Forgotten password module: HTTP 500 error
506 views
Skip to first unread message
zuglu...@gmail.com
Nov 24, 2015, 7:05:22 AM11/24/15
to pwm-general
Hi,
I upgraded to PWM v1.8.0-SNAPSHOT b9954694 and everything's working as expected but there is one issue: If I enter a username which has no configured verification methods, I get the following error in the browser:
The logs however give these messages:
The error message in the browser is very misleading, also clicking on continue will do nothing in the browser but produce the following messages in the logs:
If I enter a non existing user name or a user who has configured verification methods, everything is working as expected.
I upgraded to PWM v1.8.0-SNAPSHOT b9954694 and everything's working as expected but there is one issue: If I enter a username which has no configured verification methods, I get the following error in the browser:
HTTP 500
An error has occurred. If this error occurs repeatedly please contact your helpdesk.
The logs however give these messages:
Nov 24 12:54:42 xxxxxxx server[15375]: 2015-11-24T12:54:42Z, ERROR, forgottenpw.ForgottenPasswordServlet, {c} 5033 ERROR_INVALID_CONFIG (forgotten password recovery sequence completed, but user has not actually satisfied any verification methods)
Nov 24 12:54:42 xxxxxxx server[15375]: 2015-11-24T12:54:42Z, FATAL, servlet.AbstractPwmServlet, 5033 ERROR_INVALID_CONFIG (forgotten password recovery sequence completed, but user has not actually satisfied any verification methods)
Nov 24 12:54:42 xxxxxxx server[15375]: 2015-11-24T12:54:42Z, ERROR, http.PwmResponse, {c} 5033 ERROR_INVALID_CONFIG (forgotten password recovery sequence completed, but user has not actually satisfied any verification methods)
The error message in the browser is very misleading, also clicking on continue will do nothing in the browser but produce the following messages in the logs:
Nov 24 12:55:34 xxxxxxx server[15375]: 2015-11-24T12:55:34Z, FATAL, servlet.AbstractPwmServlet, 5034 ERROR_INVALID_FORMID
Nov 24 12:55:34 xxxxxxx server[15375]: 2015-11-24T12:55:34Z, ERROR, http.PwmResponse, {c} 5034 ERROR_INVALID_FORMID
If I enter a non existing user name or a user who has configured verification methods, everything is working as expected.
Alex Lucas
Dec 17, 2015, 8:20:13 AM12/17/15
to pwm-general
Hello, I came across the same issue. If the user is not enrolled, he gets the 500 error without any clue what it might be. The continue button does nothing.
zuglu...@gmail.com
Dec 17, 2015, 8:51:39 AM12/17/15
to pwm-general
I get a lot of these HTTP 500 errors in recents builds... Not only in the forgotten password module. It looks like custom error messages just don't work at the moment.
There is also no way of defining the text of this specific HTTP 500 error in the backend.
There is also no way of defining the text of this specific HTTP 500 error in the backend.
zuglu...@gmail.com
Dec 17, 2015, 8:51:48 AM12/17/15
to pwm-general
Jonathan Cauthorn
Mar 14, 2016, 6:42:02 PM3/14/16
to pwm-general
I'm getting the error with
Our PWM was 1.60 and I'm changing multiple things, but the text from the attribute pwmResponse is giving those same errors in the log file.
I've been trying to edit them to different format and it is still giving those same errors in the log.
I'm hoping for some resolution - have you heard anything?
+Jonathan
pwm-1.8.0-SNAPSHOT-2016-01-19T18_44_55Z-pwm-bundle.zip
also.Our PWM was 1.60 and I'm changing multiple things, but the text from the attribute pwmResponse is giving those same errors in the log file.
I've been trying to edit them to different format and it is still giving those same errors in the log.
I'm hoping for some resolution - have you heard anything?
+Jonathan
Jason Rivard
Mar 14, 2016, 7:06:39 PM3/14/16
to pwm-general
Have you tried a more up to date build?
Jonathan Cauthorn
Mar 17, 2016, 3:49:53 PM3/17/16
to pwm-general
Here's the update on the issue.
Background:
1. Currently using version 1.61 in production. Version info from Config file:
<PwmConfiguration pwmVersion="1.6.1" pwmBuild="1123" pwmBuildType="release" createTime="2012-01-30 15:26:25 +0000" modifyTime="2012-06-06 16:33:29 +0000" xmlVersion="2">
2. Currently using eDirectory and eDirectory attributes for saving pwmResponse. The LDAP attribute name used is pwmResponseSet.
3. New system is using Active Directory and an external SQL database for saving pwmResponse. The SQL database Table is PWM_RESPONSES, it has two columns, id and value.
4. I've tried to simply copy the data that exists in the original attribute pwmResponseSet to the corresponding SQL value for the user.
The issue:
1. I just updated to build: PWM v1.8.0-SNAPSHOT b13038137 r9f802607617def42e749d1392a5389d93d40f5ef
with download: pwm-1.8.0-SNAPSHOT-2016-03-17T10_13_54Z-pwm-bundle.zip
from: http://www.pwm-project.org/artifacts/pwm/
2. I verified that a new user can activate a new account, create a password, and set a PWM_RESPONSE id, value record in the database. Here's that string:
<?xml version="1.0" encoding="UTF-8"?><ResponseSet minRandomRequired="1" locale="en" version="2" chaiVersion="0.6.6" caseInsensitive="true" challengeSetID="PWM-defined v1.8.0-SNAPSHOT b13038137 r9f802607617def42e749d1392a5389d93d40f5ef" time="2016-03-17 19:09:19 +0000"><response adminDefined="true" required="false" minLength="4" maxLength="200"><challenge>Mother’s birth city?</challenge><answer salt="elUmGqpWUEBlyWoCbdEJYWy4LXuT3Xci" format="SHA1_SALT" hashcount="100000">B:POaAuzdo0Wq6ubGktjJTBE62Uc4=</answer></response></ResponseSet>
3. I verified that the user can go through the forgotten password process and reset his password correctly. (The answer for the response listed above is "madison1" without quotes).
4. Next, I tried changing the value for the matching id, value entry in the database to a record that was created in the version 1.61 PWM to the following:
0002#.#.#<?xml version="1.0" encoding="UTF-8"?>
<ResponseSet minRandomRequired="0" locale="en_US" version="2" chaiVersion="0.5.0" caseInsensitive="true" challengeSetID="1437168444017" time="2016-03-17 18:34:15 +0000"><response adminDefined="false" required="true" minLength="2" maxLength="255"><challenge><![CDATA[In what city was your mother born?]]></challenge><answer format="SHA1_SALT" salt="6gV9XvsEVoh6noSs49Xc1dhqOPKbvOjI"><![CDATA[m7yIEChANECG8DyLXxpBsFnrnLg=]]></answer></response></ResponseSet>
(Please note: there is a CR/LF after the first line encoding="UTF-8"?> and another CR/LF at the end of the string after </ResponseSet>)
The answer to this question is also "madison1" without the quotes.
5. Here's the log file entries when I try to login:
2016-03-17T14:22:39Z, INFO , auth.LDAPAuthenticationRequest, {19257} authID=7, successful ldap authentication for UserIdentity{"userDN":"CN=Jean-Luc Picard,OU=Faculty,OU=FacStaff,DC=matc,DC=ts,DC=test","ldapProfile":"default"} (31ms) type: AUTHENTICATED, using strategy BIND, using proxy connection: false, returning bind dn: CN=Jean-Luc Picard,OU=Faculty,OU=FacStaff,DC=matc,DC=ts,DC=test [10.122.76.122]
2016-03-17T14:22:39Z, INFO , event.AuditService, audit event: {"perpetratorID":"jpicard9","perpetratorDN":"CN=Jean-Luc Picard,OU=Faculty,OU=FacStaff,DC=matc,DC=ts,DC=test","perpetratorLdapProfile":"default","sourceAddress":"10.122.76.122","sourceHost":"10.122.76.122","type":"USER","eventCode":"AUTHENTICATE","guid":"3791af52-0962-4985-9ff8-a6fc3d7d7dde","timestamp":"2016-03-17T19:22:39Z","message":"type=AUTHENTICATED, source=LOGIN_FORM"}
2016-03-17T14:22:39Z, FATAL, servlet.AbstractPwmServlet, 5015 ERROR_UNKNOWN (unexpected error reading responses for CN=Jean-Luc Picard,OU=Faculty,OU=FacStaff,DC=matc,DC=ts,DC=test from remote database: too few challenges are required)
6. Possible options
- Do I need to reformat the response in some way to work with the newer version?
- Is this a configuration option on the new PWM that needs to be adjusted?
- Is there a configuration option required to make it read the older pwmResponse format?
- Something else?
Thank you for such an amazing product!
+Jonathan
Background:
1. Currently using version 1.61 in production. Version info from Config file:
<PwmConfiguration pwmVersion="1.6.1" pwmBuild="1123" pwmBuildType="release" createTime="2012-01-30 15:26:25 +0000" modifyTime="2012-06-06 16:33:29 +0000" xmlVersion="2">
2. Currently using eDirectory and eDirectory attributes for saving pwmResponse. The LDAP attribute name used is pwmResponseSet.
3. New system is using Active Directory and an external SQL database for saving pwmResponse. The SQL database Table is PWM_RESPONSES, it has two columns, id and value.
4. I've tried to simply copy the data that exists in the original attribute pwmResponseSet to the corresponding SQL value for the user.
The issue:
1. I just updated to build: PWM v1.8.0-SNAPSHOT b13038137 r9f802607617def42e749d1392a5389d93d40f5ef
with download: pwm-1.8.0-SNAPSHOT-2016-03-17T10_13_54Z-pwm-bundle.zip
from: http://www.pwm-project.org/artifacts/pwm/
2. I verified that a new user can activate a new account, create a password, and set a PWM_RESPONSE id, value record in the database. Here's that string:
<?xml version="1.0" encoding="UTF-8"?><ResponseSet minRandomRequired="1" locale="en" version="2" chaiVersion="0.6.6" caseInsensitive="true" challengeSetID="PWM-defined v1.8.0-SNAPSHOT b13038137 r9f802607617def42e749d1392a5389d93d40f5ef" time="2016-03-17 19:09:19 +0000"><response adminDefined="true" required="false" minLength="4" maxLength="200"><challenge>Mother’s birth city?</challenge><answer salt="elUmGqpWUEBlyWoCbdEJYWy4LXuT3Xci" format="SHA1_SALT" hashcount="100000">B:POaAuzdo0Wq6ubGktjJTBE62Uc4=</answer></response></ResponseSet>
3. I verified that the user can go through the forgotten password process and reset his password correctly. (The answer for the response listed above is "madison1" without quotes).
4. Next, I tried changing the value for the matching id, value entry in the database to a record that was created in the version 1.61 PWM to the following:
0002#.#.#<?xml version="1.0" encoding="UTF-8"?>
<ResponseSet minRandomRequired="0" locale="en_US" version="2" chaiVersion="0.5.0" caseInsensitive="true" challengeSetID="1437168444017" time="2016-03-17 18:34:15 +0000"><response adminDefined="false" required="true" minLength="2" maxLength="255"><challenge><![CDATA[In what city was your mother born?]]></challenge><answer format="SHA1_SALT" salt="6gV9XvsEVoh6noSs49Xc1dhqOPKbvOjI"><![CDATA[m7yIEChANECG8DyLXxpBsFnrnLg=]]></answer></response></ResponseSet>
(Please note: there is a CR/LF after the first line encoding="UTF-8"?> and another CR/LF at the end of the string after </ResponseSet>)
The answer to this question is also "madison1" without the quotes.
5. Here's the log file entries when I try to login:
2016-03-17T14:22:39Z, INFO , auth.LDAPAuthenticationRequest, {19257} authID=7, successful ldap authentication for UserIdentity{"userDN":"CN=Jean-Luc Picard,OU=Faculty,OU=FacStaff,DC=matc,DC=ts,DC=test","ldapProfile":"default"} (31ms) type: AUTHENTICATED, using strategy BIND, using proxy connection: false, returning bind dn: CN=Jean-Luc Picard,OU=Faculty,OU=FacStaff,DC=matc,DC=ts,DC=test [10.122.76.122]
2016-03-17T14:22:39Z, INFO , event.AuditService, audit event: {"perpetratorID":"jpicard9","perpetratorDN":"CN=Jean-Luc Picard,OU=Faculty,OU=FacStaff,DC=matc,DC=ts,DC=test","perpetratorLdapProfile":"default","sourceAddress":"10.122.76.122","sourceHost":"10.122.76.122","type":"USER","eventCode":"AUTHENTICATE","guid":"3791af52-0962-4985-9ff8-a6fc3d7d7dde","timestamp":"2016-03-17T19:22:39Z","message":"type=AUTHENTICATED, source=LOGIN_FORM"}
2016-03-17T14:22:39Z, FATAL, servlet.AbstractPwmServlet, 5015 ERROR_UNKNOWN (unexpected error reading responses for CN=Jean-Luc Picard,OU=Faculty,OU=FacStaff,DC=matc,DC=ts,DC=test from remote database: too few challenges are required)
6. Possible options
- Do I need to reformat the response in some way to work with the newer version?
- Is this a configuration option on the new PWM that needs to be adjusted?
- Is there a configuration option required to make it read the older pwmResponse format?
- Something else?
Thank you for such an amazing product!
+Jonathan
Jonathan Cauthorn
Mar 17, 2016, 5:29:40 PM3/17/16
to pwm-general
Update
I was able to reformat the data into a newer format and it seemed to work and was able to perform the forgotten password without generating an error. Here's the data I used that worked:
<?xml version="1.0" encoding="UTF-8"?><ResponseSet minRandomRequired="1" locale="en" version="2" chaiVersion="0.6.6" caseInsensitive="true" challengeSetID="PWM-defined v1.8.0-SNAPSHOT b13038137 r9f802607617def42e749d1392a5389d93d40f5ef" time="2016-03-17 19:09:19 +0000"><response adminDefined="true" required="false" minLength="4" maxLength="200"><challenge>In what city was your mother born?</challenge><answer salt="6gV9XvsEVoh6noSs49Xc1dhqOPKbvOjI" format="SHA1_SALT" hashcount="1">B:m7yIEChANECG8DyLXxpBsFnrnLg=</answer></response></ResponseSet>
It looks like it's having problems reading the old data, but when properly reformatted to be similar to the new format it worked. I had to replace the challenge question, the salt, the hashcount, and the answer. I'm hoping I don't have to do this the the 130,000 responses I have currently. :)
The line above is a combination of the original data from 1.61:
I was able to reformat the data into a newer format and it seemed to work and was able to perform the forgotten password without generating an error. Here's the data I used that worked:
<?xml version="1.0" encoding="UTF-8"?><ResponseSet minRandomRequired="1" locale="en" version="2" chaiVersion="0.6.6" caseInsensitive="true" challengeSetID="PWM-defined v1.8.0-SNAPSHOT b13038137 r9f802607617def42e749d1392a5389d93d40f5ef" time="2016-03-17 19:09:19 +0000"><response adminDefined="true" required="false" minLength="4" maxLength="200"><challenge>In what city was your mother born?</challenge><answer salt="6gV9XvsEVoh6noSs49Xc1dhqOPKbvOjI" format="SHA1_SALT" hashcount="1">B:m7yIEChANECG8DyLXxpBsFnrnLg=</answer></response></ResponseSet>
It looks like it's having problems reading the old data, but when properly reformatted to be similar to the new format it worked. I had to replace the challenge question, the salt, the hashcount, and the answer. I'm hoping I don't have to do this the the 130,000 responses I have currently. :)
The line above is a combination of the original data from 1.61:
0002#.#.#<?xml version="1.0" encoding="UTF-8"?>
<ResponseSet minRandomRequired="0" locale="en_US" version="2" chaiVersion="0.5.0" caseInsensitive="true" challengeSetID="1437168444017" time="2016-03-17 18:34:15 +0000"><response adminDefined="false" required="true" minLength="2" maxLength="255"><challenge><![CDATA[In what city was your mother born?]]></challenge><answer format="SHA1_SALT" salt="6gV9XvsEVoh6noSs49Xc1dhqOPKbvOjI"><![CDATA[m7yIEChANECG8DyLXxpBsFnrnLg=]]></answer></response></ResponseSet>
and a standard format of the new data:
<?xml version="1.0" encoding="UTF-8"?><ResponseSet minRandomRequired="1" locale="en" version="2" chaiVersion="0.6.6" caseInsensitive="true" challengeSetID="PWM-defined v1.8.0-SNAPSHOT b13038137 r9f802607617def42e749d1392a5389d93d40f5ef" time="2016-03-17 19:09:19 +0000"><response adminDefined="true" required="false" minLength="4" maxLength="200"><challenge>Mother’s birth city?</challenge><answer salt="elUmGqpWUEBlyWoCbdEJYWy4LXuT3Xci" format="SHA1_SALT" hashcount="100000">B:POaAuzdo0Wq6ubGktjJTBE62Uc4=</answer></response></ResponseSet>
Jason Rivard
Mar 21, 2016, 6:44:51 PM3/21/16
to pwm-general
I'll have to look into this, I wasn't aware there was a backward-incomptabile breakage. But it may be some time before I am able to dig into it myself.
Message has been deleted
dl.l...@gmail.com
Jul 5, 2016, 11:38:45 PM7/5/16
to pwm-general
I am on pwm-1.8.0-SNAPSHOT-2016-06-26T21:56:01Z-pwm-bundle.zip;
I run into the error as you:
2016-07-06T11:26:09Z, FATAL, servlet.AbstractPwmServlet, 5033 ERROR_INVALID_CONFIG (user is required to complete LDAP attribute check, yet there are no LDAP attribute form items configured)
It turns out that I disabled all Verification Methods, so password reset process failed to work;
I have enabled SMS/Email Token Verification, and set user's email in AD; then the issue is resolved. I am able to reset my password now.
Cheers!
Reply all
Reply to author
Forward
0 new messages