Hi
We’ve just started playing with PAS in 11.7. I can see the security stuff has been migrated into oeablsecurity.properties from web.xml. I’ve gone through the steps I had for configuring basic oerealm authentication to the same pas server. We’re making a rest call at the moment but the intention is to turn on authentication for apsv and soap also.
For whatever reason we can’t get this to work and there doesn’t seem to be any KB. We've configured or changed the following.
http.all.authmanager=oerealm
client.login.model=basic
OERealm.AuthProvider.userDomain=Domain
OERealm.AuthProvider.properties.1.key=
OERealm.AuthProvider.properties.1.value=ech1::xxxxxxxxxxxxxxxx (values hidden)
OERealm.UserDetails.realmURL=http://oeserver:17500/apsv
OERealm.UserDetails.realmClass=OSL.Security.Realm.HybridRealm
OERealm.UserDetails.realmTokenFile=oespaclient.cp
In addition I’ve copied the oespaclient.cp file into common/lib.
When running this we get a strange error in the instance log file.
16:36:05.623/265866 [catalina-exec-56] ERROR c.p.a.s.s.OERealmUserDetailsImpl - Username load error for biuser@STYLEsso re: Realm o4gl error: com.progress.open4gl.dynamicapi.SessionPool$NoAvailableSessionsException: SessionPool : NoAvailableSessions[The http protocol connection failed: HTTP client error (403): Forbidden (9990)]
This doesn't make sense. The same apsv transport url is taking connections fine. There is no sign whatsoever that a conection even reaches the appserver. Ive put debug in the HybrdiRealm class and there's nothing in the log file.
Any ideas?
Darren
OERealm.AuthProvider.properties.1.value=ech1::xxxxxxxxxxxxxxxx (values hidden)
OERealm.AuthProvider.properties.1.value=oech1::xxxxxxxxxxxxxxxx (values hidden)
Sorry. My mistake when dropping this into the forum.. The password begins "oech1::" correctly in my oeablsecurity.properties file.
Regards
Darren
Darren,
Is your HybrdiRealm class in the same PASOE instance or a different one.If it is the same and if you are using APSV protocol, then you will go into an endless loop based on your realmURL. If you are using just one PASOE Instance then please change the URL to use the defaults(internal://nxgas).
In-case you are using two different PASOE instance(1 running the WebApplication and the other one having the HybridRealm class) make sure that "APSV" adapter is enabled in openedge.properties. If not you will be seeing a 403 error.
Yes it is. I've only done what I did in a previous version. I've tried it as you suggest but changing the realm back and it doesn't work at all. I don't get an available session error. I just get a user not found message.
Thanks
Darren
Darren,
I believe the "User not found" message is from the ABL, so you can debug the ABL code and see why it says user not found. Does MSAgent logs point the method in which the HybridRealm is failing ?
Hi. This is not the case. My hybrid realm doesnt have text of that nature. I can confirm it never gets to the appserver. No connection at all.
This is a rest call. My property file now points at internal://nxgas and it looks like its using some kind of internal user list. It never makes a call to the appserver. With the realm pointing to the same instance (ie http://localhost:17500/apsv), it falls over with the errors in my first post.
This all worked fine previously.
-Darren
I would have to debug it. Can you try to disable "OERealm.UserDetails.realmTokenFile" property, restart the instance and try again ?
If that doesn't show much information then you can send the repro to me, I can debug it and let you know what might be wrong.
OERealm on 11.7 seems to be working fine for me, so was wondering what might be wrong.
<logger name="com.progress.appserv.services.security" level="DEBUG"/>
If the log files show errors we can help interpret their meaning if they are not clear.