Unable to login to Edge UI

nagashree_b · 02-25-2019 10:31 AM

I have an on-prem Apigee aio installation (4.18.01) for a sandbox environment. This was setup few months ago and we had been able to use it without any issues. Suddenly, we are not able to login to the Edge UI. We just see the message - Contact support team or try logging in again after the login attempt.

The management API works fine. I have tried to retrieve the users, update user passwords and create new users as well. Tried restarting the Edge UI and the Apigee server as well. However, the issue still persists.

Checked few other posts as well, those were related to SSO configuration. We don't have SSO setup

Any pointers on what could be the issue?

cjking

I'd suggest checking out your ldap server logs, along with possibly your management server logs. Are you using an on-box LDAP server or connecting to an off-box one?

nagashree_b

@Christian King,

I am using the in built open ldap that comes with the aio installation. Not an off-box one.

I have checked the management server logs and the openldap server logs, don't see any errors there. The Edge UI log (application.log) shows the below error, I am perturbed by the 401 status since the user is mapped to orgadmin role, and the organization is seen as null. When I list all users with orgadmin rule for the org, using mgmt api, I can see this user listed.

2019-02-28 05:42:36,157 [ERROR] from application in application-akka.actor.default-dispatcher-87 - Error response from Gateway:
Action: GET
URL: http://10.18.4.4:8080/v1/users/apigeeadmin@xxxxx.com/userroles
Headers:
Accept: [application/xml]
X-Apigee-Trace-Id: [ac1ff664-9ab1-4acd-bb61-131f3b5e7627]
X-Apigee-App-Id: [classic]
X-Apigee-App-Version: [4.18.05.00]
Response Status Code: 401
Response Body:
(empty)
Headers:
Date: [Thu, 28 Feb 2019 05:42:36 GMT, Thu, 28 Feb 2019 05:42:36 GMT]
WWW-Authenticate: [Basic realm="users/apigeeadmin@xxxxx.com/userroles"]
X-Apigee.user: [aaaaa@xxxxx.com]
X-Apigee.organization: [null]
Content-Length: [0] 2019-02-28 05:42:36,157 [ERROR] from play.core.server.netty.PlayDefaultUpstreamHandler in application-akka.actor.default-dispatcher-88 - Cannot invoke the action
utils.GatewayErrorResponseException: null
at utils.WsHelper.logAndBuildExceptionForGatewayErrorResponse(WsHelper.java:113) ~[enterpriseui.enterpriseui-4.18.05.00-81b97c5e-20180523-093328-sans-externalized.jar:na]

cjking

@Nagashree B - is it possible you changed the password of the default system administrator without updating Edge UI?

If so you'll need to update it with the process here:

https://docs.apigee.com/private-cloud/v4.19.01/managing-users-roles-and-permissions#changingthedefau...

nagashree_b

@Christian King, No the password has not been changed. The management APIs work with the same credentials. Dont both edge UI and management server refer to the same openldap server?

cjking

The Edge UI doesn't do any authentication on it's own, it uses the Management server for authentication. See https://docs.apigee.com/private-cloud/v4.18.05/understanding-edge-authentication-and-authorization-f...

Based on those logs I think the issue is with the UI is calling the management API (step 2/3 of that link) rather than the user credentials (step 4).

nagashree_b

@Christian King, thanks for that reference to docs. It says edge UI uses the sysadmin credentials stored in ui config. Is there a way I can check that config, is it the default.sh file? I will also check the sysasdmin configuration and revert back to you.

priniren

@Nagashree B

Did you find a solution for this issue? We are facing the same now.

nagashree_b

No, updating the sysadmin config didn't work for me. We had to re-create our aio instance with the configfile