Recovering admin password? Can't login: Credentials were rejected

304 views
Skip to first unread message

cbe...@gopivotal.com

unread,
Jun 25, 2014, 9:45:10 PM6/25/14
to vcap...@cloudfoundry.org
Has anyone encountered a situation where 
% cf login -u admin -p <value_from_uaa> fails with "Credentials were rejected, try again"?
If I run with tracing, it is in fact getting a 401, Unauthorized. And if I login to the UAA vm I can see the authentication failing. One aggravating factor being that if you have so many failed logins within a certain interval, the user gets locked out (for how long, I do not know).
A possibly related (but possibly not) issue is that when I'm logged in as a user that has the ORG_MANAGER role for the organization, the command
% cf org-users <org>
failed with ORG MANAGER FAILED. Failed fetching org-users for role
Server error status code 403, error code: access_denied, message: invalid token does not contain resource id (scim) ORG MANAGER
Is there any "easy" way to recover the admin password? I can only imagine that things are going to start failing in even greater ways if the stored admin password doesn't work.



Aristoteles Neto

unread,
Jun 25, 2014, 9:51:11 PM6/25/14
to vcap...@cloudfoundry.org
On the deployment manifest, set 
properties:
  uaa:
    scim:
      user:
        override: true
      users:
      - admin|password|scim.write,scim.read,openid,cloud_controller.admin,clients.read,clients.write

I think this will allow you to reset your admin password.

Re: cf org-users, from memory only admin users had that capability (could be wrong). There was a discussion around making it possible for org-members/managers to be able to see users in their org, but not sure what the state of it is.

Aristoteles Neto



--
You received this message because you are subscribed to the Google Groups "Cloud Foundry Developers" group.
To view this discussion on the web visit https://groups.google.com/a/cloudfoundry.org/d/msgid/vcap-dev/7b2ad3c9-319d-4946-9162-1da91188917a%40cloudfoundry.org.

To unsubscribe from this group and stop receiving emails from it, send an email to vcap-dev+u...@cloudfoundry.org.

Reply all
Reply to author
Forward
Message has been deleted
0 new messages