changed Default Authentication Method (both) and now can't login to web admin

By: Jerry Brower Account Admin 03 Oct 2020 at 11:09 p.m. CDT

4 Responses
Jerry Brower gravatar
I changed Default Authentication Method (both Default ACR and oxTrust ACR) to the LDAP name I created and tested, but now can't login to web admin (oxTrust). browsing to sso.xxxxx.com/ gives: OOPS An unexpected error has occurred at null tail -f /opt/gluu-server/opt/gluu/jetty/identity/logs/* \ /opt/gluu-server/opt/gluu/jetty/oxauth/logs/* Gives: ==> /opt/gluu-server/opt/gluu/jetty/oxauth/logs/oxauth.log <==cd 2020-10-03 14:25:48,617 ERROR [qtp363988129-18] [gluu.oxauth.authorize.ws.rs.AuthorizeAction] (AuthorizeAction.java:285) - Failed to get CustomScriptConfiguration. auth_step: 1, acr_values: NOIRLab AD ==> /opt/gluu-server/opt/gluu/jetty/oxauth/logs/2020_10_04.jetty.log <== 2020-10-03 14:25:48,617 ERROR [qtp363988129-18] [gluu.oxauth.authorize.ws.rs.AuthorizeAction] (AuthorizeAction.java:285) - Failed to get CustomScriptConfiguration. auth_step: 1, acr_values: NOIRLab AD How do I change the Authentication back to defaults (CASA or basic) via SSH into server? I can't find any config file or xml with this.
CentOS 8.0
closed

Answers

By Mohib Zico staff 03 Oct 2020 at 11:30 p.m. CDT

Copy
Mohib Zico gravatar
Hello Jerry, [Here](https://www.gluu.org/docs/gluu-server/4.2/operation/faq/#revert-an-authentication-method) is what you can try. It's always best to _test_ new ACR method in incgonito window / different browser. Something like: Change your desired ACR in primary browser, keep that active.... Test in incognito window / new browser. If anything goes wrong, you can change back with primary browser. Thanks!

By Jerry Brower Account Admin 04 Oct 2020 at 3:21 a.m. CDT

Copy
Jerry Brower gravatar
I am doing: ./ldapmodify -h localhost -p 1636 -D "cn=directory manager" -w "It/'s a matter of trust!" -f changeAuth.ldif but I get error: The LDAP bind request failed: 81 (Server Connection Closed) That is the password I put into the Setup Script for the password used as the LDAP directory manager password, and for the default admin user for oxTrust. (may now regret using a ' and !

By Michael Schwartz Account Admin 05 Oct 2020 at 1:13 p.m. CDT

Copy
Michael Schwartz gravatar
I think the problem here is that the name is "NOIRLab AD", which has a space in it. The `acr_values` parameter in OpenID Connect is space delimited... so I think this name is problematic. I would suggest just leaving the default `auth_ldap_server` server name. That's what Gluu staff will expect anyway.

By Jerry Brower Account Admin 05 Oct 2020 at 2:32 p.m. CDT

Copy
Jerry Brower gravatar
Thanks for you assistance on this. I think we will just roll the whole server back in VMWare to before I made the horrible mistake and re-do this. thanks, Jerry

Post an answer