LDAP authentication fails on CA NFA when integrated with NPC.
search cancel

LDAP authentication fails on CA NFA when integrated with NPC.


Article ID: 8014


Updated On:


CA Network Flow Analysis (NetQos / NFA)



You will see in the SingleSignOnAuditlogDate;

Username: [email protected]

Remember Me: false

SSO version: 7.0

Error Message: Unable to authenticate user.

Error Message: Unable to authenticate user.





NFA 9.3.7 on Windows 2012 R2 and NPC 6.2.103 on Windows 2008 R2 and NFA is added as a datasource in NPC.


CA Support will raise this with engineering. It's possibly a bug. This KD will be updated with a bug reference if CA engineering consider this a bug.


It was found that the issue is with user logins with [email protected] in NPC. 

The user is created in NPC as username, then it is synced down to NFA.

The user then tries to login to NFA with [email protected], LDAP validation succeeds, but [email protected] can't be looked up in NFA, because it's only stored as a username 'without' the domain. 

But you can alter the sign-in-process.jsp file so it removes @domain.com if the Ldap validation is successful, then the LDAP login in NFA works. 


Code to set in the sign-in-process.jsp file...

ldapAuthenticationPassed = ldapAuthentication.authenticate(username, password, session, singleSignOnWSSoap); 

if (ldapAuthenticationPassed) 

int spaceIndex = username.indexOf("@"); 

if (spaceIndex != -1) 

username = username.substring(0, spaceIndex); 

password = StringUtils.EMPTY; 



Additional Information

There could be other reasons why you have an authentication failure using LDAP/SSO. If unsure of the root cause and solution then please open a support case with CA support, and perhaps reference this technical document.