Re: PCCE 12.6 Login by name via Finesse API does not work

Javier Aparicio · ‎02-01-2022

In PCCE 12.6, SOMETIMES, I have the follwing issue: when login by agent name it does return a "The user specified in the authentication credentials and the uri don't match" error. After restarting the server it works fine. The same happens to a customer of mine. Does anybody know how to troubleshoot it?

88032: [INFO]: [call-id []] [agent-id [531401]]: [Jan 27 2022 16:00:55.059 +0100]: [http-apr-127.0.0.1-8082-exec-14]: [c.c.c.f.s.ElapsedTimeFilter]: [REQUEST_START] method_name: GET, resource_name: /User/aparj01, user: 531401, parameters: { nocache=[1643295654928], }

88033: [INFO]: [call-id []] [agent-id [531401, aparj01]]: [Jan 27 2022 16:00:55.059 +0100]: [http-apr-127.0.0.1-8082-exec-14]: [c.c.c.f.a.u.UserService]: [API_REQUEST] Request from client to webservice api. agent_id: , request_id: null, request_method: user.GET, request_url: User/aparj01, params: aparj01

88034: [WARN]: [call-id []] [agent-id [531401, aparj01]]: [Jan 27 2022 16:00:55.060 +0100]: [http-apr-127.0.0.1-8082-exec-14]: [c.c.c.f.c.s.ValidationBase]: [UNAUTHORIZED_401] Http error 401 is returned to the client. code: 4509, message: INVALID_AUTHORIZATION_USER, description: The user specified in the authentication credentials and the uri don't match

88035: [INFO]: [call-id []] [agent-id [531401, aparj01]]: [Jan 27 2022 16:00:55.071 +0100]: [http-apr-127.0.0.1-8082-exec-14]: [c.c.c.f.s.ElapsedTimeFilter]: [REQUEST_END] Request complete. time_elapsed: 11 time_to_complete_stats: 0 ms

Same request after restarting server:

723520: [INFO]: [call-id []] [agent-id [531401]]: [Feb 01 2022 08:26:53.806 +0100]: [http-apr-127.0.0.1-8082-exec-1]: [c.c.c.f.s.ElapsedTimeFilter]: [REQUEST_START] method_name: GET, resource_name: /User/aparj01, user: 531401, parameters: { nocache=[1643700413725], }
723521: [INFO]: [call-id []] [agent-id [531401, aparj01]]: [Feb 01 2022 08:26:53.807 +0100]: [http-apr-127.0.0.1-8082-exec-1]: [c.c.c.f.a.u.UserService]: [API_REQUEST] Request from client to webservice api. agent_id: 531401, request_id: null, request_method: user.GET, request_url: User/aparj01, params: aparj01
723522: [INFO]: [call-id []] [agent-id [531401, aparj01]]: [Feb 01 2022 08:26:53.807 +0100]: [http-apr-127.0.0.1-8082-exec-1]: [c.c.c.f.a.u.UserService]: [USER_SERVICE] User request for 531401 and is from proxy false proxyHostName lab04pefin1a.lab.lan
723523: [INFO]: [call-id []] [agent-id [531401, aparj01]]: [Feb 01 2022 08:26:53.807 +0100]: [http-apr-127.0.0.1-8082-exec-1]: [c.c.c.f.s.ElapsedTimeFilter]: [REQUEST_END] Request complete. time_elapsed: 0 time_to_complete_stats: 0 ms

Thanks

Javi

bill.king1 · ‎02-01-2022

Haven't heard of that before, but a couple of questions:

* In the above test, every time you try that user, it doesn't work, until you do the restart? Or could you try and log them in 4 times, and 3 times it works and one time it doesn't?

* Is it always the same users with the issue, or all users?

* Does it also fail at the same time if you try it on the server in the other data center/B side?

* When you're having the issue with the user, does the same problem happen if they try and login normally without the API? In other words, could this be a general issue and not something tied to the API?

Just throwing some general ideas out there to see if it can narrow down the situation.

Javier Aparicio · ‎02-01-2022

I tried triggering it again after the restart, and I was not able to reproduce it. Activating the SSO / Hybrid SSO did not make any change. I will post here next time I will face the same issue.

Regarding the questions:

- When it occurs, it fails on each try.

- It's an internal lab, and I tried with two users. Next time I will repeat the login for more users.

- Did not try with B side neither.

- It does not happen when loging normally, only via API.

I will keep you posted the next time it happens.

Thanks for the answer!

dekwan · ‎02-01-2022

Hi,

I too have not seen this issue before.

You said: It does not happen when loging normally, only via API.

So, I assume that you are making these API requests outside of the Finesse Agent Desktop. Could it be that the client you are using to make these requests is caching a previous/old username/password? If I am remembering correctly, you can find the username that is used in the request in the realm logs.

Also, which API are you trying to use? Is it the GET user id from login name (https://developer.cisco.com/docs/finesse/#!user%e2%80%94get-user-id-from-loginname)?

Thanx,

Denise

Javier Aparicio · ‎02-07-2022

Hi Denise,

The client is not caching the previous authentication. It is a browser client. I tried with different browsers and no luck so far.

The API I am using is the one you pointed. Can you please double check with the Finesse team the statement in the docs is true? "This API is only supported for Unified CCE deployments." I have always used it against PCCE and I never got any issue, but the one I am having now.

After I restarted finesse I did not have the issue anymore. I do not know how to make it to trigger again to help with the troubleshooting.

Best,

Javi

dekwan · ‎02-07-2022

Hi,

Can you please double check with the Finesse team the statement in the docs is true? "This API is only supported for Unified CCE deployments." I have always used it against PCCE and I never got any issue, but the one I am having now.

Yes, it works for PCCE. The note should probably be changed to just say "CCE deployments" rather than using Unified.

After I restarted finesse I did not have the issue anymore. I do not know how to make it to trigger again to help with the troubleshooting.

Since it isn't reproducible right now, the only thing you can check is the realm logs for the timestamp that you were trying and seeing if there is anything that stands out. The next time it happens, I would do the same and check the realm logs.

Thanx,

Denise