About cookies on this site Our websites require some cookies to function properly (required). In addition, other cookies may be used with your consent to analyze site usage, improve the user experience and for advertising. For more information, please review your options. By visiting our website, you agree to our processing of information as described in IBM’sprivacy statement. To provide a smooth navigation, your cookie preferences will be shared across the IBM web domains listed here.
Troubleshooting
Problem
Attempting to logon a user into the i2 Analyze Analysis Web Client (AWC) results in an error message and fails to logon. Active Directory for LDAP is being used for authentication. The same user and password is being used for the i2 Analyze Analysis Repository (AR) server that also uses the same AD/LDAP as the AWC, but the login to the AR is successful.
Symptom
The web browser throws the following error message:
- Authentication Failed
The application could not access your account information.
Reload the application to try again.
Cause
Two issues:
- The UserProfileProvider was not set.
- The Principal name is being converted from uppercase to lowercase hence, the comparison when fetching the user profile is failing.
Diagnosing The Problem
The trace file states:
"The file does not contain a profile for the specified user."
USER_AWC is the name in the FileBasedUserProfileProviderUsersDetails.txt, and is also the name in LDAP, so this appeared to be set correctly.
And yet, "The file does not contain a profile for the specified user." is the error message if there is no principal name entry in the file based user profiles for the current user.
Even though the problem is fixed by changing the principal name in lower case in the text file, why is the conversion happening and where it is happening?
The problem is from LDAP. The user mapping used is sAMAccountname which is always in lower case. Whoever gets to maintain the user profile text file must make sure they follow the sAMAccountName value.
Conclusively found out that the behavior of the case changing from higher to lower case must be coming from LDAP. This behavior did not appear when using the File-based user registry. Looking at the logs further and saw many properties being returned by LDAP such as securityName and uniqueSecurityName and are in different cases (these are all in complete Distinguished Name). The server.xml file revealed that the user filter being used is against sAMAccountName. From there, it was discovered that all user accounts are in lower case for sAMAccountName. So all principal names in the file-based user profile should be written lower case (whereas it was written in all CAPS).
Resolving The Problem
Change the name in the FileBasedUserProfileProviderUsersDetails.txt file to lowercase.
[{"Product":{"code":"SSXVTH","label":"i2 Analyze"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Component":"--","Platform":[{"code":"PF033","label":"Windows"},{"code":"PF016","label":"Linux"}],"Version":"4.0.0;4.1.0;4.1.1;4.1.2;4.1.3","Edition":"","Line of Business":{"code":"LOB24","label":"Security Software"}}]
Was this topic helpful?
Document Information
More support for:
i2 Analyze
Software version:
4.0.0, 4.1.0, 4.1.1, 4.1.2, 4.1.3
Operating system(s):
Windows, Linux
Document number:
562345
Modified date:
16 June 2018
UID
swg22004473