Question
· Dec 4, 2023

Unexpected - /api/atelier login failure

We recently moved from using the Private Web Server, to using an Apache/Web Gateway setup and moved towards using the built in LDAP functionality within IRIS. Since then, we have 1 user that uses VSCode (/api/atelier) heavily that continues to have issues signing into IRIS through VS Code and the /api/atelier extension.

I am trying to troubleshoot two issues..

  • User having login failures with correct password. 

ERROR #798: LDAP login failed
ERROR #971: Invalid LDAP password, error 49, Invalid credentials:80090308: LdapErr: DSID-0C090449, comment: AcceptSecurityContext error, data 52e, v3839:ERROR_LOGON_FAILURE:Invalid password
Web Application: /api/atelier

  • UnknownUser trying to authenticate

ERROR #815: User not authorized for service %Service_WebGateway
Web Application: /api/atelier

When I started reviewing the login failure, I noticed that after he attempts to sign in and it fails that I am getting a warning about UnknownUser attempting to access %Service_WebGateway.

settings.json on vs code is configured..

"intersystems.servers": {

        "iristest": {

            "webServer": {

                "scheme": "https",

                "host": <server name>,

                "port": 443
            },

            "username": <user name>

        }

}

Are there additonal intersystems.server configuration settings I am missing that is possibly causing the UnknownUser and LDAP Authentication issues? I don't want to risk opening %Service_WebGateway and opening it to UnknownUser

Product version: IRIS 2022.1
Discussion (8)4
Log in or sign up to continue

Yes... 

I have no issues with VSCode, its just the one user. The issue with the user I believe is with LDAP not InterSystems as the same error happens when trying to sign into the Management Portal, periodically. 

Does /api/atelier need to have unauthenticated turned on? Why am I seeing the 

ERROR #815: User not authorized for service %Service_WebGateway
Web Application: /api/atelier

I don't want Unauthenticated users to access the system or be able to get through the Web Gateway at all...