Error: "invalid stream header" and SPC-OCA-10474 during OneClick login for usernames with
search cancel

Error: "invalid stream header" and SPC-OCA-10474 during OneClick login for usernames with

book

Article ID: 441223

calendar_today

Updated On:

Products

Network Observability

Issue/Introduction

Users with an apostrophe in their username cannot log into DX NetOps Spectrum OneClick ․​​​​‌​‍

ERROR MESSAGE: "SPC-OCA-10474: Invalid user name or password" "invalid stream header: 0A3C212D"

SYMPTOMS:

  • Fat client returns invalid user name or password error

  • Webapp triggers a fatal error with invalid stream header

  • SSORB debug logging shows no log entries for the failed login attempts

CONTEXT: Occurs during user authentication when the username contains an apostrophe

IMPACT: Specific users are blocked from accessing OneClick

Environment

DX NetOps Spectrum 25.4.5

Cause

The apostrophe is not properly parsed or escaped during the authentication process This unescaped character causes a malformed payload when the OneClick WebApp attempts to process session data, leading directly to the Java deserialization failure

Resolution

1.MODIFY VALIDATOR PROPERTIES

Path: $SPECROOT\custom\validator\ServerConfigValidation․properties

Search for the LDAP Integration section and modify the userNameRegEx to include the apostrophe character: userNameRegEx=[\p{L}\p{Digit}@ /․,_'\-]+

EXPECTED: The modified regex allows the apostrophe character in the administration login page

2.UPDATE INDEX․JSP FOR WEBAPP

Path: $SPECROOT\tomcat\webapps\spectrum\webapp\index․jsp

Locate the function getArgs() section Update the -user parameter inside the if/else block to enclose the user string in escaped quotes:

if(<%=SSOInfoContainer․isSaml2Enabled()%>) { name = "${OC_ARGS} -isWebSwing yes -isSamlEnabled yes -jsessionid <%= session․getId() %> -user \"<%= request․getUserPrincipal() != null ? request․getUserPrincipal()․getName(): \"\" %>\""; [cite: 69] [cite_start]} else { [cite: 69] [cite_start]name = "${OC_ARGS} -isWebSwing yes -jsessionid <%= session․getId() %> -user "<%= request․getUserPrincipal() != null ? request․getUserPrincipal()․getName(): "" %>""; }

EXPECTED: The user payload is correctly formatted and escaped

3.RESTART TOMCAT SERVICE

Command: [NEEDS VALIDATION]

Save the files and restart the tomcat service

EXPECTED: Service restarts successfully and allows login

VERIFY SUCCESS:

  • User with an apostrophe in their name can successfully log in to OneClick

Powered by Wolken Software