Layer7 Access Management

Expand all | Collapse all

Password Message could not be parsed

Jump to Best Answer
  • 1.  Password Message could not be parsed

    Posted 02-28-2014 11:46 AM

    Hi,

    I am seeing the error "Password Message could not be parsed" in the SMPS log. Could you please assist to find the root cause for this error message

    [5868/4668][Fri Feb 28 2014 07:59:33][Sm_Auth_Message.cpp:271][ERROR] Password Message could not be parsed 
    [5868/4668][Fri Feb 28 2014 07:59:46][Sm_Auth_Message.cpp:271][ERROR] Password Message could not be parsed 
    [5868/4668][Fri Feb 28 2014 07:59:46][Sm_Auth_Message.cpp:271][ERROR] Password Message could not be parsed 
     
     

    -Selvan

     



  • 2.  RE: Password Message could not be parsed
    Best Answer

    Posted 03-03-2014 09:47 AM

    Hi Selvan,

    I suggest using the trace logs (profiler) to get more information.

    This thread has information on the Profiler and other logs:

    https://communities.ca.com/web/ca-identity-and-access-mgmt-distributed-global-user-community/message-board/-/message_boards/message/101073853;jsessionid=5FCD6EC333B62B974FEC21B4733CF935?&#p_19

     

    Once you have more information from the profiler you might be able to resolve it yourself, or may need to adjust the  profiler some and do another pass.

     

    Hope that Helps.

     

    -Josh



  • 3.  RE: Password Message could not be parsed

    Posted 03-11-2014 10:22 PM

    Hi, 

    For most of the case, that could be just an informational message and can safely be ignored.

    Please read following description about when that errro is logged :

    ******************************************************************************************

    Sometimes, as in the case of a password change, the user's password is
    transformed into an encoded combination of old and new passwords. When
    performing an authentication, the policy server must determine if the
    password is really the encoded combination of multiple passwords or simply
    a plain password. For performance reasons this determination is only done
    when the challenge reason is not one of the following:
     
    1. none (0)
    2. expired session (4)
    3. auth level to low (5)
    4. next token code (28)
    5. new pin select (29)
    6. new pin system token code (30)
    7. new user pin token code (31)
    8. new pin accepted (32)
     
    In all other cases, an attempt is made to decode the password field into
    separate components. When this attempt to decode fails, the message in
    question will appear in the logs. This message simply indicates that the
    password field does not contain information about the old and new password
    and should be treated as a regular password when generating the data
    structure used to track user credentials within the policy server.
    If this error occurs while a user is performing a password change, it may
    indicate that the password data is being passed to policy server
    incorrectly. This is because while doing a password change, the encoded
    combination of new and old password is being used (as opposed to a regular
    login where only a plain password is being used).
     
    There is no way to avoid this message from appearing in the logs, if the
    challenge reason for the request does not appear in the list above, an
    attempt will always be made to decode the password. If the attempt fails,
    it is of little consequence since all that will happen is the policy server
    will propagate user credentials with out a "new password" value.

    ****************************************************************************************

    Hope this helps.

    - Ujwol Shrestha