Support Article
"Connection failed" error for Gadget Configuration on IAC
SA-1136
Summary
We have the IAC host configured correctly with prconfig.xml updated properly.
When using the Gadget Setup utilities provided in the PRGateway application errors are occuring with user authentication.
Whenever we provide a PRPC username and password for the gadget setup, I get a Connection Failed error.
On the other hand, when providing an incorrect password, the system shows that the password is incorrect, so the request is hitting the server.
Error Messages
Connection failed. Try again.
Steps to Reproduce
1. Setup host connection on IAC.
2. Attempt to create a gadget in Gadget Setup.
Root Cause
The root cause of this problem is defect/misconfiguration in the PRPC operating environment.
The PRPC application deployment is secured by WebSphere standard LTPA and the user implimentation uses desktop level authentication. The Gateway request is coming from a seperate server and is NOT a user but a process.
Gadget Setup Requests from the gateway like this:
https://<server name>:443/iacprg/PRPCGateway/[email protected]PRServlet/hKeujXpdNeeGNfcFyN5JtPDen35ZbX2c*/!UMMedBH/$PegaACCORD?pyActivity=%40baseclass.doUIAction&action=display&UserIdentifier=<PRPC_USERID>&Password=<base64_url_encoded>&encrypt=false&harnessName=createIACGadgets&className=PegaAccel-IAC-Admin
are getting errors in WebSphere like this:
[8/21/14 15:27:24:969 EDT] 00000271 LTPAServerObj E SECJ0369E: Authentication failed when using LTPA. The exception is com.ibm.websphere.wim.exception.PasswordCheckFailedException: CWWIM4537E No principal is found from the <PRPC_USERID>' principal name..
This is occuring before PRPC gets the request.
The user <PRPC_USERID> is a PRPC only user id so it’s not going to exists in any company wide user store. It looks like when the request above gets to WebSphere it is trying to authenticate against the userIdentifier and password provided in our URL. We don’t need it to do this, PRPC will authenticate the user.
Resolution
The solution was to use a none secure host/port in the gateway Host defintion for PRPC. This way LTPA/COREid authentication occures at the gateway level and the proxy functionlity of the gateway requests to PRPC do not go through the same websphere level authentication.
This is fine for thier development efforts in using the Gadget Setup tools provided in the gateway.
Published June 12, 2015 - Updated October 8, 2020
Have a question? Get answers now.
Visit the Collaboration Center to ask questions, engage in discussions, share ideas, and help others.