Troubleshooting RSA SecurID Access Application Portal unsuccessful logon message due to a bad identity source bind
RSA Product Set: SecurID Access
A user attempts to login to the application portal with valid username/password but logon is unsuccessful.
In this case, the bind credentials of the identity source's directory server are misconfigured; that is, an incorrect password or an invalid username.
To investigate an unsuccessful logon an administrator should first view the Administration Console's IDR log for errors. Navigate to Platform > Identity Routers > IDR Click the Edit button then click on View Log.
If the bind connection to a directory server is incorrectly configured messages similar to the ones below will be present:
2016-08-16/21:42:58.773/UTC [ajp-apr-8009-exec-5] WARN com.symplified.adapter.userstores.ldap.LdapUserStoreConnectionImpl - Failed to create initial dir context for LDAP connection. LDAP server is 'ldap://192.168.20.120:389' principal is 'email@example.com'. Try one more time ... 2016-08-16/21:42:58.780/UTC [ajp-apr-8009-exec-5] ERROR com.symplified.adapter.userstores.ldap.LdapUserStoreConnectionImpl - Failed to create initial dir context for LDAP connection. LDAP server is 'ldap://192.168.20.120:389' principal is 'firstname.lastname@example.org'. CAUSE: [LDAP: error code 49 - 80090308: LdapErr: DSID-0C0903A8, comment: AcceptSecurityContext error, data 52e, v1db1]
Ensure that the identity source's directory server bind username/password have been configured with valid credentials. The connection can be tested using the steps outlined in the article on how to Test the Connection to a Directory Server.