cancel
Showing results for 
Search instead for 
Did you mean: 
cancel

Licensing process

otavio.augusto
Beginner
Beginner

Hi all

I applied my license number to Tidal Enterprise Orchestrator without problems. I have a problem when trying to "Refresh and Update Cloud License" from the portal. I'm using AD integration and all users from the AD are successfully authenticated at the portal.

But when trying to "Refresh and Update Cloud License" from the portal, I get a 401 error at orchestrator (task:Get Subscription Data for API User) :

The remote server returned an error: (401) Unauthorized.

<nsapi-error-response>User does not have proper authentication.</nsapi-error-response>

And the following extra messages show up at the JBoss terminal:

11:16:27,585 ERROR [com.newscale.bfw.ldap.jldap.JLDAPSimpleAuth] (http--0.0.0.0-

8080-4) COR-ID=-5320234174044470466::LDAPException in Simple Auth: : LDAPExcepti

on: Invalid Credentials (49) Invalid Credentials

.

.

.

11:16:27,585 ERROR [com.newscale.bfw.eui.EUIOperationManager] (http--0.0.0.0-808

0-4) COR-ID=-5320234174044470466::EUA Authentication Failed

11:16:27,585 ERROR [com.newscale.bfw.signon.AuthenticationManager] (http--0.0.0.

0-8080-4) COR-ID=-5320234174044470466::EUI Flow exception: : com.newscale.bfw.eu

i.EUIException: EUA Authentication Failed

So, looks like the user executing the process does not have proper authorization. I've tried it with nsapiuser (who is a CPTA and Site Administrator) and with another user I called svc_cloud (who is CPTA).

Any hints on what I might be missing?

Regards


8 REPLIES 8

Julio Silveira
Beginner
Beginner

With directory  integration and SL authentication enabled. Note that in 9.4.1 SL authentication is enabled by default (you can see it in the Administration -> settings, at the end of the list, that Inbound HTTP Requests Authentication is enabled), you need to:

-  Login with your nsapi account to get a local account created.

- Go to Org designer and set the nsapi account pwd as the same as the AD pwd.

We have another issue that happnes some times, where nsapi stops working and you need to restart Request Center, but you would see a different exception in the log.

I hope it helps.

"

Go to Org designer and set the nsapi account pwd as the same as the AD pwd.

"

You mean setting the nsapiuser password I'm logged with right now to the same password nsapiuser has in the AD server?

Thanks for your support.

Yes, the account PO uses to connect to CP  (normally called the nsapi account)  must have the same pwd in AD and local.

If you have SL authentication disabled it is not necessary.

The password for nsapiuser in both AD and PO have always been the same - since it was imported into the portal.

I can even log in to the portal with or without AD enabled with the same password for nsapiuser.

So I have to disable service link authentication by now ?

You can disable SL authentication to take out one of the variables, and see if works, but you should try to get it working with SL authentication later.

The directory integration mapping has password as one of the fields and you normally sync it with user name or something else because it cannot be the real AD password. When you login with the NSAPI account the pwd may get re-mapped . The steps I normally do are login as NSAPI account, get the local account created, update the pwd and then do not login as NSAPI account again to avoid re-mapping.

** Please also restart Request Center.