Created a user and assigned role to the user but when we login it throws below erro..
Again I am not new to apigee but this is frustrating me(tested in qa & uat) 😞 This is in on-prem 14.6.09.
After upgrade this is the first user we have created..Still checking ...
http://docs.apigee.com/management/apis/post/users
&
2017-10-03 22:11:55,479 qtp788905599-43 ERROR REST -
CustomJAXRSInvoker.performInvocation() :
CustomJAXRSInvoker.performInvocation : Method
com.apigee.security.SecurityServiceImpl.authenticateAndGetExpiry threw
an exception.
2017-10-03 22:11:55,480 qtp788905599-43 ERROR REST -
ExceptionMapper.toResponse() : Error occurred : Invalid EmailId Password
for authentication
com.apigee.security.SecurityServiceImpl.authenticateAndGetExpiry(SecurityServiceImpl.java:216)
sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
Was able to resolve but not impressed/frustrated with the change of steps in each release..
1)created user using below
apigee-service apigee-provision create-user -f createuser
(createuser has the details
APIGEE_ADMINPW=
USER_NAME=
FIRST_NAME=
LAST_NAME=
USER_PWD=
ORG_NAME=
)
2)Added user to orgadmin
curl -v http://localhost:8080/v1/o/<<org>>/userroles/orgadmin/users/<<newuser>>;
With above steps it didn't work.
What worked ->
After step 1 need to recycle the services and assign the user to orgadmin.
Not sure what's going on? Why restart is required?
-Vinay
you should not have to restart anything...replication can take a few seconds, you should run this command once you get a return from the provision user operation : curl -u <sysAdminEmail>:<passwd> http://<ms_IP>:8080/v1/users/foo@bar.com
once it return the user info then you add the role to the user. Let me know if you run into an issue doing this.
We have a similar issue in 17.05 OPDK. We're using LDAP to authenticated users and some users work just fine but others run in the same type of issues that Vinay described it.
The logs show these
==> /opt/apigee/var/log/edge-management-server/logs/system.log <== 2017-10-25 16:48:22,595 pool-3-thread-446 ERROR REST - CustomJAXRSInvoker.performInvocation() : CustomJAXRSInvoker.performInvocation : Method com.apigee.security.SecurityServiceImpl.authenticateAndGetExpiry threw an exception. 2017-10-25 16:48:22,595 pool-3-thread-446 ERROR REST - ExceptionMapper.toResponse() : Error occurred : Invalid EmailId Password for authentication com.apigee.security.SecurityServiceImpl.authenticateAndGetExpiry(SecurityServiceImpl.java:216) sun.reflect.GeneratedMethodAccessor702.invoke(Unknown Source) sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) java.lang.reflect.Method.invoke(Method.java:497) ==> /opt/apigee/var/log/edge-management-server/events/events/events <== Event{Id,d83361ab-ad0a-4a32-8968-4e1c24014457,Severity,null,Type,Audit,Category,Unknown,SubCategory,Unknown,Timestamp,1508975302595,Source,System,User,null,Host,null,Duration,null,Request,''someone@mail.com'',X-Forwarded-For,,UserAgent,AHC/1.0,ServerIP,11.11.11.11,ServerHostName,xapiadmin.test.shutterfly.com,RequestURIQP,/v1/users/someone@mail.com/authenticateAndGetExpiry,ResponseCode,401,Operation,POST,ClientIP,11.11.11.11,authenticationType,basic,RequestURI,/v1/users/someone@mail.com/authenticateAndGetExpiry,DESCRIPTION,null}; ==> /opt/apigee/var/log/edge-management-server/logs/audit.log <== 2017-10-25 16:48:22,597 org:shutterfly pool-1-thread-57 INFO AUDITLOG - AuditLog.logAudit() : {responsecode=401, request=''someone@mail.com'', useragent=AHC/1.0, x-forwarded-for=, requesturi=/v1/users/someone@mail.com/authenticateAndGetExpiry/, clientip=11.11.11.11, serverip=11.11.11.11, serverhostname=xapiadmin.test.shutterfly.com, id=d83361ab-ad0a-4a32-8968-4e1c24014457, operation=CREATE, requesturiqp=/v1/users/someone@mail.com/authenticateAndGetExpiry, timestamp=25/10/2017 16:48:22} ==> /opt/apigee/var/log/edge-management-server/logs/access.log <== 2017-10-25 16:48:22,600 pool-1-thread-57 INFO ACCESSLOG - AccessInfo.logAuditInfo() : {RequestURIQP=/v1/users/someone@mail.com/authenticateAndGetExpiry, ResponseCode=401, ServerHostName=xapiadmin.test.shutterfly.com, ServerIP=11.11.11.11, Request=''someone@mail.com'', UserAgent=AHC/1.0, X-Forwarded-For=, RequestURI=/v1/users/someone@mail.com/authenticateAndGetExpiry, Operation=POST, authenticationType=basic, Timestamp=1508975302595, ClientIP=11.11.11.11 }
The fact that some users can login using their LDAP credentials make us think that is not AD or LDAP configuration related.
I tried to create the user again from scratch from the API and assign the role but didn't work. Same with the UI.
Which APIs execute the create-user that would make it work?
Some help would be appreciated.
@Matias when you say you are using LDAP do you meant Edge OpenLdap or AD ? From the logs it looks like AD. Can you tell me are you using indirect or direct binding ?
User | Count |
---|---|
1 | |
1 | |
1 | |
1 | |
1 |