rest service authenticatoin issue after upgrade from BP6.4.3 to BP.610.2

marco.pogliaghi · ‎09-03-22

Hi, I ran in this issue after updating from BP6.4 to 6.10: I usually made some calls to rest services, something of this type:
https://ROBOT:PORT/user name USER&password PWD&status
after the 6.10 upgrade this call did not worked anymore: I had an "AUTHENTICATION FAILED" response on the password step (and then a "USER NOT SET"), also if I postposed to the USER, my company's domain, like:
https://ROBOT:PORT/user name [email protected]&password PWD
I obtained a:

Could not find active password for user [email protected]

(and SOAP web services, restartyed to work using the new [email protected] user)
Do someone of you encountered (and hopefully solved) this same problem?
Thank you,
marco

------------------------------
Marco Oreste Pogliaghi
------------------------------

John__Carter · ‎09-03-22

Hi Marco - is it related to this setting that was introduced between 6.4 and 6.10, and is enabled by default.

This is from the Help:

Session management enforces permissions of controlling user

Enabled by default. When enabled, when session control actions are requested the permissions of the controlling user will be validated. If disabled, the session control actions validate the permissions of the account used to authenticate the runtime resource against the environment.

It is recommended that this setting is enabled. When enabled, the create, start and delete resource pc commands are no longer valid. They are replaced by the commands: createas, startas, deleteas

------------------------------
John Carter
Professional Services
Blue Prism
------------------------------

marco.pogliaghi · ‎10-03-22

Hi John, thank you for your reply, I'm not sure it applies to my case: I've the error just on authentication, far before asking for any other action.

I've tried without the flag, and the issue remains unaltered:

https://ROBOT:PORT/user name USER&password PWD

returns

USER SET

AUTHENTICATION FAILED

while

https://ROBOT:PORT/user name [email protected]&password PWD

returns:

USER SET

Could not find active password for user [email protected]

The issue seems more related to some default use of domain suffix or user type, also, it is strange that "getCredential" authenticates the "[email protected]" (and no more the "USER" as in 6.4).

Is there some other default changed? Which different authentication steps do the rest service and the getCredential action?

Maybe the rest service does not authenticate no more system users?

Or there is some defaults changed or that have to be considered in managing of users (I see BPAUser table is a bit different from 6.4 to 6.10)

Thank you,

marco

------------------------------
Marco Oreste Pogliaghi
------------------------------

John__Carter · ‎10-03-22

Hi Marco - without knowing how your environment is set up it's hard for me to help, and it might be more productive to raise a Support ticket. But if your environment is set up for native authentication (and not SSO) then I guess the first thing is to confirm that you are using the correct user name and password, and that you can manually log into the BP UI. I know this sounds obvious but it is a necessary 'sanity' check.

------------------------------
John Carter
Professional Services
Blue Prism
------------------------------

marco.pogliaghi · ‎10-03-22

Hi John. just for a report it seems that the error was due to a misconfiguration that permitted dual authentication (both SSO and native), after being returned to the 6.4 image and redone the promotion with only SSO authentication, it worked.
Thanks,
marco

------------------------------
Marco Oreste Pogliaghi
------------------------------

SS&C Blue Prism Community

rest service authenticatoin issue after upgrade from BP6.4.3 to BP.610.2

Session management enforces permissions of controlling user