Openedge 12.1 OERealm basic setup - OpenEdge Development - Forum

Posted by george.ene on 17-Feb-2020 14:40

Hello,

I am trying realize the basic setup for OERealm in 12.1.

I want to do this for the “default” or “empty “ domain.

I did the basic setup following the 11.7 model before and I am now trying to replicate it in 12.1.

I already read https://community.progress.com/community_groups/openedge_development/f/19/t/57784 and tried to use answers from there without much success.

My setup:

I generate the client principal file using "genspacp -password mypassword" and added in oepas/common/lib
Generate the registry file using "gendomreg domain.csv registryfile" and added "registryfile" to oepas/conf

domain.csv file content :

OESPA,encrypted_password_genereatedby_genspacp

I used the same implementation for HybridRealm as I did in 11.7 . Mine is very close to the version offered in this article:

https://knowledgebase.progress.com/articles/Article/How-to-configure-OERealm-authentication-with-PASOE

Values of various Properties in oeablSecurity.properties :

http.all.authmanager=oerealm

client.login.model=form

OERealm.AuthProvider.multiTenant=true

OERealm.AuthProvider.registryFile=registryFile

OERealm.AuthProvider.userDomain=

OERealm.AuthProvider.expires=0

OEClientPrincipalFilter.enabled=true

OEClientPrincipalFilter.registryFile=registryfile

OEClientPrincipalFilter.domain=

OEClientPrincipalFilter.roles=

OEClientPrincipalFilter.authz=true

OEClientPrincipalFilter.expires=0

OEClientPrincipalFilter.accntinfo=false

OEClientPrincipalFilter.ccid=false

OEClientPrincipalFilter.anonymous=false

OEClientPrincipalFilter.sealAnonymous=false

OEClientPrincipalFilter.appName=OE

OEClientPrincipalFilter.forwardToken=false

OEClientPrincipalFilter.passthru=false

OEClientPrincipalFilter.domainRoleFilter=

OEClientPrincipalFilter.loadAccntAttrList=

OEClientPrincipalFilter.validateClientDomain=false

OERealm.UserDetails.realmURL=internal://nxgas

OERealm.UserDetails.realmClass=Auth.HybridRealm

OERealm.UserDetails.grantedAuthorities=ROLE_PSCUser

OERealm.UserDetails.appendRealmError=false

OERealm.UserDetails.propertiesAttrName=

OERealm.UserDetails.userIdAttrName=

OERealm.UserDetails.realmTokenFile=oespaclient.cp

The authentication fails at HybridRealm level on the clientPrincipal:validate-seal(pass) call.

The errors are as follows :

“bad account secret - Bad credentials”

“denied anonymousUser [/web/pdo/…] [hasAnyRole('ROLE_PSCUser')] - Access is denied”.

I tried changing the values of some of the properties in oeablSecurity.properties and the domain.csv file to some other options with the same results.

If some one can spot an error or point to a relevant resource for my problem it would be much appreciated.

OpenEdge Development - Forum

All Replies

Posted by Peter Judge on 17-Feb-2020 15:02

Did you regenerate the C-P in 12.1?

In 12.0 changes were made to the C-P that mean that you can't use a C-P generated prior to 12.0 in 12.0 . See docs.progress.com/.../Client-principal-updates.html for details.

Posted by george.ene on 17-Feb-2020 15:11

Hi Peter,

Yes : the C-P is generated in 12.1.

I am NOT migrating a 11.7 application , this is a new 12.1 app and server.

Posted by george.ene on 18-Feb-2020 15:55

For any one that needs an answer: for the simple use case where you don't use multiple domains the only change from OE 11.7 -> OE 12.1 is that the password for the C-P now needs to be in clear text in the .properties file. Beside this everything is the same.

Posted by Irfan on 18-Feb-2020 18:31

George,

I see you are using the password/domain-access-code in domain.csv using "genspacp" instead of "genpassword". Was that a typo in your post ?

This thread is closed