RE: liferay 7 tomcat 8 bundle authentication failure

Luke Palnau, modified 8 Years ago.

liferay 7 tomcat 8 bundle authentication failure

New Member Posts: 12 Join Date: 5/2/17 Recent Posts

Hi folks, I have been fighting with my first fresh installations of liferay ce 7. Here is my version.sh output:

Using CATALINA_BASE:   /usr/local/liferay/tomcat-8.0.32
Using CATALINA_HOME:   /usr/local/liferay/tomcat-8.0.32
Using CATALINA_TMPDIR: /usr/local/liferay/tomcat-8.0.32/temp
Using JRE_HOME:        /usr/local
Using CLASSPATH:       /usr/local/liferay/tomcat-8.0.32/bin/bootstrap.jar:/usr/local/liferay/tomcat-8.0.32/bin/tomcat-juli.jar
Server version: Apache Tomcat/8.0.32
Server built:   Feb 2 2016 19:34:53 UTC
Server number:  8.0.32.0
OS Name:        FreeBSD
OS Version:     11.0-RELEASE-p9
Architecture:   amd64
JVM Version:    1.8.0_131-b11
JVM Vendor:     Oracle Corporation

I have successfully gone through the installation wizard locally on my win7 laptop with and without sample data, hsql and postgresql. But my installation attempts on the ec2 server are not going so well. I have removed the /usr/local/liferay folder and extracted the bundle zip to /usr/local/liferay. I have dropped, recreated, and granted all privileges to the postgresql 9.4 database I'm trying to use for this. Here is my /usr/local/liferay/portal-ext.properties with the passwords swapped out:

admin.email.from.address=test@umich.edu
admin.email.from.name=DevConnect NonProd
company.default.name=DevConnect NonProd
company.default.web.id=umich.edu
default.admin.first.name=Agile
default.admin.screen.name=AgileTeam
default.admin.last.name=Team
default.admin.email.address.prefix=test
default.admin.password=B0B2496285CF274EB298AAFE2E8F370AFCA21257C6C01665FFEEB051D44767E0
jdbc.default.driverClassName=org.postgresql.Driver
jdbc.default.password=981FC62577417A3BC049F0E6A6BC9A9AD929F1F34B94752BCBEB3F8DA156A776
jdbc.default.url=jdbc:postgresql://test.umich.edu:5432/devconnect_np?ssl=true&amp;sslfactory=org.postgresql.ssl.NonValidatingFactory
jdbc.default.username=devconnect_np
liferay.home=/usr/local/liferay
setup.wizard.add.sample.data=off
setup.wizard.enabled=false
#company.security.auth.requires.https=true
#session.enable.phishing.protection=false
#web.server.http.port=80
#web.server.https.port=443
#web.server.protocol=https
web.server.host=connect-np.dev.umich.edu
#redirect.url.security.mode=domain
#redirect.url.domains.allowed=connect-np.dev.umich.edu

I can see the homepage at http://connect-np.dev.umich.edu:8080 and click on sign in, in the upper right. But when I try logging in with the test@umich.edu email address and the default admin password specified in my portal-ext.properties I see the following warning log entry:

21:47:47,632 WARN  [http-nio-8080-exec-3][SecurityPortletContainerWrapper:348] User 0 is not allowed to access URL http://connect-np.dev.umich.edu:8080/web/guest/home and portlet com_liferay_login_web_portlet_LoginPortlet

My browser goes to:

http://connect-np.dev.umich.edu:8080/web/guest/home?p_p_id=com_liferay_login_web_portlet_LoginPortlet&amp;p_p_state=exclusive&amp;p_p_mode=view&amp;_com_liferay_login_web_portlet_LoginPortlet_javax.portlet.action=%2Flogin%2Flogin&amp;_com_liferay_login_web_portlet_LoginPortlet_mvcRenderCommandName=%2Flogin%2Flogin&amp;p_p_lifecycle=0

And the page has an unstyled form with the email address & password

I started looking in the user_ and comparing the records created on the server install vs my local postgresql installation, to see if maybe the password didn't get set properly, but nothing obvious stands out to me. The error kind of sounds like it isn't authenticating to the user, because userid 0 doesn't exist. My default admin user has a userid of 20156.

Hoping this is something obvious, or maybe there is a doc/wiki page I'm not finding that point how to turn the logging levels up for liferay 7 (tomcat 8 bundle) so that I can get more debug logs for the com.liferay.login namespace to see if there is an earlier failure that is not represented well by the warning. Thank you for your help.

-Luke

David H Nebinger, modified 8 Years ago.

RE: liferay 7 tomcat 8 bundle authentication failure

Liferay Legend Posts: 14933 Join Date: 9/2/06 Recent Posts

Luke Palnau:

21:47:47,632 WARN  [http-nio-8080-exec-3][SecurityPortletContainerWrapper:348] User 0 is not allowed to access URL http://connect-np.dev.umich.edu:8080/web/guest/home and portlet com_liferay_login_web_portlet_LoginPortlet

So this is actually a Liferay issue. I'm facing it at one client now, and I've heard of sporadic reports from other Liferayers too.

At this point the cause is unknown to me, but there are LESA tickets open on it.

If you're a DXP customer, I recommend opening your own LESA ticket so, once the solution is found, you'll get the fix right away. I know that support has been able to replicate the issue and it's working through the support process, I just don't know what the cause is.

If you're not a DXP customer, well then the option would seem to be waiting for someone to figure it out or track it down on your own. So far I haven't heard of anyone else in the forums hitting this yet and certainly haven't heard of a solution or recommendation.

Come meet me at Devcon 2017 or 2017 LSNA!

Luke Palnau, modified 8 Years ago.

RE: liferay 7 tomcat 8 bundle authentication failure

New Member Posts: 12 Join Date: 5/2/17 Recent Posts

Thanks David, I feel better that I'm probably not missing something obvious. Not a DXP customer yet, so I'll have to keep an eye on the boards for updates.

Today, I tried pointing my local windows installation at the server's postgresql database (created by the server installation), and I was able to login. I then spun up an aws linux instance and did the installation using the existing server's postgresql database and it failed to login with the same log file warning entry and unstyled login page in the browser.

Is this v6.2 page still applicable to version 7? Specifically the note at the bottom about creating a "META-INF/portal-log4j-ext.xml" to be able to turn up the log4j verbosity of given namespaces?

Is there a good reference to what we would be losing if we hold off on installing v7 and install v6 instead?

-Luke

Christoph Rabel, modified 8 Years ago.

RE: liferay 7 tomcat 8 bundle authentication failure

Liferay Legend Posts: 1555 Join Date: 9/24/09 Recent Posts

You could try to enable debug log for com.liferay.portlet.
It should tell you the exact exception (I took a quick look into the code of SecurityPortletContainerWrapper). Maybe it gives you a better insight, what causes the issue.

Luke Palnau, modified 8 Years ago.

RE: liferay 7 tomcat 8 bundle authentication failure

New Member Posts: 12 Join Date: 5/2/17 Recent Posts

To enable that logging level in v7 is it still creating the log4j-ext.properties in the META-INF folder? I will try it, I see a log4j.properties higher up and the current catalina.out log entries mention logging config is from logging.properties.

-Luke

Luke Palnau, modified 8 Years ago.

RE: liferay 7 tomcat 8 bundle authentication failure

New Member Posts: 12 Join Date: 5/2/17 Recent Posts

So it turns out, many vms later that it seemed to do with how I was first accessing the instance in my browser for the initial login, I had already setup the dns record and had been using the domain name, once I tried to access the site using the server's ip address it let me login successfully. Wish I had stumbled upon this days ago. emoticon

I came to this conclusion when I launched an ec2 instance from a working instance based on the bitnami liferay 7 ami in the aws marketplace and it gave the login error, while the original running instance didn't.

Amos Fong, modified 7 Years ago.

RE: liferay 7 tomcat 8 bundle authentication failure

Junior Member Posts: 40 Join Date: 11/18/14 Recent Posts

Hi ,

We are also facing this issue at our environment.
We have setup these below properties in portal-ext.properties file

jdbc.default.jndi.name=java:jboss/LiferayPool
redirect.url.security.mode=ip
redirect.url.ips.allowed=SERVER_IP

#for clearing browser cache.
browser.cache.disabled=true
browser.cache.signed.in.disabled=true

#for defalut password policy set
passwords.default.policy.change.required=false

# Set this to true to enable reminder queries that are used to help reset a
# user's password.
users.reminder.queries.enabled=false
users.reminder.queries.custom.question.enabled=false

We couldn't find out the exact cause. Can someone help us to resolve this issue

Community

Company

Feedback

Ask Questions and Find Answers

Important:

Ask is now read-only. You can review any existing questions and answers, but not add anything new.

But - don't panic! While ask is no more, we've replaced it with discuss - the new Liferay Discussion Forum! Read more here here or just visit the site here:

discuss.liferay.com

RE: liferay 7 tomcat 8 bundle authentication failure