Posts in Category "UserManager"

LiveCycle ES3: Authentication failed for user (Scheme – Username/Password) Reason: Username or password is incorrect

Issue

If you are accessing any LiveCycle services and have problems getting a response, you may notice the following warning in the server logs:

WARN  [com.adobe.idp.um.businesslogic.authentication.AuthenticationManagerBean] (Thread-21) 
Authentication failed for user [user] (Scheme - Username/Password) Reason: Username or password is incorrect. 
Refer to debug level logs for category com.adobe.idp.um.businesslogic.authentication for further details

 

If you enable DEBUG level logging you will see the following DEBUG information in the log:

DEBUG [com.adobe.idp.common.errors.exception.IDPLoggedException] (Thread-21)
UserM:: [Thread Hashcode: 1796127844] com.adobe.idp.common.errors.exception.IDPLoggedException|
[com.adobe.idp.um.businesslogic.authentication.AuthenticationManagerBean] errorCode:12803 errorCodeHEX:0x3203 message:
Authentication failed for user [user] (Scheme - Username/Password) Reason: Username or password is incorrect
 =========== Authentication failure detail report ================== 
 Scheme Type : Username/Password 
 UserId : user 
 Current Thread : ajp-0.0.0.0-11148-8 
 Following are the response details from various authProviders.  
 1 - com.adobe.idp.um.provider.authentication.LocalAuthProviderImpl - 
 Authentication Failed : Exception stacktraces are avialable at TRACE level 
 Messages collected for this AuthProvider are provided below
      - No local user found with UserId [user] in Domain [DefaultDom]
      - No local user found with UserId [user] in Domain [EDC_SPECIAL]

These warnings in the log may also be accompanied by an Error 500 if you are attempting to call the LC services through a browser/web application.

Reason

This issue can occur when you are attempting to access the services with a user account that does not exist in the LiveCycle database, especially when you are migrating applications from one LiveCycle environment to another (e.g. ES2 to ES3).  User accounts that were used by applications in the 1st environment will also need to be available in the 2nd environment.

Solution

Try whichever of the following solutions is applicable to your environment:  (contact your LiveCycle administrator if you do not have sufficient privileges)

1. Synchronize your LDAP server with LiveCycle (AdminUI > Settings > User Management > Domain Management > (Select LDAP Domain) > Sync Now)

2. Create the user manually in a local LiveCycle domain (AdminUI > Settings > User Management > Users and Groups > New User)

reference: (183300170)

VN:F [1.9.22_1171]
Was this helpful? Please rate the content.
Rating: 0.0/10 (0 votes cast)

LiveCycle ES2: UserM:GENERIC_WARNING: errorCode:12817 errorCodeHEX:0×3211 The user [user] is marked as Obsolete

Issue

If you are accessing any LiveCycle services and have problems getting a response, you may notice the following warning in the server logs:

WARN  [com.adobe.idp.common.errors.exception.IDPLoggedException] (Thread-21) 
UserM:GENERIC_WARNING: [Thread Hashcode: 1859008299] 
com.adobe.idp.common.errors.exception.IDPLoggedException| [AuthenticationManagerBean] 
errorCode:12817 errorCodeHEX:0x3211 message:The user <user> is marked as Obsolete

If you enable DEBUG level logging you will see the following DEBUG information in the log:

=========== Authentication failure detail report ==================
Scheme Type : Username/Password 
UserId : user 
Current Thread : ajp-0.0.0.0-11148-2
Following users were identified as per received authentication data. Details are (UserId, domain, oid)
     - user, DefaultDom, 7C5E5622-96A9-102F-AE67-00000XXXXXXX 
Following are the response details from various authProviders.
1 - com.adobe.idp.um.provider.authentication.LDAPAuthProviderImpl
- Authentication Failed : Exception stacktraces are avialable at TRACE level 
Messages collected for this AuthProvider are provided below
    - LDAP authentication failed for user [user] in Domain [corp.domain]
        - Unprocessed Continuation Reference(s)
2 - com.adobe.idp.um.provider.authentication.LocalAuthProviderImpl
- Authentication Failed : Exception stacktraces are avialable at TRACE level 
Messages collected for this AuthProvider are provided below
    - The user user is marked as Obsolete
    - No local user found with UserId [user] in Domain [DefaultDOM]

These warnings in the log may also be accompanied by an Error 500 if you are attempting to call the LC services through a browser/web application.

Reason

This issue can occur when you are attempting to access the services with a user account that has been marked obsolete in the LiveCycle database.  This can occur if you have deleted this specific user from LDAP or from the local domain in LiveCycle.

If you have written applications depending on this user account then you will encounter the problem outlined above when running/calling those applications.

Solution

You could either re-create the user in your LDAP or local domain, or you can create a new user and then change your application to reference this new user rather than the obsolete user account.

reference: (183305926)

VN:F [1.9.22_1171]
Was this helpful? Please rate the content.
Rating: 5.5/10 (2 votes cast)

LiveCycle ES: how to retrieve a list of groups and roles on your server

Requirement

 You may have a requirement to provide a full breakdown of all Users/Groups/Roles for your installation of Adobe LiveCycle ES. It is possible to find out this information using the AdminUI, however this would take a lot of effort and time to perform all the necessary searches and manually compile the information returned.  The other option would be to run an SQL query on the database to read the information directly from the DB tables.

Solution

 The following are 2 SQL queries to:

==========================================
Query 1: Identify all Users in each Group
==========================================

select epea.commonname as GROUP_NAME,
epeb.commonname as USER_NAME
from lcesprd.edcprincipalentity epea,
lcesprd.edcprincipalentity epeb,
lcesprd.edcprincipalgroupentity epg,
lcesprd.edcprincipalgrpctmntenti epgc
where epea.id = epg.refprincipalid
and epea.id = epgc.refparentprincipalid
and epeb.id = epgc.refchildprincipalid
and epea.status = 'CURRENT'
and epeb.status = 'CURRENT'
and epea.principaltype ='GROUP'
and epeb.principaltype ='USER'
order by GROUP_NAME

==================================================
Query 2: Identify all Roles assigned to each Group
==================================================

select epea.commonname as ROLE_NAME,
epeb.commonname as GROUP_NAME
from lcesprd.edcprincipalentity epea,
lcesprd.edcprincipalentity epeb,
lcesprd.edcprincipalroleentity epre
where epea.id = epre.refroleid
and epeb.id = epre.refprincipalid
and epeb.principaltype ='GROUP' -- (Note: can change this value to 'USER')
order by ROLE_NAME
VN:F [1.9.22_1171]
Was this helpful? Please rate the content.
Rating: 6.0/10 (1 vote cast)

LiveCycle ES: ALC-WKS-005-032: An error occurred while retrieving attachments and notes for task

Issue

 If you are trying to submit a form to start a process, you may notice the following error in the server logs:

14, 2010 4:27:56 PM MEST> <Notice> <Stdout> <xxxxx> <xxxxx> <[ACTIVE] ExecuteThread: '23' for queue: 'weblogic.kernel.Default (self-tuning)'> 
<<WLS Kernel>> <> <> <1273847276984> <000000> 
<[LCDS] [ERROR] Exception when invoking service 'data-service': flex.messaging.MessageException: 
ALC-WKS-005-032: An error occurred while retrieving attachments and notes for task 616305.
 incomingMessage: Flex Message (flex.data.messages.DataMessageExt)
 operation = fill
 id = null
 clientId = D6CC8793-5705-51BC-B5D8-972ED874CC81
 correlationId = destination = task-attachments
 messageId = 116BFB92-0520-A993-7F6A-9736E3DD1E7C
 timestamp = 1273847276941
 timeToLive = 0
 body = [ 9D7308E3-6721-16FD-2145-D2582D4431DF, 616305 ]
 hdr(DSEndpoint) = workspace-polling-amf
 hdr(DSId) = 191AECD1-A01E-947D-0F00-441BD702AE67

 Exception: flex.messaging.MessageException: ALC-WKS-005-032: An error occurred while retrieving attachments and notes for task 616305.
 at com.adobe.workspace.AssemblerUtility.createMessageException(AssemblerUtility.java:387)
 at com.adobe.workspace.attachments.TaskAttachmentAssembler.fill(TaskAttachmentAssembler.java:129)
 at flex.data.adapters.JavaAdapter.invokeFillOperation(JavaAdapter.java:939)
[....]
Root cause: com.adobe.idp.taskmanager.dsc.client.task.TaskManagerException: com.adobe.idp.taskmanager.dsc.client.task.TaskPermissionException: 
Access to task: 616305 is denied. User Calling API: 7CD995A1-B091-8E45-9DFD-7B972380CD36 but task is assigned to: 9D7308E3-6721-16FD-2145-D2582D4431DF
 at com.adobe.idp.taskmanager.dsc.service.TaskManagerServiceImpl.getAllAttachments(TaskManagerServiceImpl.java:2397)
 at sun.reflect.GeneratedMethodAccessor1981.invoke(Unknown Source)
 at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
 at java.lang.reflect.Method.invoke(Method.java:585)
 at com.adobe.idp.dsc.component.impl.DefaultPOJOInvokerImpl.invoke(DefaultPOJOInvokerImpl.java:118)
[...]

This error occurs when the form is submitted, but no process is actually started.  If you look in the database you can see a task exists for the intial user task where the form is submitted, however the process id and action instance id associated with the task do not exist in those respective tables.

Reason

In LiveCycle we use a hash of the user’s canonical name as the key for the UserSession contexts.  In this case, two different users actually had the exact same hash value and so the UserSessions collided.

Solution

 There is a patch available for this issue in Es 8.2.1.2, and the issue has been fixed in ES2 SP2, and later versions.

reference: (181548195/2609083)

VN:F [1.9.22_1171]
Was this helpful? Please rate the content.
Rating: 8.0/10 (1 vote cast)

LiveCycle ES: AuthenticationManagerImpl errorCode:16386 errorCodeHEX:0×4002

Issue

The following exception occurs when you were running custom Java code to interact with Adobe LiveCycle 7 Workflow using LDAP lookups and migrate to LiveCycle ES:

[04 Mar 2010 10:32:27, 058] ERROR (WorklistController.java:66) - java.lang.Exception: | 
[com.adobe.idp.um.api.impl.AuthenticationManagerImpl] errorCode:16386 errorCodeHEX:0x4002 message:
user_identifier:myuniqueid=XXXXXXXX,ou=people,dc=company,dc=com domain:LDAP Production| 
[com.adobe.idp.um.businesslogic.directoryservices.DirectoryServicesManagerBean] errorCode:13316 errorCodeHEX:0x3404 message:
user_identifier:myuniqueid=XXXXXXXX,ou=people,dc=company,dc=com domain:LDAP Production
com.pictet.livecycleworkflow.restservices.client.exceptions.ResourceOperationException: java.lang.Exception: | 
[com.adobe.idp.um.api.impl.AuthenticationManagerImpl] errorCode:16386 errorCodeHEX:0x4002 message:
user_identifier:myuniqueid=XXXXXXXX,ou=people,dc=company,dc=com domain:LDAP Production| 
[com.adobe.idp.um.businesslogic.directoryservices.DirectoryServicesManagerBean] errorCode:13316 errorCodeHEX:0x3404 message:
user_identifier:myuniqueid=XXXXXXXX,ou=people,dc=company,dc=com domain:LDAP Production
 at com.company.livecycleworkflow.restservices.client.impl.AbstractLiveCycleWorkflowRestServiceClient.sendRequest(AbstractLiveCycleWorkflowRestServiceClient.java:92)
 at com.company.livecycleworkflow.restservices.client.impl.AbstractLiveCycleWorkflowRestServiceClient.readRestUrl(AbstractLiveCycleWorkflowRestServiceClient.java:100)
 at com.company.livecycleworkflow.restservices.client.impl.LiveCycleWorkflowRestServiceClientImpl.getActivities(LiveCycleWorkflowRestServiceClientImpl.java:47)
 at com.company.livecycleworkflow.restservices.client.impl.LiveCycleWorkflowRestServiceClientImpl.getActivities(LiveCycleWorkflowRestServiceClientImpl.java:40)
 at com.company.managerscomments.controller.WorklistController.handleRequestInternal(WorklistController.java:54)
 at org.springframework.web.servlet.mvc.AbstractController.handleRequest(AbstractController.java:153)
 at org.springframework.web.servlet.mvc.SimpleControllerHandlerAdapter.handle(SimpleControllerHandlerAdapter.java:44)
 at org.springframework.web.servlet.DispatcherServlet.doDispatch(DispatcherServlet.java:723)
 at org.springframework.web.servlet.DispatcherServlet.doService(DispatcherServlet.java:663)
 at org.springframework.web.servlet.FrameworkServlet.processRequest(FrameworkServlet.java:394)
 at org.springframework.web.servlet.FrameworkServlet.doGet(FrameworkServlet.java:348)

The method that throws this error is: authResult = auth.getAuthResultOnBehalfOfUser(“myuniqueid=XXXXXXXX, ou=people”, “LDAP Production”, context).

Reason

This exception occurs when you don’t use the same user DN in the Java code as is stored in LDAP and in the LiveCycle database.

For example, the myuniqueID in the EDCPRINCIPALENTITY table is:

myuniqueid=XXXXXXXX,ou=People,dc=company,dc=com

and in the Java code it’s:

myuniqueid=XXXXXXXX,ou=people,dc=company,dc=com

The ou has a capital “P” in LDAP and in the DB, but in the Java code, it was attempting to find the user with a lowercase “p” for the ou. This error can occur in LiveCycle ES as Adobe changed the LDAP synchronization algorithm to canonicalize the DN strings during synchronization. As a result, the DN strings appear in the DB exactly as they are defined in LDAP (including case-sensitivity).

Solution

Make sure that you are using exactly the same user DN in the Java code as it is stored in LDAP and in the LiveCycle database.

reference: (181473688)

VN:F [1.9.22_1171]
Was this helpful? Please rate the content.
Rating: 0.0/10 (0 votes cast)

LiveCycle ES: CRON expressions and documentation for Quartz Scheduler

Issue

 If you wish to schedule an LDAP synchronization in LiveCycle you can do so using CRON expressions in the Quartz Scheduler.  The Quartz Scheduler is an open source technology and you can find the official documentation here:

http://www.opensymphony.com/quartz/wikidocs/CronTriggers%20Tutorial.html

Explanation

 The meaning of the fields we use in the CRON expressions are as follows:

Field Name Mandatory Value Range Special Characters
Seconds Yes 0-59 , – * /
Minutes Yes 0-59 , – * /
Hours Yes 0-23 , – * /
Day of month Yes 1-31 , – * ? / L W C
Month Yes 1-12 or JAN-DEC , – * /
Day of week Yes 1-7 or SUN-SAT , – * ? / L C #
Year No empty or 1 , – * /

Examples

0 0 12 * * ?                         Fire at 12pm (noon) every day

0 15 10 ? * *                       Fire at 10:15am every day

0 15 10 * * ?                       Fire at 10:15am every day

0 15 10 * * ? *                     Fire at 10:15am every day

0 15 10 * * ? 2005               Fire at 10:15am every day during the year 2005

0 * 14 * * ?                         Fire every minute starting at 2pm and ending at 2:59pm, every day

0 0/5 14 * * ?                      Fire every 5 minutes starting at 2pm and ending at 2:55pm, every day

0 0/5 14,18 * * ?                  Fire every 5 minutes starting at 2pm and ending at 2:55pm, AND fire every 5 minutes starting at 6pm and ending at 6:55pm, every day

0 0-5 14 * * ?                       Fire every minute starting at 2pm and ending at 2:05pm, every day

0 10,44 14 ? 3 WED            Fire at 2:10pm and at 2:44pm every Wednesday in the month of March

0 15 10 ? * MON-FRI            Fire at 10:15am every Monday, Tuesday, Wednesday, Thursday and Friday

0 15 10 15 * ?                      Fire at 10:15am on the 15th day of every month

0 15 10 L * ?                        Fire at 10:15am on the last day of every month

0 15 10 ? * 6L                      Fire at 10:15am on the last Friday of every month

0 15 10 ? * 6L                      Fire at 10:15am on the last Friday of every month

0 15 10 ? * 6L 2002-2005      Fire at 10:15am on every last friday of every month during the years 2002, 2003, 2004 and 2005

0 15 10 ? * 6#3                    Fire at 10:15am on the third Friday of every month

0 0 12 1/5 * ?                       Fire at 12pm (noon) every 5 days every month, starting on the first day of the month

0 11 11 11 11 ?                    Fire every November 11th at 11:11am

VN:F [1.9.22_1171]
Was this helpful? Please rate the content.
Rating: 7.0/10 (3 votes cast)