I applied my license number to Tidal Enterprise Orchestrator without problems. I have a problem when trying to "Refresh and Update Cloud License" from the portal. I'm using AD integration and all users from the AD are successfully authenticated at the portal.
But when trying to "Refresh and Update Cloud License" from the portal, I get a 401 error at orchestrator (task:Get Subscription Data for API User) :
The remote server returned an error: (401) Unauthorized.
<nsapi-error-response>User does not have proper authentication.</nsapi-error-response>
And the following extra messages show up at the JBoss terminal:
11:16:27,585 ERROR [com.newscale.bfw.ldap.jldap.JLDAPSimpleAuth] (http--0.0.0.0-
8080-4) COR-ID=-5320234174044470466::LDAPException in Simple Auth: : LDAPExcepti
on: Invalid Credentials (49) Invalid Credentials
11:16:27,585 ERROR [com.newscale.bfw.eui.EUIOperationManager] (http--0.0.0.0-808
0-4) COR-ID=-5320234174044470466::EUA Authentication Failed
11:16:27,585 ERROR [com.newscale.bfw.signon.AuthenticationManager] (http--0.0.0.
0-8080-4) COR-ID=-5320234174044470466::EUI Flow exception: : com.newscale.bfw.eu
i.EUIException: EUA Authentication Failed
So, looks like the user executing the process does not have proper authorization. I've tried it with nsapiuser (who is a CPTA and Site Administrator) and with another user I called svc_cloud (who is CPTA).
Any hints on what I might be missing?
With directory integration and SL authentication enabled. Note that in 9.4.1 SL authentication is enabled by default (you can see it in the Administration -> settings, at the end of the list, that Inbound HTTP Requests Authentication is enabled), you need to:
- Login with your nsapi account to get a local account created.
- Go to Org designer and set the nsapi account pwd as the same as the AD pwd.
We have another issue that happnes some times, where nsapi stops working and you need to restart Request Center, but you would see a different exception in the log.
I hope it helps.
You can disable SL authentication to take out one of the variables, and see if works, but you should try to get it working with SL authentication later.
The directory integration mapping has password as one of the fields and you normally sync it with user name or something else because it cannot be the real AD password. When you login with the NSAPI account the pwd may get re-mapped . The steps I normally do are login as NSAPI account, get the local account created, update the pwd and then do not login as NSAPI account again to avoid re-mapping.
** Please also restart Request Center.
Thanks for the support. I had forgotten to update the two target properties as well. Those auth errors no longer happen, but a new one is preventing the service item to be created and the license refreshing process to finish:
Unable to fully resolve expression, as Reference to Property ResultTable.FirstRow.Feature of ActivityInstance 0b67ac58-5093-42ef-8b2c-a9d775a343e7. could not be resolved.
That happens at the "Update Service Item" task, invoked by Manage License Data process.
Any infos ?
Thanks for the help.