Error: Username and password do not match
search cancel

Error: Username and password do not match


Article ID: 42228


Updated On:


CA Single Sign On Secure Proxy Server (SiteMinder) CA Single Sign On SOA Security Manager (SiteMinder) CA Single Sign-On SITEMINDER



Policy Server Administrative UI (AdminUI or WAM UI) login failed with

  "Error: Username and password do not match"

message. User was able to login with the same credentials earlier.




AdminUI all versions on Linux




There is no error/warning message logged in any of the log files but
the authentication process took too long to complete. Low entropy
count was found to be the cause of this issue.




As per the documentation (1) the most used one is rngd deamon as it
allows to start the deamon at boot time and insure that even after
system reboot, entropy pool is big enough.

To get this deamon on RedHat 7 systems, you need to install the
following package :

  rng-tools-6.3.1-5.el7.x86_64 (RedHat 7)
  rng-tools-6.8-3.el8.x86_64 (RedHat 8)

  (yum install rng-tools)
No specific configuration is needed, the out of the box one is
sufficient when you configure it as a service.
In order to get it started at boot time as service, then you should
enable it and start it on RedHat 7 and 8 :
  # systemctl enable rngd
  # systemctl start rngd
  # systemctl status rngd

    rngd.service - Hardware RNG Entropy Gatherer Daemon
      Loaded: loaded (/usr/lib/systemd/system/rngd.service; enabled; vendor preset: enabled)
      Active: active (running) since Thu 2021-05-06 12:46:56 CEST; 50s ago
    Main PID: 11062 (rngd)
       Tasks: 1
      CGroup: /system.slice/rngd.service
       └─11062 /sbin/rngd -f

On other Linux systems, you may be able to start manually the deamon
that way as per documentation (1):

  # rngd -r /dev/urandom -o /dev/random -b

Finally, use the following command to monitor the entropy (2):

  # watch -n 1 cat /proc/sys/kernel/random/entropy_avail


Additional Information



    Prepare for the Policy Server Installation

      Good security and not FIPS compliant: Configure the rngd daemon to
      populate /dev/random. Execute the following command:

      rngd -r /dev/urandom -o /dev/random -b

      Third-party alternatives to the rngd entropy daemon are also


   Increase Entropy

     To monitor the entropy on the system, execute the following

     watch -n 1 cat /proc/sys/kernel/random/entropy_avail