When I try to login the first time to the reverse proxy, it succeeds, as it should.
But after I login, without login out, if I try to login again, it will return the error message HPDIA0121W.
How can I change this behaviour?
I need to accept the second login, creating a new session and closing the first session?

------------------------------
Joao Goncalves
Pyxis, Lda.
Sintra
+351 91 721 4994
------------------------------

Original Message:
Sent: 11/16/2020 12:33:00 PM
From: Joao Goncalves
Subject: Multiple login failure

When I try to login the first time to the reverse proxy, it succeeds, as it should.
But after I login, without login out, if I try to login again, it will return the error message HPDIA0121W.
How can I change this behaviour?
I need to accept the second login, creating a new session and closing the first session?

------------------------------
Joao Goncalves
Pyxis, Lda.
Sintra
+351 91 721 4994
------------------------------

Well, the webseal access_log returns 2 accesses to login, both of them return 200.
I am sending a post using curl:
curl -v -s -k --cookie-jar cookie.jar --cookie cookie.jar \
-H 'Content-Type: application/x-www-form-urlencoded' \
-H 'Accept: application/json' \
-X POST https://$HOST/pkmslogin.form?token=Unknown \
--data-ascii "username=$USER&password=$PASS&login-form-type=pwd"

The junction is configured to use OpenID Provider.

But when I get the output in json format from the login I get this error:
"HPDIA0121W:  The requested operation is not valid"

------------------------------
Joao Goncalves
Pyxis, Lda.
Sintra
+351 91 721 4994
------------------------------

Original Message:
Sent: Mon November 16, 2020 03:24 PM
From: Scott Exton
Subject: Multiple login failure

Joao,

 

Further information is really required before I could comment too much on this.  Specifically:

1. do any error messages appear in the WebSEAL log file, and if so, what error messages appear;
2. Is the authentication operation a POST to '/pkmslogin.form' or something different?
3. What type of authentication is being used?

 

 

Scott A. Exton
Senior Software Engineer
Chief Programmer - IBM Security Verify Access
IBM Master Inventor

Phone: 61-7-5552-4008 E-mail: scotte@au1.ibm.com	1 Corporate Court Bundall, QLD 4217 Australia

 

 

Original Message:
Sent: 11/16/2020 12:33:00 PM
From: Joao Goncalves
Subject: Multiple login failure

When I try to login the first time to the reverse proxy, it succeeds, as it should.
But after I login, without login out, if I try to login again, it will return the error message HPDIA0121W.
How can I change this behaviour?
I need to accept the second login, creating a new session and closing the first session?

------------------------------
Joao Goncalves
Pyxis, Lda.
Sintra
+351 91 721 4994
------------------------------

Original Message:
Sent: 11/16/2020 4:24:00 PM
From: Joao Goncalves
Subject: RE: Multiple login failure

Well, the webseal access_log returns 2 accesses to login, both of them return 200.
I am sending a post using curl:
curl -v -s -k --cookie-jar cookie.jar --cookie cookie.jar \
-H 'Content-Type: application/x-www-form-urlencoded' \
-H 'Accept: application/json' \
-X POST https://$HOST/pkmslogin.form?token=Unknown \
--data-ascii "username=$USER&password=$PASS&login-form-type=pwd"

The junction is configured to use OpenID Provider.

But when I get the output in json format from the login I get this error:
"HPDIA0121W:  The requested operation is not valid"

------------------------------
Joao Goncalves
Pyxis, Lda.
Sintra
+351 91 721 4994
------------------------------

Original Message:
Sent: Mon November 16, 2020 03:24 PM
From: Scott Exton
Subject: Multiple login failure

Joao,

 

Further information is really required before I could comment too much on this.  Specifically:

1. do any error messages appear in the WebSEAL log file, and if so, what error messages appear;
2. Is the authentication operation a POST to '/pkmslogin.form' or something different?
3. What type of authentication is being used?

 

 

Scott A. Exton
Senior Software Engineer
Chief Programmer - IBM Security Verify Access
IBM Master Inventor

Phone: 61-7-5552-4008 E-mail: scotte@au1.ibm.com	1 Corporate Court Bundall, QLD 4217 Australia

 

 

Original Message:
Sent: 11/16/2020 12:33:00 PM
From: Joao Goncalves
Subject: Multiple login failure

When I try to login the first time to the reverse proxy, it succeeds, as it should.
But after I login, without login out, if I try to login again, it will return the error message HPDIA0121W.
How can I change this behaviour?
I need to accept the second login, creating a new session and closing the first session?

------------------------------
Joao Goncalves
Pyxis, Lda.
Sintra
+351 91 721 4994
------------------------------

The request_log file contains the following entries:
685 192.168.34.209 - xxxxxxx 16/Nov/2020:21:20:52 +0000 "POST /pkmslogin.form?token=Unknown HTTP/1.1" 200 102
686 192.168.34.209 - xxxxxxx 16/Nov/2020:21:20:53 +0000 "POST /pkmslogin.form?token=Unknown HTTP/1.1" 200 123
687 192.168.34.209 - xxxxxxx 16/Nov/2020:21:20:53 +0000 "POST /pkmslogout HTTP/1.1" 200 74

------------------------------
Joao Goncalves
Pyxis, Lda.
Sintra
+351 91 721 4994
------------------------------

Original Message:
Sent: Mon November 16, 2020 04:35 PM
From: Scott Exton
Subject: Multiple login failure

Does anything get written to the WebSEAL message log?

 

 

Scott A. Exton
Senior Software Engineer
Chief Programmer - IBM Security Verify Access
IBM Master Inventor

Phone: 61-7-5552-4008 E-mail: scotte@au1.ibm.com	1 Corporate Court Bundall, QLD 4217 Australia

 

 

Original Message:
Sent: 11/16/2020 4:24:00 PM
From: Joao Goncalves
Subject: RE: Multiple login failure

Well, the webseal access_log returns 2 accesses to login, both of them return 200.
I am sending a post using curl:
curl -v -s -k --cookie-jar cookie.jar --cookie cookie.jar \
-H 'Content-Type: application/x-www-form-urlencoded' \
-H 'Accept: application/json' \
-X POST https://$HOST/pkmslogin.form?token=Unknown \
--data-ascii "username=$USER&password=$PASS&login-form-type=pwd"

The junction is configured to use OpenID Provider.

But when I get the output in json format from the login I get this error:
"HPDIA0121W:  The requested operation is not valid"

------------------------------
Joao Goncalves
Pyxis, Lda.
Sintra
+351 91 721 4994

Original Message:
Sent: Mon November 16, 2020 03:24 PM
From: Scott Exton
Subject: Multiple login failure

Joao,

 

Further information is really required before I could comment too much on this.  Specifically:

1. do any error messages appear in the WebSEAL log file, and if so, what error messages appear;
2. Is the authentication operation a POST to '/pkmslogin.form' or something different?
3. What type of authentication is being used?

 

 

Scott A. Exton
Senior Software Engineer
Chief Programmer - IBM Security Verify Access
IBM Master Inventor

Phone: 61-7-5552-4008 E-mail: scotte@au1.ibm.com	1 Corporate Court Bundall, QLD 4217 Australia

 

 

Original Message:
Sent: 11/16/2020 12:33:00 PM
From: Joao Goncalves
Subject: Multiple login failure

When I try to login the first time to the reverse proxy, it succeeds, as it should.
But after I login, without login out, if I try to login again, it will return the error message HPDIA0121W.
How can I change this behaviour?
I need to accept the second login, creating a new session and closing the first session?

------------------------------
Joao Goncalves
Pyxis, Lda.
Sintra
+351 91 721 4994
------------------------------

Original Message:
Sent: 11/16/2020 4:40:00 PM
From: Joao Goncalves
Subject: RE: Multiple login failure

The request_log file contains the following entries:
685 192.168.34.209 - xxxxxxx 16/Nov/2020:21:20:52 +0000 "POST /pkmslogin.form?token=Unknown HTTP/1.1" 200 102
686 192.168.34.209 - xxxxxxx 16/Nov/2020:21:20:53 +0000 "POST /pkmslogin.form?token=Unknown HTTP/1.1" 200 123
687 192.168.34.209 - xxxxxxx 16/Nov/2020:21:20:53 +0000 "POST /pkmslogout HTTP/1.1" 200 74

------------------------------
Joao Goncalves
Pyxis, Lda.
Sintra
+351 91 721 4994
------------------------------

Original Message:
Sent: Mon November 16, 2020 04:35 PM
From: Scott Exton
Subject: Multiple login failure

Does anything get written to the WebSEAL message log?

 

 

Scott A. Exton
Senior Software Engineer
Chief Programmer - IBM Security Verify Access
IBM Master Inventor

Phone: 61-7-5552-4008 E-mail: scotte@au1.ibm.com	1 Corporate Court Bundall, QLD 4217 Australia

 

 

Original Message:
Sent: 11/16/2020 4:24:00 PM
From: Joao Goncalves
Subject: RE: Multiple login failure

Well, the webseal access_log returns 2 accesses to login, both of them return 200.
I am sending a post using curl:
curl -v -s -k --cookie-jar cookie.jar --cookie cookie.jar \
-H 'Content-Type: application/x-www-form-urlencoded' \
-H 'Accept: application/json' \
-X POST https://$HOST/pkmslogin.form?token=Unknown \
--data-ascii "username=$USER&password=$PASS&login-form-type=pwd"

The junction is configured to use OpenID Provider.

But when I get the output in json format from the login I get this error:
"HPDIA0121W:  The requested operation is not valid"

------------------------------
Joao Goncalves
Pyxis, Lda.
Sintra
+351 91 721 4994

Original Message:
Sent: Mon November 16, 2020 03:24 PM
From: Scott Exton
Subject: Multiple login failure

Joao,

 

Further information is really required before I could comment too much on this.  Specifically:

1. do any error messages appear in the WebSEAL log file, and if so, what error messages appear;
2. Is the authentication operation a POST to '/pkmslogin.form' or something different?
3. What type of authentication is being used?

 

 

Scott A. Exton
Senior Software Engineer
Chief Programmer - IBM Security Verify Access
IBM Master Inventor

Phone: 61-7-5552-4008 E-mail: scotte@au1.ibm.com	1 Corporate Court Bundall, QLD 4217 Australia

 

 

Original Message:
Sent: 11/16/2020 12:33:00 PM
From: Joao Goncalves
Subject: Multiple login failure

When I try to login the first time to the reverse proxy, it succeeds, as it should.
But after I login, without login out, if I try to login again, it will return the error message HPDIA0121W.
How can I change this behaviour?
I need to accept the second login, creating a new session and closing the first session?

------------------------------
Joao Goncalves
Pyxis, Lda.
Sintra
+351 91 721 4994
------------------------------

No, I can't find anything suspicious. The only thing I am getting there is this:
1109 2020-11-16-21:02:45.251+00:00I----- 0x1354A0CD webseald WARNING ivc general azn_maint.cpp 5982 0x7fce1b090840
1110 HPDCO0205W getrlimit(): RLIMIT_AS (rlim_cur: -1 ; rlim_max: -1)

But the timestamp is not current. It must be related with something else.

I repeated the test twice, and I got another set of messages related to the first attempt, but on the second I got no errors. I guess from the first attempt it was just a temporary error:
1113 2020-11-16-21:53:17.436+00:00I----- 0x16B480C9 webseald ERROR rgy ira ira_entry.c 3857 0x7fcdec3aa700
1114 HPDRG0201E Error code 0x51 was received from the LDAP server. Error text: "Can't contact LDAP server".
1115 2020-11-16-21:53:17.436+00:00I----- 0x1354A0C0 webseald WARNING ivc general azn_maint.cpp 1136 0x7fcdf63f1700
1116 HPDCO0192W LDAP server example.com:636 has failed.
1117 2020-11-16-21:53:17.438+00:00I----- 0x132120DB webseald WARNING ias authsvc pdauthn.cpp 1558 0x7fcdec3aa700
1118 HPDIA0219W An unknown user, XXXXXXXX, was presented to Security Access Manager.
1119 2020-11-16-21:53:17.543+00:00I----- 0x1354A0C1 webseald WARNING ivc general azn_maint.cpp 1139 0x7fcdf63f1700
1120 HPDCO0193W LDAP server example.com:636 has recovered.

The second attempt came ofter these lines, and I got no errors in the message file. It just returned the HPDIA0121W warning message.

------------------------------
Joao Goncalves
Pyxis, Lda.
Sintra
+351 91 721 4994
------------------------------

Original Message:
Sent: Mon November 16, 2020 04:47 PM
From: Scott Exton
Subject: Multiple login failure

Joao,

 

Are you able to look in the message log file (not the request.log file).  This file is in the same directory as the request.log file, but should look something like: msg__webseald-<instance>.log.

 

Thanks.

 

 

Scott A. Exton
Senior Software Engineer
Chief Programmer - IBM Security Verify Access
IBM Master Inventor

Phone: 61-7-5552-4008 E-mail: scotte@au1.ibm.com	1 Corporate Court Bundall, QLD 4217 Australia

 

 

Original Message:
Sent: 11/16/2020 4:40:00 PM
From: Joao Goncalves
Subject: RE: Multiple login failure

The request_log file contains the following entries:
685 192.168.34.209 - xxxxxxx 16/Nov/2020:21:20:52 +0000 "POST /pkmslogin.form?token=Unknown HTTP/1.1" 200 102
686 192.168.34.209 - xxxxxxx 16/Nov/2020:21:20:53 +0000 "POST /pkmslogin.form?token=Unknown HTTP/1.1" 200 123
687 192.168.34.209 - xxxxxxx 16/Nov/2020:21:20:53 +0000 "POST /pkmslogout HTTP/1.1" 200 74

------------------------------
Joao Goncalves
Pyxis, Lda.
Sintra
+351 91 721 4994

Original Message:
Sent: Mon November 16, 2020 04:35 PM
From: Scott Exton
Subject: Multiple login failure

Does anything get written to the WebSEAL message log?

 

 

Scott A. Exton
Senior Software Engineer
Chief Programmer - IBM Security Verify Access
IBM Master Inventor

Phone: 61-7-5552-4008 E-mail: scotte@au1.ibm.com	1 Corporate Court Bundall, QLD 4217 Australia

 

 

Original Message:
Sent: 11/16/2020 4:24:00 PM
From: Joao Goncalves
Subject: RE: Multiple login failure

Well, the webseal access_log returns 2 accesses to login, both of them return 200.
I am sending a post using curl:
curl -v -s -k --cookie-jar cookie.jar --cookie cookie.jar \
-H 'Content-Type: application/x-www-form-urlencoded' \
-H 'Accept: application/json' \
-X POST https://$HOST/pkmslogin.form?token=Unknown \
--data-ascii "username=$USER&password=$PASS&login-form-type=pwd"

The junction is configured to use OpenID Provider.

But when I get the output in json format from the login I get this error:
"HPDIA0121W:  The requested operation is not valid"

------------------------------
Joao Goncalves
Pyxis, Lda.
Sintra
+351 91 721 4994

Original Message:
Sent: Mon November 16, 2020 03:24 PM
From: Scott Exton
Subject: Multiple login failure

Joao,

 

Further information is really required before I could comment too much on this.  Specifically:

1. do any error messages appear in the WebSEAL log file, and if so, what error messages appear;
2. Is the authentication operation a POST to '/pkmslogin.form' or something different?
3. What type of authentication is being used?

 

 

Scott A. Exton
Senior Software Engineer
Chief Programmer - IBM Security Verify Access
IBM Master Inventor

Phone: 61-7-5552-4008 E-mail: scotte@au1.ibm.com	1 Corporate Court Bundall, QLD 4217 Australia

 

 

Original Message:
Sent: 11/16/2020 12:33:00 PM
From: Joao Goncalves
Subject: Multiple login failure

When I try to login the first time to the reverse proxy, it succeeds, as it should.
But after I login, without login out, if I try to login again, it will return the error message HPDIA0121W.
How can I change this behaviour?
I need to accept the second login, creating a new session and closing the first session?

------------------------------
Joao Goncalves
Pyxis, Lda.
Sintra
+351 91 721 4994
------------------------------

Original Message:
Sent: 11/16/2020 4:59:00 PM
From: Joao Goncalves
Subject: RE: Multiple login failure

No, I can't find anything suspicious. The only thing I am getting there is this:
1109 2020-11-16-21:02:45.251+00:00I----- 0x1354A0CD webseald WARNING ivc general azn_maint.cpp 5982 0x7fce1b090840
1110 HPDCO0205W getrlimit(): RLIMIT_AS (rlim_cur: -1 ; rlim_max: -1)

But the timestamp is not current. It must be related with something else.

I repeated the test twice, and I got another set of messages related to the first attempt, but on the second I got no errors. I guess from the first attempt it was just a temporary error:
1113 2020-11-16-21:53:17.436+00:00I----- 0x16B480C9 webseald ERROR rgy ira ira_entry.c 3857 0x7fcdec3aa700
1114 HPDRG0201E Error code 0x51 was received from the LDAP server. Error text: "Can't contact LDAP server".
1115 2020-11-16-21:53:17.436+00:00I----- 0x1354A0C0 webseald WARNING ivc general azn_maint.cpp 1136 0x7fcdf63f1700
1116 HPDCO0192W LDAP server example.com:636 has failed.
1117 2020-11-16-21:53:17.438+00:00I----- 0x132120DB webseald WARNING ias authsvc pdauthn.cpp 1558 0x7fcdec3aa700
1118 HPDIA0219W An unknown user, XXXXXXXX, was presented to Security Access Manager.
1119 2020-11-16-21:53:17.543+00:00I----- 0x1354A0C1 webseald WARNING ivc general azn_maint.cpp 1139 0x7fcdf63f1700
1120 HPDCO0193W LDAP server example.com:636 has recovered.

The second attempt came ofter these lines, and I got no errors in the message file. It just returned the HPDIA0121W warning message.

------------------------------
Joao Goncalves
Pyxis, Lda.
Sintra
+351 91 721 4994
------------------------------

Original Message:
Sent: Mon November 16, 2020 04:47 PM
From: Scott Exton
Subject: Multiple login failure

Joao,

 

Are you able to look in the message log file (not the request.log file).  This file is in the same directory as the request.log file, but should look something like: msg__webseald-<instance>.log.

 

Thanks.

 

 

Scott A. Exton
Senior Software Engineer
Chief Programmer - IBM Security Verify Access
IBM Master Inventor

Phone: 61-7-5552-4008 E-mail: scotte@au1.ibm.com	1 Corporate Court Bundall, QLD 4217 Australia

 

 

Original Message:
Sent: 11/16/2020 4:40:00 PM
From: Joao Goncalves
Subject: RE: Multiple login failure

The request_log file contains the following entries:
685 192.168.34.209 - xxxxxxx 16/Nov/2020:21:20:52 +0000 "POST /pkmslogin.form?token=Unknown HTTP/1.1" 200 102
686 192.168.34.209 - xxxxxxx 16/Nov/2020:21:20:53 +0000 "POST /pkmslogin.form?token=Unknown HTTP/1.1" 200 123
687 192.168.34.209 - xxxxxxx 16/Nov/2020:21:20:53 +0000 "POST /pkmslogout HTTP/1.1" 200 74

------------------------------
Joao Goncalves
Pyxis, Lda.
Sintra
+351 91 721 4994

Original Message:
Sent: Mon November 16, 2020 04:35 PM
From: Scott Exton
Subject: Multiple login failure

Does anything get written to the WebSEAL message log?

 

 

Scott A. Exton
Senior Software Engineer
Chief Programmer - IBM Security Verify Access
IBM Master Inventor

Phone: 61-7-5552-4008 E-mail: scotte@au1.ibm.com	1 Corporate Court Bundall, QLD 4217 Australia

 

 

Original Message:
Sent: 11/16/2020 4:24:00 PM
From: Joao Goncalves
Subject: RE: Multiple login failure

Well, the webseal access_log returns 2 accesses to login, both of them return 200.
I am sending a post using curl:
curl -v -s -k --cookie-jar cookie.jar --cookie cookie.jar \
-H 'Content-Type: application/x-www-form-urlencoded' \
-H 'Accept: application/json' \
-X POST https://$HOST/pkmslogin.form?token=Unknown \
--data-ascii "username=$USER&password=$PASS&login-form-type=pwd"

The junction is configured to use OpenID Provider.

But when I get the output in json format from the login I get this error:
"HPDIA0121W:  The requested operation is not valid"

------------------------------
Joao Goncalves
Pyxis, Lda.
Sintra
+351 91 721 4994

Original Message:
Sent: Mon November 16, 2020 03:24 PM
From: Scott Exton
Subject: Multiple login failure

Joao,

 

Further information is really required before I could comment too much on this.  Specifically:

1. do any error messages appear in the WebSEAL log file, and if so, what error messages appear;
2. Is the authentication operation a POST to '/pkmslogin.form' or something different?
3. What type of authentication is being used?

 

 

Scott A. Exton
Senior Software Engineer
Chief Programmer - IBM Security Verify Access
IBM Master Inventor

Phone: 61-7-5552-4008 E-mail: scotte@au1.ibm.com	1 Corporate Court Bundall, QLD 4217 Australia

 

 

Original Message:
Sent: 11/16/2020 12:33:00 PM
From: Joao Goncalves
Subject: Multiple login failure

When I try to login the first time to the reverse proxy, it succeeds, as it should.
But after I login, without login out, if I try to login again, it will return the error message HPDIA0121W.
How can I change this behaviour?
I need to accept the second login, creating a new session and closing the first session?

------------------------------
Joao Goncalves
Pyxis, Lda.
Sintra
+351 91 721 4994
------------------------------

The customer asked me if someone attempts to login twice, they don't want to get an error message.
And if this is a feature, if they detect this error message HPDIA0121W is returned from an attempt to login does it have this meaning? A second attempt to login?

------------------------------
Joao Goncalves
Pyxis, Lda.
Sintra
+351 91 721 4994
------------------------------

Original Message:
Sent: Mon November 16, 2020 05:22 PM
From: Scott Exton
Subject: Multiple login failure

Joao,

 

I've just tried this in my own environment and get the same behaviour.  WebSEAL doesn't currently support an unsolicited user-name authentication when a session has already been established.  What are you trying to achieve?

 

 

Scott A. Exton
Senior Software Engineer
Chief Programmer - IBM Security Verify Access
IBM Master Inventor

Phone: 61-7-5552-4008 E-mail: scotte@au1.ibm.com	1 Corporate Court Bundall, QLD 4217 Australia

 

 

Original Message:
Sent: 11/16/2020 4:59:00 PM
From: Joao Goncalves
Subject: RE: Multiple login failure

No, I can't find anything suspicious. The only thing I am getting there is this:
1109 2020-11-16-21:02:45.251+00:00I----- 0x1354A0CD webseald WARNING ivc general azn_maint.cpp 5982 0x7fce1b090840
1110 HPDCO0205W getrlimit(): RLIMIT_AS (rlim_cur: -1 ; rlim_max: -1)

But the timestamp is not current. It must be related with something else.

I repeated the test twice, and I got another set of messages related to the first attempt, but on the second I got no errors. I guess from the first attempt it was just a temporary error:
1113 2020-11-16-21:53:17.436+00:00I----- 0x16B480C9 webseald ERROR rgy ira ira_entry.c 3857 0x7fcdec3aa700
1114 HPDRG0201E Error code 0x51 was received from the LDAP server. Error text: "Can't contact LDAP server".
1115 2020-11-16-21:53:17.436+00:00I----- 0x1354A0C0 webseald WARNING ivc general azn_maint.cpp 1136 0x7fcdf63f1700
1116 HPDCO0192W LDAP server example.com:636 has failed.
1117 2020-11-16-21:53:17.438+00:00I----- 0x132120DB webseald WARNING ias authsvc pdauthn.cpp 1558 0x7fcdec3aa700
1118 HPDIA0219W An unknown user, XXXXXXXX, was presented to Security Access Manager.
1119 2020-11-16-21:53:17.543+00:00I----- 0x1354A0C1 webseald WARNING ivc general azn_maint.cpp 1139 0x7fcdf63f1700
1120 HPDCO0193W LDAP server example.com:636 has recovered.

The second attempt came ofter these lines, and I got no errors in the message file. It just returned the HPDIA0121W warning message.

------------------------------
Joao Goncalves
Pyxis, Lda.
Sintra
+351 91 721 4994

Original Message:
Sent: Mon November 16, 2020 04:47 PM
From: Scott Exton
Subject: Multiple login failure

Joao,

 

Are you able to look in the message log file (not the request.log file).  This file is in the same directory as the request.log file, but should look something like: msg__webseald-<instance>.log.

 

Thanks.

 

 

Scott A. Exton
Senior Software Engineer
Chief Programmer - IBM Security Verify Access
IBM Master Inventor

Phone: 61-7-5552-4008 E-mail: scotte@au1.ibm.com	1 Corporate Court Bundall, QLD 4217 Australia

 

 

Original Message:
Sent: 11/16/2020 4:40:00 PM
From: Joao Goncalves
Subject: RE: Multiple login failure

The request_log file contains the following entries:
685 192.168.34.209 - xxxxxxx 16/Nov/2020:21:20:52 +0000 "POST /pkmslogin.form?token=Unknown HTTP/1.1" 200 102
686 192.168.34.209 - xxxxxxx 16/Nov/2020:21:20:53 +0000 "POST /pkmslogin.form?token=Unknown HTTP/1.1" 200 123
687 192.168.34.209 - xxxxxxx 16/Nov/2020:21:20:53 +0000 "POST /pkmslogout HTTP/1.1" 200 74

------------------------------
Joao Goncalves
Pyxis, Lda.
Sintra
+351 91 721 4994

Original Message:
Sent: Mon November 16, 2020 04:35 PM
From: Scott Exton
Subject: Multiple login failure

Does anything get written to the WebSEAL message log?

 

 

Scott A. Exton
Senior Software Engineer
Chief Programmer - IBM Security Verify Access
IBM Master Inventor

Phone: 61-7-5552-4008 E-mail: scotte@au1.ibm.com	1 Corporate Court Bundall, QLD 4217 Australia

 

 

Original Message:
Sent: 11/16/2020 4:24:00 PM
From: Joao Goncalves
Subject: RE: Multiple login failure

Well, the webseal access_log returns 2 accesses to login, both of them return 200.
I am sending a post using curl:
curl -v -s -k --cookie-jar cookie.jar --cookie cookie.jar \
-H 'Content-Type: application/x-www-form-urlencoded' \
-H 'Accept: application/json' \
-X POST https://$HOST/pkmslogin.form?token=Unknown \
--data-ascii "username=$USER&password=$PASS&login-form-type=pwd"

The junction is configured to use OpenID Provider.

But when I get the output in json format from the login I get this error:
"HPDIA0121W:  The requested operation is not valid"

------------------------------
Joao Goncalves
Pyxis, Lda.
Sintra
+351 91 721 4994

Original Message:
Sent: Mon November 16, 2020 03:24 PM
From: Scott Exton
Subject: Multiple login failure

Joao,

 

Further information is really required before I could comment too much on this.  Specifically:

1. do any error messages appear in the WebSEAL log file, and if so, what error messages appear;
2. Is the authentication operation a POST to '/pkmslogin.form' or something different?
3. What type of authentication is being used?

 

 

Scott A. Exton
Senior Software Engineer
Chief Programmer - IBM Security Verify Access
IBM Master Inventor

Phone: 61-7-5552-4008 E-mail: scotte@au1.ibm.com	1 Corporate Court Bundall, QLD 4217 Australia

 

 

Original Message:
Sent: 11/16/2020 12:33:00 PM
From: Joao Goncalves
Subject: Multiple login failure

When I try to login the first time to the reverse proxy, it succeeds, as it should.
But after I login, without login out, if I try to login again, it will return the error message HPDIA0121W.
How can I change this behaviour?
I need to accept the second login, creating a new session and closing the first session?

------------------------------
Joao Goncalves
Pyxis, Lda.
Sintra
+351 91 721 4994
------------------------------