Unable to log in to Workflow IDE, invalid username or password.

Document ID : KB000054221
Last Modified Date : 14/02/2018
Show Technical Document Details

Description:

This document will describe the cause and resolution to one reason for receiving an invalid username or password from the CA Workflow IDE when the user information is valid and all permissions are set correctly.

Solution:

There are some situations where when attempting to log in to the CA Workflow IDE, you are presented with the error message 'Invalid Username or Password", even though you can successfully log directly in to eIAM/EEM with that same username and password.

A quick check can be done in the pdm_tomcat.log or pdm_tomcat_CAWF.log file in $NX_ROOT/log.
If you find the message:

WARNING: Failed to authenticate application with eTrust Embedded IAM backend server
[Authenticate Error: Authentication Failed, Identity Attempted: null]

in that log file, then this means that the password in the usd_eiam_cert.p12 file has gotten out of sync.

To resolve this, we will reissue the certificate file.

  1. Extract the contents of the attached file (which is issuecert.xml) to the ca/SharedComponents/iTechnology directory

  2. Open this file in a text editor and change the value for Attach label to your label value. Usually this will be ServiceDesk-hostname
    This value can be verified in $NX_ROOT/nx.env by searching for @NX_EIAM_APPINST_LABEL=

  3. Next, the value for password will need to be changed. The value in the file is in plain text, no encryption. Just type in your current EiamAdmin password and save the file. This xml file can be deleted after the new certificate has been created, no plain text passwords will be available within the p12 file.

  4. From a command line, navigate to the iTechnology directory and issue the following command:
    safex -h hostname -u EiamAdmin -p password -f issuecert.xml 
    Where "password" is the password for the EiamAdmin user.

    This will generate a new usd_eiam_cert.p12 file in this iTechnology directory.

  5. Shut down Service Desk, delete the current usd_eiam_cert.p12 from $NX_ROOT/site and replace it with this new one.

  6. If you do not want to delete the current p12 file, rename it so that the extension is not p12 such as usd_eiam_cert.p12.bak

  7. Stop and restart iGateway

  8. Restart Service Desk
File Attachments:
TEC492767.zip