Home General Discussion

Password Reset Application configuration

Stephane_BouillonStephane_Bouillon Customer Advanced IT Monkey ✭✭✭
in General Discussion
Hi, who can help me sort out the meaning and parameter values for the settings in the Platform_CiresonPasswordReset.config file ?

{"AppDomainName":"Main",<br id="null">"KeepRunning":true,<br id="null">"HostWebServer":true,<br id="null">"Urls":["http://*:80","https://*:443"],<br id="null">"WorkerCount":0,<br id="null">"ConnectionString":"Data Source=dbserver.domain.com;Initial Catalog=CiresonPasswordReset;Integrated Security=True",<br id="null">"ShowHelp":false,<br id="null">"Basic":false,<br id="null">"AllowAnonymous":false,<br id="null">"SslCertificateThumbprint":"",<br id="null">"ProductKey":"xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx",<br id="null">"MasterExtensionName":"PWR",<br id="null">"IsRunningAsService":false,<br id="null">"AdditionalData":null,<br id="null">"PostStartupCommand":null}
The end user authentication is behaving unpredictably depending on the browser. In IE or Edge, a username/password prompt is shown, even though you shouldn't need to authenticate to reset a forgotten password. At other times the user is "logged in" transparently. In Firefox, it only shows a message "Application is loading" and nothing else happens.

Stephane

Answers

  • Brian_WiestBrian_Wiest Customer Super IT Monkey ✭✭✭✭✭
    Config appears correctly. What version are you running, and is IIS running on the server?
  • Stephane_BouillonStephane_Bouillon Customer Advanced IT Monkey ✭✭✭
    Version 3.2.4. IIS is not running, this server is dedicated to the password reset only
  • Brian_WiestBrian_Wiest Customer Super IT Monkey ✭✭✭✭✭
    Running same version with just about the same config. Only difference is I am only running HTTP with a defined URL. In my environment could never get the SSL to work. I am using a NLB to handle the HTTPs connection.
    Do not have any issue with IE11 or Chrome. (Only browsers allowed in the environment)
  • Stephane_BouillonStephane_Bouillon Customer Advanced IT Monkey ✭✭✭
    so did you only put "Urls":["http://*:80"] in your config ?
  • Brian_WiestBrian_Wiest Customer Super IT Monkey ✭✭✭✭✭
    Since I am running the service on the same server as the Cireson Service Manager portal

  • Stephane_BouillonStephane_Bouillon Customer Advanced IT Monkey ✭✭✭
    Removing the 443 already got rid of the authentication prompt when calling the reset service. However, when I run the /app/enroll page, after authenticating the page just says "Application is loading". Which values do you have for Basic: and AllowAnonymous: ?
  • Brian_WiestBrian_Wiest Customer Super IT Monkey ✭✭✭✭✭
    Same as you above.
    Can you get to the Admin page?
  • Stephane_BouillonStephane_Bouillon Customer Advanced IT Monkey ✭✭✭
    Aaaarghhh
    When I open the admin page, I'm redirected to the password reset page
    I did get the app/enroll working by clearing the cache
  • Stephane_BouillonStephane_Bouillon Customer Advanced IT Monkey ✭✭✭
    Aaaarghhh
    When I open the admin page, I'm redirected to the password reset page
    I did get the app/enroll working by clearing the cache
  • Stephane_BouillonStephane_Bouillon Customer Advanced IT Monkey ✭✭✭
    So what I think happened, is when I did the enroll and authenticated, it tried to use that user when subsequently going to the admin page. Once I cleared my cache once more, it offered me to authenticate, and when logging in with an administrator user, I did get the admin page. So Something is seriously wrong with the way this application caches its data. As far as I'm concerned it should never cache the user credentials.
  • Brian_WiestBrian_Wiest Customer Super IT Monkey ✭✭✭✭✭
    Been there
    In AD it looks for a specific group to have admin rights PWRAdmins if this group is not in AD they it will not see you as an admin.
    I know the installer has to select that but it never worked on adding the to database table.
  • Stephane_BouillonStephane_Bouillon Customer Advanced IT Monkey ✭✭✭
    I think what happened to me is still a different scenario, I have a different user account as end user and another for administration. However, once I used any of the two to access the app/enroll (as end user or admin) it remembers that user when I subsequently go to the app/admin page. Obviously this fails with the end user account. On the other hand, if I clear the cache, go the admin page as an admin, and then go to the app/enroll page, it immediately recognizes me as the admin user and doesn't offer the authentication form.
  • Stephane_BouillonStephane_Bouillon Customer Advanced IT Monkey ✭✭✭
    Clearing the cache helps, so at least I do have a workaround when end users call with that issue. Another problem is that when using Firefox, I do not get an authentication prompt at all.
  • Brian_WiestBrian_Wiest Customer Super IT Monkey ✭✭✭✭✭
    The Admin and Enroll pages use SSO to map and configure the user. Firefox out of the box doesn't use SSO.
    If you want FireFox to "act" like Chrome and Edge/IE you need to enable the feature.

    To do so

    About:config
    Network.automatic-ntlm-auth.trusted-uris
    Add .yourdomain.com
    Restart firefox

  • Stephane_BouillonStephane_Bouillon Customer Advanced IT Monkey ✭✭✭
    Frankly, I'm getting fed up with this try and error approach. I'm launching the service next week and I still have this Firefox issue that is a major showstopper. I opened a support ticket weeks ago with Cireson, but no solution so far while this is a subscription based paying service... not happy...
  • Stephane_BouillonStephane_Bouillon Customer Advanced IT Monkey ✭✭✭
    I added my domain to the config parameter in Firefox as you suggested, but I still don't get an authentication prompt. I'm getting desparate...

    In any case, thanks for your time and effort Brian, much appreciated !
Sign In or Register to comment.