ~[jersey-container-servlet-core.jar:?]
 at org.glassfish.jersey.servlet.ServletContainer.service(ServletContainer.java:366) ~[jersey-container-servlet-core.jar:?]
 at org.glassfish.jersey.servlet.ServletContainer.service(ServletContainer.java:319) ~[jersey-container-servlet-core.jar:?]
 at org.glassfish.jersey.servlet.ServletContainer.service(ServletContainer.java:205) ~[jersey-container-servlet-core.jar:?]
 at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:227) ~[catalina.jar:9.0.65]
 at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:162) ~[catalina.jar:9.0.65]
 at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:53) ~[tomcat-websocket.jar:9.0.65]
 at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:189) ~[catalina.jar:9.0.65]
 at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:162) ~[catalina.jar:9.0.65]
 at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:197) ~[catalina.jar:9.0.65]
 at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:97) ~[catalina.jar:9.0.65]
 at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:541) ~[catalina.jar:9.0.65]
 at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:135) ~[catalina.jar:9.0.65]
 at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:98) ~[catalina.jar:9.0.65]
 at com.netegrity.proxy.ProxyValve.processRequest(Unknown Source) ~[proxyrt.jar:?]
 at com.netegrity.proxy.ProxyValve.invoke(Unknown Source) ~[proxyrt.jar:?]
 at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:78) ~[catalina.jar:9.0.65]
 at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:360) ~[catalina.jar:9.0.65]
 at org.apache.coyote.ajp.AjpProcessor.service(AjpProcessor.java:433) ~[tomcat-coyote.jar:9.0.65]
 at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:65) ~[tomcat-coyote.jar:9.0.65]
 at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:890) ~[tomcat-coyote.jar:9.0.65]
 at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1789) ~[tomcat-coyote.jar:9.0.65]
 at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49) ~[tomcat-coyote.jar:9.0.65]
 at org.apache.tomcat.util.threads.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1191) ~[tomcat-util.jar:9.0.65]
 at org.apache.tomcat.util.threads.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:659) ~[tomcat-util.jar:9.0.65]
 at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61) ~[tomcat-util.jar:9.0.65]
 at java.lang.Thread.run(Thread.java:748) ~[?:1.8.0_251]
Caused by: org.xml.sax.SAXParseException: Content is not allowed in prolog.
 at org.apache.xerces.util.ErrorHandlerWrapper.createSAXParseException(Unknown Source) ~[xerces.jar:?]
 at org.apache.xerces.util.ErrorHandlerWrapper.fatalError(Unknown Source) ~[xerces.jar:?]
 at org.apache.xerces.impl.XMLErrorReporter.reportError(Unknown Source) ~[xerces.jar:2.12.2]
 at org.apache.xerces.impl.XMLErrorReporter.reportError(Unknown Source) ~[xerces.jar:2.12.2]
 at org.apache.xerces.impl.XMLErrorReporter.reportError(Unknown Source) ~[xerces.jar:2.12.2]
 at org.apache.xerces.impl.XMLScanner.reportFatalError(Unknown Source) ~[xerces.jar:2.12.2]
 at org.apache.xerces.impl.XMLDocumentScannerImpl$PrologDispatcher.dispatch(Unknown Source) ~[xerces.jar:2.12.2]
 at org.apache.xerces.impl.XMLDocumentFragmentScannerImpl.scanDocument(Unknown Source) ~[xerces.jar:2.12.2]
 at org.apache.xerces.parsers.XML11Configuration.parse(Unknown Source) ~[xerces.jar:?]
 at org.apache.xerces.parsers.XML11Configuration.parse(Unknown Source) ~[xerces.jar:?]
 at org.apache.xerces.parsers.XMLParser.parse(Unknown Source) ~[xerces.jar:?]
 at org.apache.xerces.parsers.AbstractSAXParser.parse(Unknown Source) ~[xerces.jar:?]
 at org.apache.xerces.jaxp.SAXParserImpl$JAXPSAXParser.parse(Unknown Source) ~[xerces.jar:?]
 at com.sun.xml.bind.v2.runtime.unmarshaller.UnmarshallerImpl.unmarshal0(UnmarshallerImpl.java:228) ~[jaxb-impl.jar:2.3.5]

 

Environment

Release : 12.8.06x and 12.8 SP7 

Resolution

This is a Defect in the Product for which an updated class was provided as DEV fix within defect DE551216

Please open a case with Support and ask for the fix .

Fix will be included in next official siteminder Release.

Attachments