Environment
NetIQ Self Service Password Reset 3.x
Situation
When trying to use challenge response in SSPR through Access Manager, a "SSPR 5028
Unable to establish a session with your browser. Please close your browser" is received.
Unable to establish a session with your browser. Please close your browser" is received.
Resolution
In Access Manager, enabling cookie mangling for SSPR resolved the issue.
Cause
After setting the SSPR logging to trace, the following error is seen in the log.
2014-08-04 08:26:28, TRACE, provider.WireTraceWrapper, begin op#2 readStringAttribute(cn=user1,ou=users,o=netiq,lockedByIntruder)
2014-08-04 08:26:28, TRACE, provider.WireTraceWrapper, finish op#2 result: null (1ms)
2014-08-04 08:26:28, TRACE, provider.WireTraceWrapper, begin op#3 readStringAttribute(cn=user1,ou=users,o=netiq,loginDisabled)
2014-08-04 08:26:28, TRACE, provider.WireTraceWrapper, finish op#3 result: null (1ms)
2014-08-04 08:26:28, TRACE, cr.NMASCrOperator, starting NMASSessionThread, activeCount=0, NMASSessionThread: {"id":"0","idleTime":"1ms","loginDN":"cn=user1,ou=users,o=netiq","loginResultReady":"false","loginState":"NEW"}
2014-08-04 08:26:28, DEBUG, cr.NMASCrOperator, starting NMASCrOperator watchdog timer, maxIdleThreadTime=5m
<<open session> >> reply (NMAS ID) 181403802
2014-08-04 08:26:28, ERROR, cr.NMASCrOperator, NMASLoginMonitor: LDAPException LDAPException: Invalid Credentials (49) Invalid Credentials
LDAPException: Matched DN:
2014-08-04 08:26:28, TRACE, operations.CrService, {qiw} no responses read using method NMAS [192.0.0.1]
2014-08-04 08:26:28, DEBUG, operations.CrService, {qiw} no responses found for user cn=user1,ou=users,o=netiq [192.0.0.1]
2014-08-04 08:26:28, DEBUG, servlet.ForgottenPasswordServlet, {qiw} 5006 ERROR_RESPONSES_NORESPONSES (could not find a response set for cn=user1,ou=users,o=netiq) [192.0.0.1]
2014-08-04 08:26:28, TRACE, cr.NMASCrOperator, received NMASCompletionCallback, ignoring
2014-08-04 08:26:28, TRACE, provider.WireTraceWrapper, begin op#2 readStringAttribute(cn=user1,ou=users,o=netiq,lockedByIntruder)
2014-08-04 08:26:28, TRACE, provider.WireTraceWrapper, finish op#2 result: null (1ms)
2014-08-04 08:26:28, TRACE, provider.WireTraceWrapper, begin op#3 readStringAttribute(cn=user1,ou=users,o=netiq,loginDisabled)
2014-08-04 08:26:28, TRACE, provider.WireTraceWrapper, finish op#3 result: null (1ms)
2014-08-04 08:26:28, TRACE, cr.NMASCrOperator, starting NMASSessionThread, activeCount=0, NMASSessionThread: {"id":"0","idleTime":"1ms","loginDN":"cn=user1,ou=users,o=netiq","loginResultReady":"false","loginState":"NEW"}
2014-08-04 08:26:28, DEBUG, cr.NMASCrOperator, starting NMASCrOperator watchdog timer, maxIdleThreadTime=5m
<<open session> >> reply (NMAS ID) 181403802
2014-08-04 08:26:28, ERROR, cr.NMASCrOperator, NMASLoginMonitor: LDAPException LDAPException: Invalid Credentials (49) Invalid Credentials
LDAPException: Matched DN:
2014-08-04 08:26:28, TRACE, operations.CrService, {qiw} no responses read using method NMAS [192.0.0.1]
2014-08-04 08:26:28, DEBUG, operations.CrService, {qiw} no responses found for user cn=user1,ou=users,o=netiq [192.0.0.1]
2014-08-04 08:26:28, DEBUG, servlet.ForgottenPasswordServlet, {qiw} 5006 ERROR_RESPONSES_NORESPONSES (could not find a response set for cn=user1,ou=users,o=netiq) [192.0.0.1]
2014-08-04 08:26:28, TRACE, cr.NMASCrOperator, received NMASCompletionCallback, ignoring