We have wired our External Authentication of Rollbase to our Progress OE database. As a Master Zone admin, I logged into the Rollbase tenant with the External Authentication and created a new Rollbase user with the same Login Name as in our user record in the Progress OE database.
I received a password reset email from Rollbase that indicates the External Authentication is in use but I cannot log in with the username using the password that's in our Progress OE database. When I attempt to reset the password, Rollbase indicates the user doesn't exist.
I do not see any errors in our Rollbase logs or in the local logs of the AppServer or database to indicate an issue though I do see our code firing on the AppServer to validate my user. It actually appears from what I see in our logs that the call into the AppServer completed a round trip with Rollbase even.
I thought this should work just as our existing users in the tenant do but it seems that we, now, cannot add new Rollbase users to the tenant.
Just noticed that as a Master Zone admin, I can "Login As" these new users to the tenant with External Authentication if that has any bearing on what might have happened.
Hi Jeff,
I think there might be problem while creating user in Rollbase. Could you try to re-create the user again in Rollbase. And also to re-confirm, can you please check whether the 'Login Name' and 'OE database user name' same or not.
Thanks & Regards,
Kiran Avs.
I deleted the two user accounts I created. Recreated one and created a another new one. All the accounts in Rollbase had "Login Name"s that match their OE database user name. The two user creations did show me the green "Success" banner when creating the accounts. For one account just went to the Rollbase site and tried to log in, the other used the link in the email you receive from an account creation to try and log in. Both behave as it did before. "Invalid username or password" and if I try to reset the password via the Rollbase link, it says the accounts don't exist.
Hi Jeff,
Are these users listed as Subscribers in the Customer record in master zone?
Regards,
Orchid
I see one of the accounts in the subscriber list but not the other.
Is that the first admin only?
In the document when using External Authentication it says: "If external authentication is set up Rollbase is no longer managing users' passwords. In this case "Change My Password" link is disabled. We strongly recommend that you modify an email template which welcomes new users and clearly indicate selected authentication method."
See more info at Chapter 9 > External Authentication
http://documentation.progress.com/output/Rollbase/RB_User_Guide.pdf
Regards,
Orchid
Actually these are two new normal users. We have accounts previously created in this tenant, before External Authentication was enabled, and can log in with those just fine. It is only the two new accounts, being created after turning on External Authentication, that are unable to log in. There are accounts, which are not the "first admin" account that work just fine but created prior to turning on External Authentication.
The email the tenant sent during account creation mentions explicitly External Authentication with no change from us:
Welcome to Progress Rollbase!
Login Information
User Name: jbeisch
Temporary Password: Passwords are managed by external system
Login URL: xxxxxxxxx.xxxx.xxx/.../login.jsp
After you login using your temporary password you will be asked to create a new password.
Thank you and welcome to Progress Rollbase!
The Progress Rollbase Team
But yes, it can and should be customized more and even removing the "forgot password" link from the login page as well.
Are these files has been copied already from OE library to Rollbase installation directory *lib?
All my drivers goes to "Pas_Instance\common\lib" not sure if we have the same.
RBSPAclient.1.0.0.jar
certj.jar
cryptoj.jar
o4glrt.jar
psccerts.jar
sslj.jar
Regards,
Orchid
Yes we rebooted tomcat that was running the OE realm stuff and now everything works. Thanks for all your help and my apologies for being something like that
That's Great!
No worries :D
Regards,
Orchid
From next release onwards, we are shipping OpenEdge SPA related jars as part of Rollbase distribution. So things would get more streamlined.