Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Username or Password is Incorrect #173

Closed
Martin-Gardner opened this issue May 11, 2021 · 10 comments
Closed

Username or Password is Incorrect #173

Martin-Gardner opened this issue May 11, 2021 · 10 comments
Labels

Comments

@Martin-Gardner
Copy link

Encountered error during federation passive request.

Additional Data

Protocol Name:
Saml

Relying Party:
http://adfs.home.martin-gardner.com/adfs/services/trust

Exception details:
Microsoft.IdentityServer.Web.Authentication.External.ExternalAuthenticationException: The user name or password is incorrect.

at Neos.IdentityServer.MultiFactor.AuthenticationProvider.IsAvailableForUser(Claim identityClaim, IAuthenticationContext context)
at Microsoft.IdentityServer.Web.Authentication.External.ExternalAuthenticationHandler.ProcessContext(ProtocolContext context, IAuthenticationContext authContext, IAccountStoreUserData userData, IClaimsIdentity identity)
at Microsoft.IdentityServer.Web.Authentication.External.ExternalAuthenticationHandler.Process(ProtocolContext context)
at Microsoft.IdentityServer.Web.Authentication.AuthenticationOptionsHandler.Process(ProtocolContext context)
at Microsoft.IdentityServer.Web.PassiveProtocolListener.OnGetContext(WrappedHttpListenerContext context)

The password I am entering is 100% correct - please can you advise?

@redhook62
Copy link
Member

Hi @Martin-Gardner

Your "Data Access Account" has an invalid username or a bad password.

If your Data Repository is ADDS the account must have a SamAccount format domain\username, and it's recommended to set the domainname property in fqdn format
If your Data Repository is SQL Server the account MUST be a SQLServer User (not a windows account), ex: admin, sa
see : https://github.com/neos-sdi/adfsmfa/wiki/01-Installation#sql-configuration-for-mfa-users-profiles or https://github.com/neos-sdi/adfsmfa/wiki/01-Installation#adds-configuration-for-mfa-users-profiles

Check the connection and save the configuration

regards

@Martin-Gardner
Copy link
Author

I will check and get back to you.

Kind regards,

Martin

@Martin-Gardner
Copy link
Author

Martin-Gardner commented May 12, 2021

I swapped to using SQL - i get the following errors in event logs now:

Also note I do not have a 128 char password

#######

Encountered error during OAuth token request.

Additional Data

Exception details:
Microsoft.IdentityServer.Web.Protocols.OAuth.Exceptions.OAuthJWTBearerException: MSIS9421: Received invalid OAuth JWT Bearer request. The JWT Bearer request to get Primary Refresh Token must contain 'aza' scope.
at Microsoft.IdentityServer.Web.Protocols.OAuth.OAuthToken.OAuthJWTBearerRequestContext.ValidateJWTBearer()
at Microsoft.IdentityServer.Web.Protocols.OAuth.OAuthToken.OAuthJWTBearerRequestContext.ValidateCore()

#######

Encountered error during OAuth token request.

Additional Data

Exception details:
Microsoft.IdentityServer.Web.Protocols.OAuth.Exceptions.OAuthInteractionRequiredException: MSIS9452: Interaction is required by the token broker to resolve the issue. The request requires fresh authentication.
at Microsoft.IdentityServer.Web.Protocols.OAuth.OAuthToken.OAuthTokenProtocolHandler.HandleJWTBearerAccessTokenRequest(OAuthJWTBearerRequestContext jwtBearerContext, SessionSecurityToken ssoSecurityToken)
at Microsoft.IdentityServer.Web.Protocols.OAuth.OAuthToken.OAuthTokenProtocolHandler.ProcessJWTBearerRequest(OAuthJWTBearerRequestContext jwtBearerContext)

#######

Encountered error during federation passive request.

Additional Data

Protocol Name:
OAuthAuthorizationProtocol

Relying Party:
urn:ms-drs:434DF4A9-3CF2-4C1D-917E-2CD2B72F515A

Exception details:
Microsoft.IdentityServer.Web.Authentication.External.ExternalAuthenticationException: The value's length for key 'password' exceeds it's limit of '128'.
at Neos.IdentityServer.MultiFactor.AuthenticationProvider.IsAvailableForUser(Claim identityClaim, IAuthenticationContext context)
at Microsoft.IdentityServer.Web.Authentication.External.ExternalAuthenticationHandler.ProcessContext(ProtocolContext context, IAuthenticationContext authContext, IAccountStoreUserData userData, IClaimsIdentity identity)
at Microsoft.IdentityServer.Web.Authentication.External.ExternalAuthenticationHandler.Process(ProtocolContext context)
at Microsoft.IdentityServer.Web.Authentication.AuthenticationOptionsHandler.Process(ProtocolContext context)
at Microsoft.IdentityServer.Web.PassiveProtocolListener.OnGetContext(WrappedHttpListenerContext context)

#######

Error loading User Registration !
The value's length for key 'password' exceeds it's limit of '128'.

#######

An error occurred loading an authentication provider. Fix configuration errors using PowerShell cmdlets and restart the Federation Service.
Identifier: MultiFactorAuthenticationProvider
Context: Passive protocol pipeline

Additional Data
Exception details:
An error occurred initializing the 'MultiFactorAuthenticationProvider' authentication provider.

Many thanks,

Martin

@redhook62
Copy link
Member

Please set the password blank then save the config.
Enter the desired password again and save the config.
then everything should work

regards

@Martin-Gardner
Copy link
Author

Martin-Gardner commented May 12, 2021 via email

@redhook62
Copy link
Member

HI,

You can export your configuration using the Export-MFASystemConfiguration command.
Then change the passwords and passphrase in the XML file (in plain text).
Then re-import the modified file using the Import-MFASystemConfiguration command
If everything is ok, it should work.

regards

@Martin-Gardner
Copy link
Author

Martin-Gardner commented May 21, 2021 via email

@Martin-Gardner
Copy link
Author

Almost there I feel - the password export and import works for active directory works - although I seem to have to do it every configuration change - hay ho. The next issue is the following when trying to enroll in one time phone password

Encountered error during federation passive request.

Additional Data

Protocol Name:
Saml

Relying Party:
http://adfs.home.martin-gardner.com/adfs/services/trust

Exception details:
System.NullReferenceException: Object reference not set to an instance of an object.
at Neos.IdentityServer.MultiFactor.KeysManager.NewKey(String upn)
at Neos.IdentityServer.MultiFactor.AdapterPresentationDefault.GetFormHtmlEnrollOTP(AuthenticationContext usercontext)
at Neos.IdentityServer.MultiFactor.BasePresentation.GetFormHtml(Int32 lcid)
at Neos.IdentityServer.MultiFactor.AdapterPresentation.GetFormHtml(Int32 lcid)
at Microsoft.IdentityServer.Web.Authentication.External.AdapterPresentationWrapper.GetFormHtml(Int32 lcid)
at Microsoft.IdentityServer.Web.UI.CustomAuthenticationPage.get_PageTemplate()
at Microsoft.IdentityServer.Web.UI.PageBase.GetPageHtml()
at Microsoft.IdentityServer.Web.UI.PageBase.Render()
at Microsoft.IdentityServer.Web.Authentication.External.ExternalAuthenticationHandler.Process(ProtocolContext context)
at Microsoft.IdentityServer.Web.Authentication.AuthenticationOptionsHandler.Process(ProtocolContext context)
at Microsoft.IdentityServer.Web.PassiveProtocolListener.OnGetContext(WrappedHttpListenerContext context)

@redhook62
Copy link
Member

redhook62 commented May 24, 2021

Hi @Martin-Gardner

Good for passwords it's OK,
however, passwords are well preserved between each release.
there may be an unfortunate re-encryption with older versions, as the encryption format has changed,
I repeat there is a compatibility mode guaranteeing a correct upgrade.

Otherwise, your problem looks like @gtbuchanan see: 172
Please follow this issue.

regards

@redhook62
Copy link
Member

Hi @Martin-Gardner

I think you must also enter your passphrase in plain text (after exporting your configuration), this must also be over-encrypted

regards

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Projects
None yet
Development

No branches or pull requests

2 participants