Previous Topic: “Unable to process your Request now” Error Message When Accessing the User ConsoleNext Topic: Internal Error When Logging in with PKI with risk or with OTP with risk

Troubleshooting GuideTenant Deployment IssuesCredential Handling Service Login Issues

Credential Handling Service Login Issues

Symptom

After deploying a tenant, users cannot log into the CloudMinder tenant. Some symptoms could include:

Solution

Use the following steps to temporarily change the Authentication Scheme) to Basic. This temporary change allows you log in to the User Console to fix problems with the application and authentication method configuration.

  1. Login to the CSP Console.
  2. Select the Policies tab.
  3. Click Domains, and then select the TenantDomain name.
  4. Select the Realms tab, and then modify (in step 6, below) the tenantName_chsforms_realm_es.
  5. Make a note of the current authentication scheme. You will restore this value later.
  6. In the Authentication Scheme drop-down, select Basic.
  7. Save the changes.
  8. You should now be able to login into the tenant User Console to update the configuration.
  9. After logging in to the CloudMinder Tenant, review the configuration for the application and authentications methods.
  10. After correcting any issues with the application and authentication method, go back to the CSP Console and restore the original authentication scheme.

Solution 2

In SiteMinder, review the Agent Config Object. Make sure that the parameter ValidTargetDomain has the correct value. For example, the value could be .ca.com instead of the correct external domain name for your system.

Solution 3

If the previous two solutions were not helpful, you can increase the CHS log level.

Follow these steps:

  1. Edit the file /opt/CA/secure-proxy/Tomcat/webapps/chs/WEB-INF/classes/config/chslog4j.properties, as follows:

    a. Change all INFO parameters to DEBUG.

    b. Save the file.

  2. Restart your secure proxy server.
  3. Perform the operations that give you an error.
  4. View the debug information in the log file, located here:

    /opt/CA/secure-proxy/proxy-engine/logs/chsLogin.log