When trying to login to NFA 9.3.3 I receive HTTP ERROR 500 Problem accessing /sso/sign-in-process.jsp'.

Document ID : KB000035431
Last Modified Date : 14/02/2018
Show Technical Document Details

Problem: 

When trying to login to NFA 9.3.3 I receive the error below after entering my user credentials:

HTTP ERROR 500

Problem accessing /sso/sign-in-process.jsp. Reason:

    System.Web.Services.Protocols.SoapException: Server was unable to process request. ---> System.Reflection.TargetInvocationException: Exception has been thrown by the target of an invocation. ---> System.Security.Cryptography.CryptographicException: The input data is not a complete block.
   at System.Security.Cryptography.CapiSymmetricAlgorithm.TransformFinalBlock(Byte[] inputBuffer, Int32 inputOffset, Int32 inputCount)
   at System.Security.Cryptography.CryptoStream.Read(Byte[] buffer, Int32 offset, Int32 count)
   at System.IO.StreamReader.ReadBuffer()
   at System.IO.StreamReader.ReadToEnd()
   at NetQoS.ReporterAnalyzer.Business.RASingleSignOn.DecryptFromBytesUsingAES(Byte[] bytes, Byte[] key, Byte[] initializationVector)
   at NetQoS.ReporterAnalyzer.Business.RASingleSignOn.DecryptCAPCBytesAES(Byte[] bytes)
   at NetQoS.ReporterAnalyzer.Business.RASingleSignOn.DecryptCAPCURLString(String base64URLString)
   at NetQoS.ReporterAnalyzer.Business.RASingleSignOn.GetProperty(String propName)
   --- End of inner exception stack trace ---
   at System.RuntimeMethodHandle._InvokeMethodFast(Object target, Object[] arguments, SignatureStruct& sig, MethodAttributes methodAttributes, RuntimeTypeHandle typeOwner)
   at System.RuntimeMethodHandle.InvokeMethodFast(Object target, Object[] arguments, Signature sig, MethodAttributes methodAttributes, RuntimeTypeHandle typeOwner)
   at System.Reflection.RuntimeMethodInfo.Invoke(Object obj, BindingFlags invokeAttr, Binder binder, Object[] parameters, CultureInfo culture, Boolean skipVisibilityChecks)
   at System.Reflection.RuntimeMethodInfo.Invoke(Object obj, BindingFlags invokeAttr, Binder binder, Object[] parameters, CultureInfo culture)
   at NetQoS.Core.Services.Controller.InvokeMethod(Object objectItem, String methodName, Object[] parameters)
   at NetQoS.DataSource.WebService.CallMethod.Invoke(String interfaceName, String methodName, Object[] parameters)
   at NetQoS.DataSource.WebService.SingleSignOnWS.GetProperty(String propName)
   --- End of inner exception stack trace ---

The "Test LDAP" Option in the NFA SSO Config Tool will thrown and error stating "Invalid option Selected" like below:

LDAP_InvalidOption.png

 

Environment:  

NFA 9.3.3 linked to CAPC as a Data Source.

Cause: 

Local Override set in NFA for the "LDAP Connection Password" is not encrypted by the NFA SSO Configuration tool, however the NFA 9.3.3 SSO Module expects the LDAP Password to be encrypted if you are linked to CAPC.  This will only happen if NFA is linked to CAPC, and should not occur with NPC, UIM, or NFA Stanalone.

Resolution/Workaround:

1. Make sure the CAPC SSO Settings have the LDAP Connection Password set with "Remote Override" so that the password will sync down to NFA.  If you make any changes make sure to resync the NFA Data Source.

2. Remove the "Local Override" in NFA for the "LDAP Connection Password" by running the query below on the NFA Console server:

mysql -P3308 -D reporter -t -e "delete from performance_center_properties where PropName = 'LdapConnectionPassword' and Priority = 2;"

3. Attempt to login to NFA again.

Additional Information:

 

CAPC SSO Configuration Guide