search cancel

When trying to login to NFA I receive HTTP ERROR 500 Problem accessing /sso/sign-in-process.jsp'.

book

Article ID: 35431

calendar_today

Updated On:

Products

CA Network Flow Analysis (NetQos / NFA)

Issue/Introduction

Problem: 

When trying to login to NFA I receive the error below after entering my user credentials:

HTTP ERROR 500

Problem accessing /sso/sign-in-process.jsp. Reason:

    System.Web.Services.Protocols.SoapException: Server was unable to process request. ---> System.Reflection.TargetInvocationException: Exception has been thrown by the target of an invocation. ---> System.Security.Cryptography.CryptographicException: The input data is not a complete block.
   at System.Security.Cryptography.CapiSymmetricAlgorithm.TransformFinalBlock(Byte[] inputBuffer, Int32 inputOffset, Int32 inputCount)
   at System.Security.Cryptography.CryptoStream.Read(Byte[] buffer, Int32 offset, Int32 count)
   at System.IO.StreamReader.ReadBuffer()
   at System.IO.StreamReader.ReadToEnd()
   at NetQoS.ReporterAnalyzer.Business.RASingleSignOn.DecryptFromBytesUsingAES(Byte[] bytes, Byte[] key, Byte[] initializationVector)
   at NetQoS.ReporterAnalyzer.Business.RASingleSignOn.DecryptCAPCBytesAES(Byte[] bytes)
   at NetQoS.ReporterAnalyzer.Business.RASingleSignOn.DecryptCAPCURLString(String base64URLString)
   at NetQoS.ReporterAnalyzer.Business.RASingleSignOn.GetProperty(String propName)
   --- End of inner exception stack trace ---
   at System.RuntimeMethodHandle._InvokeMethodFast(Object target, Object[] arguments, SignatureStruct& sig, MethodAttributes methodAttributes, RuntimeTypeHandle typeOwner)
   at System.RuntimeMethodHandle.InvokeMethodFast(Object target, Object[] arguments, Signature sig, MethodAttributes methodAttributes, RuntimeTypeHandle typeOwner)
   at System.Reflection.RuntimeMethodInfo.Invoke(Object obj, BindingFlags invokeAttr, Binder binder, Object[] parameters, CultureInfo culture, Boolean skipVisibilityChecks)
   at System.Reflection.RuntimeMethodInfo.Invoke(Object obj, BindingFlags invokeAttr, Binder binder, Object[] parameters, CultureInfo culture)
   at NetQoS.Core.Services.Controller.InvokeMethod(Object objectItem, String methodName, Object[] parameters)
   at NetQoS.DataSource.WebService.CallMethod.Invoke(String interfaceName, String methodName, Object[] parameters)
   at NetQoS.DataSource.WebService.SingleSignOnWS.GetProperty(String propName)
   --- End of inner exception stack trace ---

Message in "Test LDAP" Option in the NFA SSO Config Tool:

E:\CA\NFA\Portal\SSO\bin>SsoConfig.exe
Single Sign-On Configuration Tool
Enter q to quit the program or b to go back to previous menu

SSO Configuration:
1. DX NetOps
2. CA Network Flow Analysis
Choose an option > 2

SSO Configuration/CA Network Flow Analysis:
1. LDAP Authentication
2. SAML2 Authentication
3. Performance Center
4. Single Sign-On
5. Test LDAP
6. Export SAML2 Service Provider Metadata
Choose an option > 5

SSO Configuration/CA Network Flow Analysis/Test LDAP
Enter username > user_ldap_test
Enter password >
Invocation of this Java Application has caused an InvocationTargetException. This application will now exit. (LAX)

Stack Trace:
javax.xml.ws.soap.SOAPFaultException: System.Web.Services.Protocols.SoapException: Server was unable to process request. ---> System.Reflection.TargetInvocationException: Exception has been thrown by the target of an invocation. ---> System.Security.Cryptography.CryptographicException: The input data is not a complete block.

Environment

NFA linked to CAPC as a Data Source.

Cause

Local Override set in NFA for the "LDAP Connection Password" is not encrypted by the NFA SSO Configuration tool, however the NFA SSO Module expects the LDAP Password to be encrypted if you are linked to CAPC.  This will only happen if NFA is linked to CAPC, and should not occur with NFA Standalone.

Resolution

1. Make sure the CAPC SSO Settings have the LDAP Connection Password set with "Remote Override" so that the password will sync down to NFA.  If you make any changes make sure to resync the NFA Data Source.

2. Remove the "Local Override" in NFA for the "LDAP Connection Password" by running the query below on the NFA Console server:

mysql -P3308 -D reporter -t -e "delete from performance_center_properties where PropName = 'LdapConnectionPassword' and Priority = 2;"

3. Attempt to login to NFA or test Ldap again