I am using UMRA by Tools4ever and getting this error.
Error decrypting text. Cannot decompose encoded and encrypted input text.
Error '-1' while changing the password for the Google user '%username%' in the Google domain '%GoogleSessionId%'. Error decrypting Password.
Error in action 'Google User change password'. Script continues.
The file that this is pulling the username and password from is a file that I created by right clicking and selecting "new text file" and pasted the information in. I also attempted typing the same information into a new file to get past any possibility that something followed that shouldn't have.
Make sure you are using an Set Encrypted variable action when setting the password for Google Setup Connection or the reset password action for Google. If you are still having problems, then please call our support hotline or chat at Tools4ever.com
Related
I have an app which allows the user to reset password. I user the django authentification system but everytime I want to send an email I get the error ' 535, b'5.7.8 Username and Password not accepted. '.
I have already generated and app password and replace the password in my "settings.py" but I still get this error.
have you
tried sending passwords with a separate python script or application like the REST Client in VSC to assure the credentials are working? At least when using gmail I know you have to adapt the security settings in the gmail account used.
checked e.g. by using print statements (ONYL in you dev environment!) that the credentials are available as expected?
At the IS startup the following error log is given from the WSO2 IS.
TID: [-1234] [Framework Event Dispatcher: Equinox Container: d811a5a1-f0c4-4281-a1db-ce17d0928da4] ERROR {org.wso2.carbon.user.core.config.UserStoreConfigXMLProcessor} - [] encryption of Property=password failed
org.bouncycastle.jcajce.provider.util.BadBlockException: unable to decrypt block
at org.bouncycastle.jcajce.provider.asymmetric.rsa.CipherSpi.getOutput(Unknown Source) ~[bcprov-jdk15on-1.70.jar:1.70.0]
at org.bouncycastle.jcajce.provider.asymmetric.rsa.CipherSpi.engineDoFinal(Unknown Source) ~[bcprov-jdk15on-1.70.jar:1.70.0]
at javax.crypto.Cipher.doFinal(Cipher.java:2164) ~[?:1.8.0_191]
at org.wso2.carbon.user.core.config.UserStoreConfigXMLProcessor.decryptProperty(UserStoreConfigXMLProcessor.java:469) ~[org.wso2.carbon.user.core_4.6.0.87.jar:?]
at org.wso2.carbon.user.core.config.UserStoreConfigXMLProcessor.resolveEncryption(UserStoreConfigXMLProcessor.java:338) [org.wso2.carbon.user.core_4.6.0.87.jar:?]
...
The error log is saying that the password is not encrypted. So what are the steps that can be followed to fix this issue?
To fix this issue, follow the steps given below.
1st scenario (For JDBC user stores)
First, try to find whether the erroneous user store is mentioned in
the wso2carbon.log file.
If so, go to the <IS_HOME>/repository/deployment/server/userstores
and open the user store .xml file.
Then find the <Property name="password">****</Property> This might
even contain an extra attribute like encrypted="true"
Here, you will find the encrypted password.
Then change it to this and save. <Property name="password" encrypted="false">the non encrypted password</Property>
Make sure to add the non encrypted password between the <Property name="password">...</Property> with encrypted is set it to false.
And check the wso2carbon.log whether it is giving an error. If not,
the issue is fixed.
2nd scenario
The .xml file change did not work.
Then start the Management Console and go to user stores and list down the user store and update the password there(You should type the non-encrypted password).
And check the wso2carbon.log to see whether it is giving an error. If not, the issue is fixed.
3rd scenario
The issue is still there even if the user store mentioned in the wso2carbon.log is gone under the 1st and 2nd scenarios.
Then open the Management console and list the user stores to check whether the all the user stores are there.
If there is a user store missing, then the error is related to that and not the one mentioned in the wso2carbon.log The wso2carbon.log is only showing a log related to the last user store.
The follow the steps in the scenario 2 to update the password of the user store that is not getting listed.
4th scenario
The scenario 1 and 2 didn't work and all the user stores are getting listed in the management console.
Then list the users and role and list the user stores there. If there is not a user store getting listed there then the issue is related to that.
Then follow the steps in the scenario 2 to fix that.
5th scenario
There is no <Property name="password">***</Property> in the .xml file.
Then the user store related to that user store can be an LDAP or AD.
Try finding <Property name="ConnectionPassword">****</Property> in the .xml file and follow the steps from 1 to 4.
If all of the scenarios are not working and there is a custom user store in action, get the source code of that user store and debug it.
Even if there is a custom user store in action, the above mentioned steps should help to narrow down the issue.
I'm trying to create a password to a new user created on WSO2-IS 5.11.0 using the link sent by email, but I'm facing an error after click on Proceed:
In the log it doesn't show anything
Version: 5.11.0
When you get the mail check the password recovery link that you have received. There are two ways that you can find the link.
You can copy the link by right-clicking on the button.
Recovery link at the bottom of the page.
You should see a recovery link as below.
https://localhost:9443/accountrecoveryendpoint/confirmrecovery.do?confirmation=ea626c2f-47f7-4184-b927-5f230686716c&userstoredomain=PRIMARY&username=sominda&tenantdomain=carbon.super&callback=https%3A%2F%2Flocalhost%3A9443%2Fauthenticationendpoint%2Flogin.do%3Fclient_id%3DMY_ACCOUNT%26code_challenge%3Dmiilh2DN9GCQwLQVBn8s99fc2_D9Q8YoCAFX7GA4dLs%26code_challenge_method%3DS256%26commonAuthCallerPath%3D%2Foauth2%2Fauthorize%26forceAuth%3Dfalse%26passiveAuth%3Dfalse%26redirect_uri%3Dhttps%3A%2F%2Flocalhost%3A9443%2Fmyaccount%2Flogin%26response_mode%3Dform_post%26response_type%3Dcode%26scope%3DSYSTEM+openid%26tenantDomain%3Dcarbon.super%26sessionDataKey%3D1ca27665-1d5c-41f6-9e3e-e320139e2b94%26relyingParty%3DMY_ACCOUNT%26type%3Doidc%26sp%3DMy+Account%26isSaaSApp%3Dtrue%26authenticators%3DBasicAuthenticator%3ALOCAL
Check the value for the confirmation param. According to what you have recieved the its value should be %s. This means that the recovery code is not properly set in the email.
The reason for this can be an error when updating the email template. The email template for password recovery should contain a placeholder for confirmation. Make sure the placeholder is as follows.
confirmation={{confirmation-code}}
This should resolve your issue.
i can't encrypt Embedded LDAP password in repository/conf/identity/embedded-ldap.xml file on Identity Server 5.6.0.
I encrypted a password in embedded-ldap.xml file.
In "cipher-tool.properties" file i have string:
EmbeddedLdap.Property.ConnectionPassword=repository/conf/identity/embedded-ldap.xml//EmbeddedLDAPConfig/EmbeddedLDAP/Property[#name='connectionPassword'],false.
In cipher-text.properties i have encrypted password for it.
But when i launch Identity Server i get error:
LDAP: error code 49 - INVALID_CREDENTIALS: Bind failed: ERR_229 Cannot authenticate user uid=admin,ou=system.
How to encrypt Embedded Ldap Password?
Also there is "PartitionAdmin" password in embedded-ldap.xml file. I encrypted it. IS is started normal with this encrypted password.
I tested the scenario and found out that it does not retrieve the value from cipher-text.properties file for the "connectionPassword" property in the <IS_HOME>/repository/conf/identity/embedded-ldap.xml by following secretAlias="EmbeddedLdap.Property.ConnectionPassword".
Instead, it uses the value defined inline within the embedded-ldap.xml file. Because, server startup does not fail if we add the correct password in embedded-ldap.xml file as following. (Ps: "test123" is the password I've defined as "ConnectionPassword" for the UserStoreManager in user-mgt.xml)
<EmbeddedLDAP>
<Property name="connectionPassword" svns:secretAlias="EmbeddedLdap.Property.ConnectionPassword">test123</Property>
So this seems to be a bug/limitation in the WSO2 Identity Server and you can report it by opening an issue in the GitHub repository.
However please note that the embedded LDAP is provided only for evaluations purposes. Please use an external user store (LDAP or JDBC) in production environments.
I am unable to connect to the Thick Client.
I am getting the below mentioned error:
"The User ID or Password that u entered is incorrect".
But i am sure that the User ID and Password is correct because i use the same credentials to log into my thin client.
Siebel always shows that error message if anything goes wrong while authenticating the user. Anything may be:
Wrong username or password.
Database not available.
SRF file is corrupted.
SRF file is out of date (specially, if there have been any changes to the tables and those changes are not compiled in your SRF).
CFG file is not properly configured.
Custom code on ApplicationStart produces an exception.
...
Doesn't matter what the problem is, Siebel will always tell you that the username/password are wrong.
You may find what your actual problem is by checking the latest siebel.log file, which should be placed in .../Client/log/, unless you changed its location.
As an alternative, you can keep reentering your username and password. Siebel gives you 3 attempts to enter your credentials. The 2 first ones will show the "wrong password" message; however, the third and last attempt will show you the actual problem instead. At least, that's how it works in Siebel 7.8.
Anyway, it's better to just check the log file, since it will contain more information.
1st check your password. Connect to database. Now test connection with thick client ODBC if you are able to successfully connect.And if this works then delete local spf file of user and also delete diccache.dat file created in bin directly.
Then try login. This resolved my issue.
You can refer Oracle support as well if this issue is replicated for you.
https://support.oracle.com/epmos/faces/SearchDocDisplay?_adf.ctrl-state=ntde4ixli_1004&_afrLoop=479412795573402