Symantec Access Management

  • 1.  We are getting Intermittent Invalid credentials while using automated scripts, however it is working well with manual logins.

    Posted Apr 12, 2019 12:30 PM

    Hello All,

    In this issue, we are getting Intermittent Invalid credentials while using automated scripts, however it is working well with manual logins.
    Can someone please give some insight on what might be wrong?

    Since its intermittent and issue is with automated scripts only, Can we rule out error with CA SSO configuration? Or, there can be some areas to look for?



  • 2.  Re: We are getting Intermittent Invalid credentials while using automated scripts, however it is working well with manual logins.

    Posted Apr 14, 2019 09:23 PM

    When you said "Automated Scripts" it sounds like customization.

    If you were able to login manually that is already ruling out SSO.

    I would recommend capturing HTTP traffic with tools like fiddler and see if the correct credentials are being posted by your automated scripts.



  • 3.  Re: We are getting Intermittent Invalid credentials while using automated scripts, however it is working well with manual logins.

    Posted Apr 18, 2019 11:30 AM

    Thanks , I will try that



  • 4.  Re: We are getting Intermittent Invalid credentials while using automated scripts, however it is working well with manual logins.

    Posted Apr 14, 2019 10:48 PM

    what sort of automated script are you using? Jmeter for load testing?



  • 5.  Re: We are getting Intermittent Invalid credentials while using automated scripts, however it is working well with manual logins.

    Posted Apr 18, 2019 11:35 AM

    Its being used by another team hence I am aware of just the issue as I have been apprised of it.

    Does it really make a difference which tool is being used



  • 6.  Re: We are getting Intermittent Invalid credentials while using automated scripts, however it is working well with manual logins.

    Posted Apr 19, 2019 01:52 AM

    Perhaps my question wasn't clear enough. I'm asking the context of how the "automated script" is used. Not so much the tool.

     

    Examples of automated login scripts I've encountered/developed

     

    • Desktop app using script to obtain SSO session and automatically login the windows user to a customised thick client.
    • Mobile app call SSO webservice to obtain token and automatically login webview to access web app without user entering username and password
    • load test scripts (jmeter is what I'm familiar with)

     

    Depending on the usage context, there can be different places to focus on. Questions I'd ask is if it is used against a custom authentication scheme. and what logic does the scheme conduct?

     

    I've experience intermittent login failures years ago too even though username and password hasn't changed in the userstore. the cause of the failures was due to end to end encryption. the script that encrypts the password sometimes generated ciphertext which the custom auth scheme sometimes is unable to decrypt for some reason. It happened so rarely (like 1 in a few thousands) that it only happen when I'm running loadtesting. Manual entry didn't encounter the issue but doesn't mean the problem isn't still lurking underneath. Till now I don't know why that is. I had to use a different algorithm.

     

    Can't advise much for your case since there's no other info other than "automated script".

     

    Good luck

     

    regards,

    Zen



  • 7.  Re: We are getting Intermittent Invalid credentials while using automated scripts, however it is working well with manual logins.

    Posted Apr 22, 2019 12:38 PM

    Thanks Zen.

    I tried to follow that article, and created 2 files iam_siteminder.ear.dodeploy and castylesr5.1.1.ear.dodeploy in the deployment directory. I just made them using touch, hence they are 0 Kb files.

    however after the restart, its failing with below message in the server.log:

    it looks like it is searching for other .dodeploy files corresponding to the other ear files in iam_siteminder.ear.

     

    2019-04-22 12:12:06,346 INFO  [org.jboss.as.server.deployment.scanner] (DeploymentScanner-threads - 1) JBAS015003: Found iam_siteminder_identityminder_ejb.jar in deployment directory. To trigger deployment create a file called iam_siteminder_identityminder_ejb.jar.dodeploy
    2019-04-22 12:12:06,346 INFO  [org.jboss.as.server.deployment.scanner] (DeploymentScanner-threads - 1) JBAS015003: Found management_console.war in deployment directory. To trigger deployment create a file called management_console.war.dodeploy
    2019-04-22 12:12:06,346 INFO  [org.jboss.as.server.deployment.scanner] (DeploymentScanner-threads - 1) JBAS015003: Found user_console.war in deployment directory. To trigger deployment create a file called user_console.war.dodeploy
    2019-04-22 12:12:06,346 INFO  [org.jboss.as.server.deployment.scanner] (DeploymentScanner-threads - 1) JBAS015003: Found sso-restapi-services.war in deployment directory. To trigger deployment create a file called sso-restapi-services.war.dodeploy
    2019-04-22 12:12:06,346 INFO  [org.jboss.as.server.deployment.scanner] (DeploymentScanner-threads - 1) JBAS015003: Found workflow.rar in deployment directory. To trigger deployment create a file called workflow.rar.dodeploy
    2019-04-22 12:12:06,346 INFO  [org.jboss.as.server.deployment.scanner] (DeploymentScanner-threads - 1) JBAS015003: Found castylesr5.1.1.ear in deployment directory. To trigger deployment create a file called castylesr5.1.1.ear.dodeploy
    2019-04-22 12:12:06,346 INFO  [org.jboss.as.server.deployment.scanner] (DeploymentScanner-threads - 1) JBAS015003: Found iam_siteminder.ear in deployment directory. To trigger deployment create a file called iam_siteminder.ear.dodeploy
    2019-04-22 12:12:06,346 INFO  [org.jboss.as.server.deployment.scanner] (DeploymentScanner-threads - 1) JBAS015003: Found iam_siteminder_wpServer.jar in deployment directory. To trigger deployment create a file called iam_siteminder_wpServer.jar.dodeploy
    2019-04-22 12:12:06,346 INFO  [org.jboss.as.server.deployment.scanner] (DeploymentScanner-threads - 1) JBAS015003: Found api-doc.war in deployment directory. To trigger deployment create a file called api-doc.war.dodeploy
    2019-04-22 12:12:06,346 INFO  [org.jboss.as.server.deployment.scanner] (DeploymentScanner-threads - 1) JBAS015003: Found policyserver.rar in deployment directory. To trigger deployment create a file called policyserver.rar.dodeploy
    2019-04-22 12:12:06,346 INFO  [org.jboss.as.server.deployment.scanner] (DeploymentScanner-threads - 1) JBAS015003: Found sso-security-services.war in deployment directory. To trigger deployment create a file called sso-security-services.war.dodeploy
    2019-04-22 12:12:06,346 ERROR [org.jboss.as.server.deployment.scanner] (DeploymentScanner-threads - 1) JBAS015010: The deployment scanner found a directory named META-INF that was not inside a directory whose name ends with .ear, .jar, .rar, .sar or .war. This is likely the result of unzipping an archive directly inside the /apps/CA/siteminder/adminui/standalone/deployments directory, which is a user error. The META-INF directory will not be scanned for deployments, but it is possible that the scanner may find other files from the unzipped archive and attempt to deploy them, leading to errors.
    2019-04-22 12:12:06,377 ERROR [org.jboss.as.controller.management-operation] (ServerService Thread Pool -- 18) JBAS014613: Operation ("add") failed - address: ([("deployment" => "smjavasdk2.jar")]) - failure description: "JBAS014803: Duplicate resource [(\"deployment\" => \"smjavasdk2.jar\")]"
    2019-04-22 12:12:06,381 ERROR [org.jboss.as.controller.management-operation] (Controller Boot Thread) "JBAS014784: Failed executing subsystem deployment-scanner boot operations"



  • 8.  Re: We are getting Intermittent Invalid credentials while using automated scripts, however it is working well with manual logins.

    Posted Apr 22, 2019 12:39 PM

    Please ignore the last reply, it was for other thread. Apologies