I followed this guide to protect redirect.jsp.
Protect the Authentication URL to Establish a Session - CA Single Sign-On - 12.52 SP2 - CA Technologies Documentation
Authentication Scheme uses forms/login.fcc from webagent sample as target.
When try to access redirect.jsp, login with username/password on redirected login.fcc, cannot connect to redirect.jsp and got following error in smps.log
Error 49[16184/4011645808][Tue Nov 15 2016 06:52:54][SmDsLdapFunctionImpl.cpp:494][ERROR][sm-Ldap-00770] (AuthenticateUser) DN: 'cn=hetty,ou=People,dc=siteminder,dc=com' . Status: Error 49 . Invalid credentials
The user can be looked up via View Content of user directory or Administration->Users->Manage User Accounts.
This may be elementary, but I cannot find the reason after checking all I can think of. Any input is much appreciated.
Are you sure password is correct? Are you able to perform bind to the directory using some external ldap browser like jxplorer?
Thank you for the reply.
From Administration UI, the password attribute is set in Password(RW) in User Directory setting. And I can change the password via Administration -> Users -> Manage User Accounts.
In JXplorer, I can see the user under People ou.
Am I using the wrong password?
What attribute have you mapped for Password attribute. For OpenLdap it needs to be "userpassword" I guess
Can you share screenshot of user directory config?
Are you able to do view contents?
Yes, I mapped userpassword to passowrd. Here is the screenshot of user directory config.
And in view content, I can search for the user.
See if you can bind to OpenLdap using Jxplorer https://confluence.atlassian.com/plugins/servlet/mobile#content/view/164873
This way you can verify if password is correct
Seems I cannot bind to OpenLdap with
I can only use the user
Tried both user's password, not working.
Is bind use a different password with userPassword attribute?
I think what is happening is Siteminder is not able to set userpassword attribute. You can check the smtracedefault.log for any error.
I create another directory server for the user to bind. And authentication works well when user can bind.Thank you for the advice.