000033808 - Troubleshooting RSA SecurID Access Application Portal unsuccessful logon message due to a bad identity source bind

Document created by RSA Customer Support Employee on Aug 23, 2016Last modified by RSA Customer Support Employee on Apr 25, 2017
Version 4Show Document
  • View in full screen mode

Article Content

Article Number000033808
Applies ToRSA Product Set:  SecurID Access
A user attempts to login to the application portal with valid username/password but logon is unsuccessful.

User-added image
CauseIn this case, the bind credentials of the identity source's directory server are misconfigured; that is, an incorrect password or an invalid username.
ResolutionTo investigate an unsuccessful logon an administrator should first view the Administration Console's IDR log for errors.  Navigate to Platform > Identity Routers > IDR   Click the Edit button then click on View Log.
If the bind connection to a directory server is incorrectly configured messages similar to the ones below will be present:
2016-08-16/21:42:58.773/UTC [ajp-apr-8009-exec-5] WARN com.symplified.adapter.userstores.ldap.LdapUserStoreConnectionImpl[94] - Failed to create initial dir context for LDAP connection. LDAP server is 'ldap://' principal is 'administrator@example.com'. Try one more time ...
2016-08-16/21:42:58.780/UTC [ajp-apr-8009-exec-5] ERROR com.symplified.adapter.userstores.ldap.LdapUserStoreConnectionImpl[122] - Failed to create initial dir context for LDAP connection. LDAP server is 'ldap://' principal is 'administrator@example.com'. CAUSE: [LDAP: error code 49 - 80090308: LdapErr: DSID-0C0903A8, comment: AcceptSecurityContext error, data 52e, v1db1]

These errors also show in the /var/log/symplified/symplified.log which can be obtained as described in the article on how to Generate and Download an Identity Router Log Bundle.
Ensure that the identity source's directory server bind username/password have been configured with valid credentials.  The connection can be tested using the steps outlined in the article on how to Test the Connection to a Directory Server.