Problem:
When trying to login to NFA 9.1 - 23.3.2 I receive the error below after entering my user credentials:
Problem accessing /sso/sign-in-process.jsp. Reason:
System.Web.Services.Protocols.SoapException: Server was unable to process request. ---> System.Reflection.TargetInvocationException: Exception has been thrown by the target of an invocation. ---> System.Security.Cryptography.CryptographicException: The input data is not a complete block. at System.Security.Cryptography.CapiSymmetricAlgorithm.TransformFinalBlock(Byte[] inputBuffer, Int32 inputOffset, Int32 inputCount) at System.Security.Cryptography.CryptoStream.Read(Byte[] buffer, Int32 offset, Int32 count) at System.IO.StreamReader.ReadBuffer() at System.IO.StreamReader.ReadToEnd() at NetQoS.ReporterAnalyzer.Business.RASingleSignOn.DecryptFromBytesUsingAES(Byte[] bytes, Byte[] key, Byte[] initializationVector) at NetQoS.ReporterAnalyzer.Business.RASingleSignOn.DecryptCAPCBytesAES(Byte[] bytes) at NetQoS.ReporterAnalyzer.Business.RASingleSignOn.DecryptCAPCURLString(String base64URLString) at NetQoS.ReporterAnalyzer.Business.RASingleSignOn.GetProperty(String propName) --- End of inner exception stack trace --- at System.RuntimeMethodHandle._InvokeMethodFast(Object target, Object[] arguments, SignatureStruct& sig, MethodAttributes methodAttributes, RuntimeTypeHandle typeOwner) at System.RuntimeMethodHandle.InvokeMethodFast(Object target, Object[] arguments, Signature sig, MethodAttributes methodAttributes, RuntimeTypeHandle typeOwner) at System.Reflection.RuntimeMethodInfo.Invoke(Object obj, BindingFlags invokeAttr, Binder binder, Object[] parameters, CultureInfo culture, Boolean skipVisibilityChecks) at System.Reflection.RuntimeMethodInfo.Invoke(Object obj, BindingFlags invokeAttr, Binder binder, Object[] parameters, CultureInfo culture) at NetQoS.Core.Services.Controller.InvokeMethod(Object objectItem, String methodName, Object[] parameters) at NetQoS.DataSource.WebService.CallMethod.Invoke(String interfaceName, String methodName, Object[] parameters) at NetQoS.DataSource.WebService.SingleSignOnWS.GetProperty(String propName) --- End of inner exception stack trace ---
Message in "Test LDAP" Option in the NFA SSO Config Tool:
E:\CA\NFA\Portal\SSO\bin>SsoConfig.exe
Single Sign-On Configuration Tool
Enter q to quit the program or b to go back to previous menu
SSO Configuration:
1. DX NetOps
2. CA Network Flow Analysis
Choose an option > 2
SSO Configuration/CA Network Flow Analysis:
1. LDAP Authentication
2. SAML2 Authentication
3. Performance Center
4. Single Sign-On
5. Test LDAP
6. Export SAML2 Service Provider Metadata
Choose an option > 5
SSO Configuration/CA Network Flow Analysis/Test LDAP
Enter username > user_ldap_test
Enter password >
Invocation of this Java Application has caused an InvocationTargetException. This application will now exit. (LAX)
Stack Trace:
javax.xml.ws.soap.SOAPFaultException: System.Web.Services.Protocols.SoapException: Server was unable to process request. ---> System.Reflection.TargetInvocationException: Exception has been thrown by the target of an invocation. ---> System.Security.Cryptography.CryptographicException: The input data is not a complete block.
NFA 9.1 - 23.3.2
For 23.3.3+ see: NFA 23.3.3+ 500 errors after trying to login
Local Override set in NFA for the "LDAP Connection Password" is not encrypted by the NFA SSO Configuration tool, however the NFA SSO Module expects the LDAP Password to be encrypted if you are linked to NetOps Portal. This will only happen if NFA is linked to NetOps Portal, and should not occur with NFA Standalone.
For NFA 9.1 - 23.3.2:
1. Make sure the NetOps Portal SSO Settings have the LDAP Connection Password set with "Remote Override" so that the password will sync down to NFA. If you make any changes make sure to resync the NFA Data Source.
2. Remove the "Local Override" in NFA for the "LDAP Connection Password" by running the query below on the NFA Console server:
mysql -P3308 -D reporter -t -e "delete from performance_center_properties where PropName = 'LdapConnectionPassword' and Priority = 2;"
3. Attempt to login to NFA or test Ldap again
For 23.3.3+ see: NFA 23.3.3+ 500 errors after trying to login