Troubleshooting RSA SecurID Access Application Portal unsuccessful logon message due to a bad identity source bind
Originally Published: 2016-08-17
Article Number
Applies To
Issue
A user attempts to login to the application portal with valid username/password but logon is unsuccessful.
Cause
Resolution
If the bind connection to a directory server is incorrectly configured messages similar to the ones below will be present:
2016-08-16/21:42:58.773/UTC [ajp-apr-8009-exec-5] WARN com.symplified.adapter.userstores.ldap.LdapUserStoreConnectionImpl[94] - Failed to create initial dir context for LDAP connection. LDAP server is 'ldap://192.168.20.120:389' principal is 'administrator@example.com'. Try one more time ...
2016-08-16/21:42:58.780/UTC [ajp-apr-8009-exec-5] ERROR com.symplified.adapter.userstores.ldap.LdapUserStoreConnectionImpl[122] - Failed to create initial dir context for LDAP connection. LDAP server is 'ldap://192.168.20.120:389' principal is 'administrator@example.com'. CAUSE: [LDAP: error code 49 - 80090308: LdapErr: DSID-0C0903A8, comment: AcceptSecurityContext error, data 52e, v1db1]
2016-08-16/21:42:58.780/UTC [ajp-apr-8009-exec-5] ERROR com.symplified.adapter.userstores.ldap.LdapUserStoreConnectionImpl[122] - Failed to create initial dir context for LDAP connection. LDAP server is 'ldap://192.168.20.120:389' principal is 'administrator@example.com'. CAUSE: [LDAP: error code 49 - 80090308: LdapErr: DSID-0C0903A8, comment: AcceptSecurityContext error, data 52e, v1db1]
These errors also show in the /var/log/symplified/symplified.log which can be obtained as described in the article on how to Generate and Download an Identity Router Log Bundle.
Ensure that the identity source's directory server bind username/password have been configured with valid credentials. The connection can be tested using the steps outlined in the article on how to Test the Connection to a Directory Server.
