Hello,
I am trying realize the basic setup for OERealm in 12.1.
I want to do this for the “default” or “empty “ domain.
I did the basic setup following the 11.7 model before and I am now trying to replicate it in 12.1.
I already read https://community.progress.com/community_groups/openedge_development/f/19/t/57784 and tried to use answers from there without much success.
My setup:
domain.csv file content :
,
OESPA,encrypted_password_genereatedby_genspacp
http.all.authmanager=oerealm
client.login.model=form
OERealm.AuthProvider.multiTenant=true
OERealm.AuthProvider.registryFile=registryFile
OERealm.AuthProvider.userDomain=
OERealm.AuthProvider.expires=0
OEClientPrincipalFilter.enabled=true
OEClientPrincipalFilter.registryFile=registryfile
OEClientPrincipalFilter.domain=
OEClientPrincipalFilter.roles=
OEClientPrincipalFilter.authz=true
OEClientPrincipalFilter.expires=0
OEClientPrincipalFilter.accntinfo=false
OEClientPrincipalFilter.ccid=false
OEClientPrincipalFilter.anonymous=false
OEClientPrincipalFilter.sealAnonymous=false
OEClientPrincipalFilter.appName=OE
OEClientPrincipalFilter.forwardToken=false
OEClientPrincipalFilter.passthru=false
OEClientPrincipalFilter.domainRoleFilter=
OEClientPrincipalFilter.loadAccntAttrList=
OEClientPrincipalFilter.validateClientDomain=false
OERealm.UserDetails.realmURL=internal://nxgas
OERealm.UserDetails.realmClass=Auth.HybridRealm
OERealm.UserDetails.grantedAuthorities=ROLE_PSCUser
OERealm.UserDetails.appendRealmError=false
OERealm.UserDetails.propertiesAttrName=
OERealm.UserDetails.userIdAttrName=
OERealm.UserDetails.realmTokenFile=oespaclient.cp
The authentication fails at HybridRealm level on the clientPrincipal:validate-seal(pass) call.
The errors are as follows :
“bad account secret - Bad credentials”
“denied anonymousUser [/web/pdo/…] [hasAnyRole('ROLE_PSCUser')] - Access is denied”.
I tried changing the values of some of the properties in oeablSecurity.properties and the domain.csv file to some other options with the same results.
If some one can spot an error or point to a relevant resource for my problem it would be much appreciated.
For any one that needs an answer: for the simple use case where you don't use multiple domains the only change from OE 11.7 -> OE 12.1 is that the password for the C-P now needs to be in clear text in the .properties file. Beside this everything is the same.
Hi Peter,
Yes : the C-P is generated in 12.1.
I am NOT migrating a 11.7 application , this is a new 12.1 app and server.
For any one that needs an answer: for the simple use case where you don't use multiple domains the only change from OE 11.7 -> OE 12.1 is that the password for the C-P now needs to be in clear text in the .properties file. Beside this everything is the same.
George,
I see you are using the password/domain-access-code in domain.csv using "genspacp" instead of "genpassword". Was that a typo in your post ?