APM using EEM/LDAP for authorization/authentication. User not able to login to CEM with lowercase username.

Document ID : KB000048779
Last Modified Date : 14/02/2018
Show Technical Document Details

Description:

APM using EEM/LDAP for authorization/authentication. User is able to login to CEM with uppercase username but not with lowercase username.

The user receives this error when trying to login with lowercase username:

HTTP ERROR 500. Problem accessing wily/cem/tess/app/j_acegi_security_check. Reason: INTERNAL_SERVER_ERROR

Solution:

Username is member of a new custom/site specific EEM Application group which has been configured to contain the 3 standard CEM groups "Admin", "CEM System Administrator", "CEM Configuration Administrator".

The custom Application group has no specific access policies assigned & after removing user from that group & just assigning directly to the 3 standard groups the lowercase username problem does not occur.

However that workaround is not acceptable because the custom EEM Application group is needed for other CA Product access which shares the same EEM authorization mechanism.

The problem was resolved after disabling the "Cache Global Users" option in EEM using these steps:

Login to CA EEM UI using administrator username EiamAdmin (any Application)


 	Go to Configure -> EEM Server - > Global Users / Global Groups . 

Under the "Reference from an external directory" settings uncheck the option "Cache Global Users" and Save changes.

NOTE: It is recommended that the option "Cache Global Users" is always disabled to allow case-insensitive usernames to be used. There should be no negative performance impact.