G
george.ene
Guest
Hello, I am trying realize the basic setup for OERealm in 12.1. I want to do this for the “default” or “empty “ domain. I did the basic setup following the 11.7 model before and I am now trying to replicate it in 12.1. I already read OE12 and OERealm - is it working? - Forum - OpenEdge Development - Progress Community and tried to use answers from there without much success. My setup: I generate the client principal file using "genspacp -password mypassword" and added in oepas/common/lib Generate the registry file using "gendomreg domain.csv registryfile" and added "registryfile" to oepas/conf domain.csv file content : , OESPA, encrypted_password_genereatedby_genspacp I used the same implementation for HybridRealm as I did in 11.7 . Mine is very close to the version offered in this article: https://knowledgebase.progress.com/...o-configure-OERealm-authentication-with-PASOE Values of various Properties in oeablSecurity.properties : http.all.authmanager=oerealm client.login.model=form OERealm.AuthProvider.multiTenant=true OERealm.AuthProvider.registryFile=registryFile OERealm.AuthProvider.userDomain= OERealm.AuthProvider.expires=0 OEClientPrincipalFilter.enabled=true OEClientPrincipalFilter.registryFile=registryfile OEClientPrincipalFilter.domain= OEClientPrincipalFilter.roles= OEClientPrincipalFilter.authz=true OEClientPrincipalFilter.expires=0 OEClientPrincipalFilter.accntinfo=false OEClientPrincipalFilter.ccid=false OEClientPrincipalFilter.anonymous=false OEClientPrincipalFilter.sealAnonymous=false OEClientPrincipalFilter.appName=OE OEClientPrincipalFilter.forwardToken=false OEClientPrincipalFilter.passthru=false OEClientPrincipalFilter.domainRoleFilter= OEClientPrincipalFilter.loadAccntAttrList= OEClientPrincipalFilter.validateClientDomain=false OERealm.UserDetails.realmURL=internal://nxgas OERealm.UserDetails.realmClass=Auth.HybridRealm OERealm.UserDetails.grantedAuthorities=ROLE_PSCUser OERealm.UserDetails.appendRealmError=false OERealm.UserDetails.propertiesAttrName= OERealm.UserDetails.userIdAttrName= OERealm.UserDetails.realmTokenFile=oespaclient.cp The authentication fails at HybridRealm level on the clientPrincipal:validate-seal(pass) call. The errors are as follows : “bad account secret - Bad credentials” “denied anonymousUser [/web/pdo/…] [hasAnyRole('ROLE_PSCUser')] - Access is denied”. I tried changing the values of some of the properties in oeablSecurity.properties and the domain.csv file to some other options with the same results. If some one can spot an error or point to a relevant resource for my problem it would be much appreciated.
Continue reading...
Continue reading...