|Applies To||Affected Versions: 4.X; 3.6.X|
|Resolution||On login, we take the userID, validate that it *is* in our database, and then send it and the users password to the authentication source for validation. If it is a valid combination, then we grant access. Again, there is no password storage or look-up from our tables. |
After a fresh Install of ACM, the AveksaAdmin password is 'aveksa123'. On first login, a prompt will appear to change the password. You can then reset it to new password, which takes effect on next login.
To change AveksaAdmin password
To setup the password for the TestAuth
In Admin-Settings you can add a custom property:
All these flags are cached for better performance. It is necessary to Log out and then log in for the changes to take effect.
After trying the above steps, if the user login fails, then check whether Demo Authentication is set up on the system.
Installing the TestAuth Provider
In order to log in as a user other than AveksaAdmin you will need to upload or validate the existence of TestAuthProvider.config. This file can be found in
For Tomcat (with Aveksa 3.X) ->/usr/bin/tomcat/webapps/aveksa/WEB-INF/config/
For jboss (with Aveksa 4.x) ->/home/oracle/jboss/server/default/deploy/aveksa.ear/aveksa.war/WEB-INF/config
If you are not able to see this file then copy this file from respective locations as mentioned below-
For Tomcat (with Aveksa 3.X)
For jboss (with Aveksa 4.x)
Once the file is in place, insert a row into the configuration table as follows:
Login to Database as 'avuser' and execute the below command-
INSERT INTO T_AUTH_CONFIGURATIONS
(ID, IDC_ID, AUTH_PROVIDER_NAME, AUTH_CONFIGURED_PROPERTIES,AUTH_PROVIDER_TYPE,AUTH_PROVIDER_CLASS)
VALUES(AUTH_CONFIGURATION_SEQUENCE.nextval, 1, 'TestAuthProvider',
'<?xml version="1.0" encoding="UTF-8"?><properties></properties>',
After modifying the table,restart the ACM.
Note: if the above fails to allow general user login, the Active Directory collector number entered above (“1”) may be incorrect. You can manually edit the table and insert the correct collector number.
Now you can login with just a user id. Select a user from the unified users, then login as that user id and see what the difference is between a “regular” user and the Admin.
NOTE: In the case where there is more than 1 IDC configured, more entries will have to added into the T_AUTH_CONFIGURATIONS table and the "TestAuthProvider.config" will have to be duplicated for the other IDCs. For example, if there is another IDC called "MySecondAuthProvider", then in this case the following needs to be done
1. First copy the TestAuthProvider.config to MySecondAuthProvider.config from their actual locations.
(For example copy the /usr/bin/tomcat/webapps/aveksa/WEB-INF/config/TestAuthProvider.config into /usr/bin/tomcat/webapps/aveksa/WEB-INF/config/MySecondAuthProvider.config).
2. Find out the IDC ID of this auth provider by looking at the "ID" column in the T_DATA_COLLECTORS table.
select ID,NAME from T_DATA_COLLECTORS;
3. Insert a new entry into the T_AUTH_CONFIGURATIONS table using the query above and using IDC_DC from the ID column mentioned above, and the name should be "MySecondAuthProvider".
The same process can be repeated for other IDCs. As mentioned above, once the entries have been added and the file created, a server restart is required.