I just upgraded a test gateway to 8.0.8rc and found that the Identity Provider (Type: Ignition, User Source: Database) does not let me login anymore. I always get the message ‘The username/password combination entered is invalid’ while the same user/password combination works in the Verifiy User Source page.
I’m sure that this was ok yesterday in 7.0.7. I just worked on some perspective pages but did not change gateway settings since then.
Is there maybe a logger that helps me find out what goes wrong?
Next time you land on the login page, could you send me the URL in the browser?
Also, when you attempt to login (and when you receive the unexpected error), could you check the browser console for any error messages and send them to me?
The URL is idp/authn/login?response_type=code&client_id=AD_test&redirect_uri=%2Fdata%2Ffederate%2Fcallback%2Fignition&scope=openid&state=eyJraWQiOiJrMSIsImFsZyI6IkhTMjU2In0.eyJqdGkiOiJyVVV5S1hxcGJ5bks3VDhTYjZTbnZsNjU2TmZvOUMyLTZ3aDFqQkl6bVFNIiwidXJpIjoiL3dlYi9jb25maWcvc2VjdXJpdHkuaWRwX2FkYXB0ZXJzIn0.sKbPy7Cy9qscImm7f10GreBLprAncgxxrsO6tgZkGIs&nonce=ie2yY7jVv0MoKF8eeBmNnzUdqqr53Iddz4DPJAdRb20
The error in the browser console is
Username Password Challenge Failed AuthenticationApp.tsx:278:20
It looks like you are trying to login with an Ignition IdP named “AD_test”. Could you double check in the IdP’s settings that this IdP is pointing to the Database user source that you expect?
Yes, i just double checked. The User Source in the IdP Dropdown is the same i test with ‘Validate User Source’
Do you see anything relevant in the gateway logs? Anything about a user account being locked out?
Also - what is the exact type of Database user source? It this a regular Database user source or an AD/DB Hybrid user source? If it is a regular Database user source, is it in Automatic or Manual Mode?
No, there is nothing in the logs.
It is a Database User Source (this is a test system, in production it is an AD Hybrid). It is set to manual mode.
I checked again the Authentication Query (firstname, lastname) und the List Users Query (username, firstname, lastname) return the correct values.
I also tested with different users.
Ok, could you set the following gateway logger to debug level and try logging in again:
gateway.AuthenticationRoutes
WARNING: the logs may reveal sensitive information at the debug level (such as password) - I’d recommend redacting any info from the logs you wouldn’t want others to see before sending them over. Alternatively, you could use a dummy user account and password for testing and delete it shortly after testing. Also feel free to DM me the details if you feel more comfortable with that. Don’t forget to set the log levels back to what they were before you dropped them to debug.
I may have another couple of loggers I want you to turn on but let’s start with that one for now.
I’ll do this tomorrow. It’s already very late here.
ok sounds good
I upgraded my office test system from 8.0.6 to 8.0.8-rc1 and have the same effect. Login worked before the upgrade and stopped working in 8.0.8.
The logger gateway.AuthenticationRoutes had no effect, so i set com.inductiveautomation.ignition.gateway.auth to trace:
|AuthenticationRoutes|29Jan2020 12:16:33||---|---|||Servicing request, remaining path: "submit-username-password-challenge/DB_Test"|
|AuthenticationRoutes|29Jan2020 12:16:24|||Servicing request, remaining path: "next-challenge/DB_Test"|
|AuthenticationRoutes|29Jan2020 12:16:24|||Servicing request, remaining path: "login"|
|OIDCProviderRoutes|29Jan2020 12:16:24|||Servicing request, remaining path: "auth"|
If anybody else has this issue:
In my case it was caused by not closing all Firefox browser windows after installing Ignition. After closing all Firefox instances, the login worked as expected in a new browser window.