Can't Log into AccessManager (or portal, or anything else)
I'm having the damnest problem, I can't login into anything.
If I present bad credentials, it will show me the "bad login" page, but if I present good credentials (to AMServer, Portal, or whatever), it authenitcates and throws me right back to the login page (or in the case of portal, it just pretends as through i never tried).
To further clarify the problem, I tried registering a new user on portal, and I get a "session expired" notifcation. Seems to me like the cookie or the sessions aren't persisting properly.
Any advice on how to correct this?
Thanks
Message was edited by:
askalex
Message was edited by:
askalex
[683 byte] By [
askalexa] at [2007-11-27 11:35:44]
# 1
Turn debugging to message level, restart the container, and see what they have to tell you. Post them here if you find weird behavior. Can't really help without them. Could be a cookie domain issue.
Have you made any changes before noticing this behavior, or did it turn up all by itself?
Ankush
# 2
it's always been this way. this is a fresh install, brand new OS, brand new Portal Server 7.1U1, installed with the default options for "evaluation"
Can you pretend that I'm your retarded cousen and let me know how to turn debugging on so I can provide more info?
Thanks
# 3
Alright, lets forget the others and focus on the access manager for now.
1. Whats the URL that you are typing out to login to AM?
2. Whats the username? if its amadmin, try the complete DN... ie, cn=amadmin,....blah blah.
3. To enable logs, open up AMConfig.properties (don't know your OS) and set log.debug=message. You'll need to restart the app server.
Really would need more details from the logs before things can be fixed.
You have no idea how retarded my cousin is! :)
Ankush
# 4
Log files will be in the next post.
The behavior is that it's logging me in (because it will reject bad credentials), it's just that it's not REMEMBERING that it has logged me in (ie, instead of redirecting to the desired page (portal, amserver, or otherwise, it bounces me back to the login page for the given application).
OS is solaris 10 U3.
machine name is: portal // provided by DNS Server based on MAC addy of NIC
domain name is: home //very original, I know.
cookie domain set during configure now install was .home (the default)
URL for amserver is: http://portal.home:8080/amserver
Which gets rewritten to: http://portal.home:8080/amserver/UI/Login?service=adminconsoleservice&goto= http://portal.home:8080/amserver/base/AMAdminFrame&&6pziE58dvyKWdlxefh1P 1M2pqGLhqjbLvYpcUjbCuhuVJ41SAhi1IXCqRe6pwUdvxyggsoR2MTPxIlNE
login id is (the default): amAdmin
# 5
the AMLogfile follows:
07/25/2007 12:27:23:504 PM CDT: Thread[main,5,main]
**********************************************
07/25/2007 12:27:23:504 PM CDT: Thread[main,5,main]
LogConfigReader: ssoToken obtainedcom.iplanet.sso.providers.dpro.SSOTokenImpl@153e96
07/25/2007 12:27:23:504 PM CDT: Thread[main,5,main]
WARNING: LogConfigReader: Password string is null
07/25/2007 12:27:23:505 PM CDT: Thread[main,5,main]
WARNING: LogConfigReader: filter class name string is null
07/25/2007 12:27:23:507 PM CDT: Thread[main,5,main]
LogConfigReader: logserviceID ishttp://portal.home:8080
07/25/2007 12:27:24:900 PM CDT: Thread[main,5,main]
amSSO.access:FileHandler: Time Buffering Thread Started
07/25/2007 12:27:24:963 PM CDT: Thread[main,5,main]
ISAuthorizer.isAuthorized():logName = amSSO.access, op = MODIFY, uid = cn=dsameuser,ou=DSAME Users,dc=home
07/25/2007 12:27:25:579 PM CDT: Thread[main,5,main]
amAuthentication.access:FileHandler: Time Buffering Thread Started
07/25/2007 12:27:25:579 PM CDT: Thread[main,5,main]
ISAuthorizer.isAuthorized():logName = amAuthentication.access, op = MODIFY, uid = cn=dsameuser,ou=DSAME Users,dc=home
07/25/2007 12:28:24:790 PM CDT: Thread[AMTimer,5,main]
amSSO.access:FileHandler:TimeBufferingTask.run() called
07/25/2007 12:28:24:790 PM CDT: Thread[AMTimer,5,main]
amSSO.access:FileHandler.flush: writing buffered records (1 records)
07/25/2007 12:28:25:580 PM CDT: Thread[AMTimer,5,main]
amAuthentication.access:FileHandler:TimeBufferingTask.run() called
07/25/2007 12:28:25:580 PM CDT: Thread[AMTimer,5,main]
amAuthentication.access:FileHandler.flush: writing buffered records (1 records)
07/25/2007 12:28:49:722 PM CDT: Thread[service-j2ee,5,main]
ISAuthorizer.isAuthorized():logName = amSSO.access, op = MODIFY, uid = cn=dsameuser,ou=DSAME Users,dc=home
07/25/2007 12:28:49:760 PM CDT: Thread[service-j2ee,5,main]
ISAuthorizer.isAuthorized():logName = amAuthentication.access, op = MODIFY, uid = cn=dsameuser,ou=DSAME Users,dc=home
07/25/2007 12:29:24:780 PM CDT: Thread[AMTimer,5,main]
amSSO.access:FileHandler:TimeBufferingTask.run() called
07/25/2007 12:29:24:780 PM CDT: Thread[AMTimer,5,main]
amSSO.access:FileHandler.flush: writing buffered records (1 records)
07/25/2007 12:29:25:581 PM CDT: Thread[AMTimer,5,main]
amAuthentication.access:FileHandler:TimeBufferingTask.run() called
07/25/2007 12:29:25:581 PM CDT: Thread[AMTimer,5,main]
amAuthentication.access:FileHandler.flush: writing buffered records (1 records)
07/25/2007 12:29:41:941 PM CDT: Thread[service-j2ee,5,main]
ISAuthorizer.isAuthorized():logName = amSSO.access, op = MODIFY, uid = cn=dsameuser,ou=DSAME Users,dc=home
07/25/2007 12:29:41:942 PM CDT: Thread[service-j2ee,5,main]
ISAuthorizer.isAuthorized():logName = amAuthentication.access, op = MODIFY, uid = cn=dsameuser,ou=DSAME Users,dc=home
--
This file was generated from 2 attempts to log on to the amserver, from the https port 8181 and from http port 8080. on both attempts my credentials were accepted, but it redirected me back to the login page.
Message was edited by:
askalex
# 6
The following is appended to the log file when I start and attempt to log onto portal:
07/25/2007 12:30:24:790 PM CDT: Thread[AMTimer,5,main]
amSSO.access:FileHandler:TimeBufferingTask.run() called
07/25/2007 12:30:24:790 PM CDT: Thread[AMTimer,5,main]
amSSO.access:FileHandler.flush: writing buffered records (1 records)
07/25/2007 12:30:25:580 PM CDT: Thread[AMTimer,5,main]
amAuthentication.access:FileHandler:TimeBufferingTask.run() called
07/25/2007 12:30:25:580 PM CDT: Thread[AMTimer,5,main]
amAuthentication.access:FileHandler.flush: writing buffered records (1 records)
07/25/2007 12:31:24:790 PM CDT: Thread[AMTimer,5,main]
amSSO.access:FileHandler:TimeBufferingTask.run() called
07/25/2007 12:31:24:790 PM CDT: Thread[AMTimer,5,main]
amSSO.access:FileHandler.flush: no records in buffer to write
07/25/2007 12:31:25:580 PM CDT: Thread[AMTimer,5,main]
amAuthentication.access:FileHandler:TimeBufferingTask.run() called
07/25/2007 12:31:25:580 PM CDT: Thread[AMTimer,5,main]
amAuthentication.access:FileHandler.flush: no records in buffer to write
07/25/2007 12:32:24:790 PM CDT: Thread[AMTimer,5,main]
amSSO.access:FileHandler:TimeBufferingTask.run() called
07/25/2007 12:32:24:790 PM CDT: Thread[AMTimer,5,main]
amSSO.access:FileHandler.flush: no records in buffer to write
07/25/2007 12:32:25:580 PM CDT: Thread[AMTimer,5,main]
amAuthentication.access:FileHandler:TimeBufferingTask.run() called
07/25/2007 12:32:25:580 PM CDT: Thread[AMTimer,5,main]
amAuthentication.access:FileHandler.flush: no records in buffer to write
07/25/2007 12:33:24:790 PM CDT: Thread[AMTimer,5,main]
amSSO.access:FileHandler:TimeBufferingTask.run() called
07/25/2007 12:33:24:790 PM CDT: Thread[AMTimer,5,main]
amSSO.access:FileHandler.flush: no records in buffer to write
07/25/2007 12:33:25:580 PM CDT: Thread[AMTimer,5,main]
amAuthentication.access:FileHandler:TimeBufferingTask.run() called
07/25/2007 12:33:25:580 PM CDT: Thread[AMTimer,5,main]
amAuthentication.access:FileHandler.flush: no records in buffer to write
07/25/2007 12:34:01:531 PM CDT: Thread[service-j2ee,5,main]
ISAuthorizer.isAuthorized():logName = amSSO.access, op = MODIFY, uid = cn=dsameuser,ou=DSAME Users,dc=home
07/25/2007 12:34:01:532 PM CDT: Thread[service-j2ee,5,main]
ISAuthorizer.isAuthorized():logName = amAuthentication.access, op = MODIFY, uid = cn=dsameuser,ou=DSAME Users,dc=home
--
again as above, I attempt to login to the portal community sample with correct credientails (test/test), and rather then being redirected to a secure member page, I am redirected back to the anonymous user page, with the login portlet still showing.
# 7
and just for poops and giggles, the following is appended when I enter bad credentials:
07/25/2007 12:39:24:790 PM CDT: Thread[AMTimer,5,main]
amSSO.access:FileHandler:TimeBufferingTask.run() called
07/25/2007 12:39:24:790 PM CDT: Thread[AMTimer,5,main]
amSSO.access:FileHandler.flush: no records in buffer to write
07/25/2007 12:39:25:001 PM CDT: Thread[service-j2ee,5,main]
amAuthentication.error:FileHandler: Time Buffering Thread Started
07/25/2007 12:39:25:001 PM CDT: Thread[service-j2ee,5,main]
ISAuthorizer.isAuthorized():logName = amAuthentication.error, op = MODIFY, uid = cn=dsameuser,ou=DSAME Users,dc=home
07/25/2007 12:39:25:580 PM CDT: Thread[AMTimer,5,main]
amAuthentication.access:FileHandler:TimeBufferingTask.run() called
07/25/2007 12:39:25:580 PM CDT: Thread[AMTimer,5,main]
amAuthentication.access:FileHandler.flush: no records in buffer to write
-
# 8
Your cookie domain must have 2 dots. I am afraid thats how most of these things are built.
If you have the time and energy, try this:
1. Ensure your hostname is of type xyz.domain.com
2. your cookie domain will then become .domain.com (notice the leading dot)
3. install stuff again (since am not sure where all changing these in an existing installation will help.
Hope this helps.
Ankush
# 9
thank god for VMware and snapshots... trying now... will report back in.
# 10
WORKS!!!
Yeah!
I've got probably 60 hours in getting this damned thing to work just to deploy an eval portal. I think I'm going to have to write "The total retard's guide to deploying Portal Server 7.1u1" Because while the sun documentation is very helpful, it often requires a certain degree of preknowledge that us retards don't always have. And you'd think when you see that checkbox, "Start servers on startup" that hey that would be a good thing, and it turns out it isn't cause the installer starts them in the wrong order, or when you see "host.domain" that you can get by with literally "thisisthenameofmyhost.thisismydomain" but you can't.
these stumbing blocks would certainly cause some folks to think: "hey liferay ain't so bad"...
Anyhow, Ankush, thanks loads! you're awesome, what was probably five minutes for you. meant hours and days to me. thanks.
So... any sage words of advice for your poor retarded cousen as he embarks on firing up communications server, and tries to get it wired into portal?
Thanks..
# 11
Glad that worked. I've wasted my days; no point history repeating at such short intervals with others.
Haven't worked with the comm server, but portal integration with AM requires a certain series of steps (docs available online now). For starters, keep them on different machines. Clubbing them on the same machines results in interesting problems.
Best wishes,
Ankush
