Invalid password message in CSP Application with correct password
Hi,
I have a problem with CSP Application Authentication, when the user input you correct password, however the message "Invalid password" returns.
This error returns just Cache password user type, for user delegated don't.
this error is momentary also, if you wait a moment, it stops.
There are a lot of details not included here which could be necessary. For example:
Are you using a custom login page? The "invalid password" message you state should never be returned by default Cache pages. This message would leak information to an attacker by letting them know that they had found a valid username. "Access denied" is the standard message returned by Cache when a login fails, for any reason.
Have you checked the audit log for login and/or loginfailure events? You may need to enable auditing, and then the individual event types, then reproduce the problem. The loginfailure event should give a reason for the failure to log in. Depending on what's happening here, it may not be the same as the error returned to the user.
Hi Katherine,
Our page is custom only in layout and the message is return of the Caché.
I checked the audit log for login and login failure events, and shows this:
9
2018-07-13 13:50:33.749
%System
%Login
Logout
10388
4yM9pLPnE4
cache.user
/csp/application/ Session end
10
2018-07-13 13:50:32.875
%System
%Login
Login
1490
4yM9pLPnE4
cache.user
/csp/application/ login
11
2018-07-13 13:50:24.474
%System
%Login
LoginFailure
21532
zdLzeDMmcj
cache.user
/csp/application login failure
12
2018-07-13 13:49:39.865
%System
%Login
Logout
25316
Ai7zeADmrW
cache.user
/csp/application/ Session end
13
2018-07-13 13:49:38.988
%System
%Login
Login
21532
Ai7zeADmrW
/csp/application/ login
The massage of the LoginFairue is:
CSP Application: /csp/application
Authentication: Password
Update:
The problem message on the audit log is the session timeout, the logout message (when you logout with a method) is different.