Authentication error when logging into website through BluePrism - blueprism

I am trying to setup a simple RPA application through BluePrism which will login into a website and will perform certain tasks. Now, while logging into the website through BluePrism I am getting Authentication error although the password and username is correct.
Normally, I can login but error is showing while logging through BluePrism. Can anyone please tell why this is happening?

There are two options for passing credentials (Username & Password)
1. Hard Coded - If you are using hard coded values, please check if values are correct. Sometimes space or any special characters can lead us to error.
2. Credential Manager - If you are passing credentials through credential manager make sure you are using correct variables mapping so that there is no mismatch.
3. Lastly make sure you are using wait stage so that while executing the application it is waiting for values to be pasted or passed before control moving to other screen or other function.

Please check caps lock key of keyboard, when running the process.

Related

Accessing UiPath Credential Store created by previous developer

I am extremely new to UiPath. I have inherited a project from an experienced UiPath developer. I am trying to find the username and password he uses to login to a specific app. Because the project is not working when executing in the development environment, it is possible the password has expired. I am on the machine he used to develop the project, but logged in under my name. I have found the process that does the "Get Credential". I am using a message box to show the username at this point. When I run the process The "Get Credential" activity returns the error "you are not authenticated Error Code:0" I have researched the error and found several answers as to why it is happening, but not what to do to either fix my problem or get around the problem. The UiPath.systems.Activites version used is 21.4.1. I am aware of the concept of the CredentialStores, but can't seem to find the one used for this project. Where would I find the name of the credential store used? How do I find the username? I need to test the change I made for a user request.
I am going to close this question as I have determined the correct password for what I needed to do. I have no need to get into the credential stores for a password.
Credential stores and password were not the actual issue with the error I was receiving. The error "Loading asset PreAuth_Citrix_FolderName failed:
You are not authenticated! Error code: 0" by referencing the word authenticated, I assumed it had to do with passwords. As I did more research I found the issue to be the new security certificate installed on our web server. While orchestrator recognized the new cert, the Identity Server was not updated with the new thumbprint. I found the information I need at this link https://forum.uipath.com/t/get-asset-you-are-not-authenticated-error-code-0/343910. Once I updated the Identity Server thumbprint, I no longer received the error and my jobs ran. (not successful, but at least they ran past this error!)

Jmeter Windows Authentication error - 401

I am trying to record an internal website for which i need to enter credentials that is not same as the windows credential. Later on the same test needs to be run for more than one user. i know how to use the csv file to pass the parameters - username and password.
For Windows Authentication i have added Authorization manager.
From Fiddler i checked it was NTLM authentication(though i am not sure yet) and i did enter the values for NTLM authentication in Authorization Manager.
Now when i try and record the internal website - i cannot even go to homepage after the windows credentials, it keeps on spinning.
When i check the Authorization Manager, i find an extra line added for kerberos Authentication as shown in Picture:
My query here is:
1)why is it recording it as kerberos
2)where is it saving the username and password
3)why is it not loading the website- always keeps spinning and i have to stop it
4)I have tried Kerberos settings and then record, but its not working either , could it be i am using the wrong values in the kerb5.conf file , how do i debug.
Kind of stuck at the moment.
Thanks for help!
If you're uncertain what authentication is being used under the hood - just ask around, application developers or network administrators should be aware of the external authentication scheme. You can also try using a 3rd-party tool like Kerberos Authentication Tester
I don't think you can record and replay Windows authentication so it makes sense to start recording some time after the login screen as long as you can login using JMeter
Looking into JMeter source
// if HEADER_AUTHORIZATION contains "Basic"
// then set Mechanism.BASIC_DIGEST, otherwise Mechanism.KERBEROS
In case of Kerberos credentials are saved directly in the HTTP Authorization Manager in form of ${AUTH_LOGIN} and ${AUTH_PASSWORD}, real credentials are not stored anywhere
Most probably your application doesn't receive valid authentication context therefore it cannot proceed
Add sun.security.krb5.debug=true line to system.properties file (lives in "bin" folder of your JMeter installation), JMeter restart will be required to pick the property up.
More information:
Windows Authentication with Apache JMeter
JAAS and Java GSS-API Tutorials

authentication-flows email URL's do not work after web server reset

I have been playing around with authentication-flows and noticed that when I restart the web server the URL's no longer work, they are all invalid. I walked through debugging but I am still a bit lost as to exactly why, though I have a lot of good reasons why it should happen (and I am sure you do also).
I want to make a service which will be distributed to multiple containers and when a request comes in any of them could serve it. As the solution stands right now, it looks like I will have to make modifications to make possible.
What exactly is making the URL invalid? and what changes could I make to make my proposed solution possible?
Thank you in advance.
In response to Ohard's comment:
1. Why the URL is invalid
Let me tell you how I get the error. I deploy the war, submit forgot password. Receive the email to reset my password then stop the war. When that happens my reset password page extracts the enc. I then stop and redeploy the war. After isend a rest request with the enc and a new password to the /rest/setNewPassword mapping, then receive:
09 Jan 2016 03:50:48,799 [http-nio-8082-exec-1] ERROR
web.rest.UserActionRestController - Failed to decrypt URL content
aX8uaOWkqAUQN2xOzlPAOHJjPZaxBwho7.yoMeUtMnJA
in ohadr\crypto\service\CryptoService.java there is an exception on line 261:
throw new CryptoException("Failed to decrypt URL content " +
based64EncryptedContent, e);
which I then use a break point to find:
java aes javax.crypto.BadPaddingException: Given final block not
properly padded
I am sure if you try to reproduce this issue, you will find the same results...
Note: when I do this without the re-deploy everything works great!
2. How to make auth-flows work as SaaS
There are three use cases I want this service to fulfil:
Currently, If I host a service and it goes down without a fail-over, people who have URL's will be unable to use their links when it comes back up. I want them to be able to use the links regardless.
(untested -- but will be soon) Similar to the second, If I host this service on multiple docker containers I believe that it will not be able to receive link that did not orginially come from its container, therefore containers could not share unsorted loads. It should be able to read any of the enc's and process it.
EDIT:
1. Why the URL is invalid
An even easier way to test this is just to submit a forgotten password, get the email and then stop the war. Redeploy it, then click the link. I got this stack trace:
https://drive.google.com/file/d/0Bwa-JXbjFUDueXVMWWJibjY2Zm8/view?usp=sharing
Don't worry about csrf it is not enabled.
1. Why the URL is invalid
As it looks like, the ICryptoUtil instance is re-created after you redoply the war.
CryptoService.java line 38:
return ContextLoader.getCurrentWebApplicationContext().getBean(ICryptoUtil.class);
I suggest for you to do a small test. Encrypt a string twice, now and after the redeploy and compare the results.
If you got 2 different results then your crypto is not capable to decrypt an encrypted string of another crypto instance.
#EdiZ is right.
To be more accurate, every time your web-app loads, Spring loads all the beans. Among them are Crypto's library beans, such as CryptoUtil and CryptoProvider, and if you look carefully you will notice on DefaultCryptoProvider.loadMasterKeys() that a new key is generated.
I believe that explains the behavior you see.
Currently, If I host a service and it goes down without a fail-over,
people who have URL's will be unable to use their links when it comes
back up. I want them to be able to use the links regardless
It seems to be a duplication of your first question; I think that the first issue will have to be resolved in order to make it work as you wish. If the server reboots, all the links become invalid - the users will have to click again on "forget password" (for example) and get a new link - it is for you to decide how big this deal is.
If I host this service and I do have a failover I assume the failover
will not be able to read URL that is not from it originally. It should
be able to read any of the enc's and process it.
I assume that you have to develop some more persistence, so the server can decrypt URLs that were not generated by it...
Hope that helps.

Java code running twice

I have 2 Notes servers running from a load balancer. The database uses directory services to authenticate to LDAP.
I have java code that checks LDAP to check if user's password is expired. If the password is expired the code redirects to a password change screen. This code runs in the before page load event. Since all pages are NOT public access a Notes generated login occurs before anything takes place.
The password change screen first ties to authenticate the user in LDAP then changes the password. But if I immediately change my password after the initial Note login then I get an authentication error.
If I change the password back to the same thing then I get no authentication error then everything works fine.
So I suspected that the java code was running twice. The notes log should only running once. But when our LDAP team turned on logging, they could see that the password attribute was being changed twice (when I changed to the same password). So what was happening with the failure is that, the password was changed successfully but when the second time the code ran, it was using the "old" password and it was this error that was returned to the browser.
Now here is where it really gets strange. If I do a Notes authentication, then wait one full minute before password change, the code only runs once.
Or if I go to one of the servers, the code only runs once.
Code runs twice only if I go through the load balancer or if I try changing my password, immediately after logging in.
Any idea what on earth could be going on here?
Update: The issue seems to be coming from our reverse proxy server. The way our site is configured is Browser->Reverve Proxy->Load Balancer->(Notes Server 1, Notes Server 2).
If I go to the Load Balancer then the code only runs once.
While I might not be seeing logging in notes.nsf, I can see it running twice when I look direct at teh console.
Update: Reverse Proxy is running on Apache. Not sure the version.
My previous password change page was refreshing the whole page when I pressed submit. For some reason this was causing the page to be submitted twice. I changed things to a partial refresh and now all works well. Don'tknow why the refresh would not like the full refresh. But it works now. :)

check external website registration

I'm trying to create a PHP based game where you have to do all sorts of simple but un-obvious tasks in order to progress to the next level (eg. refresh browser, press keyboard combination, ...) Kinda like the game "this is the only level" (if anyone has ever heard of it)
Now I was thinking: Would it be possible to create a level where they'd have to sign up at a different page in order to progress to the next level?
So say for example they need to sign up to goal.com and if they're signed up they proceed to the next level. The page would need to constantly check if the signup process on the other site is completed. Is this even possbible? And if so, any thoughts on how?
Thanks!
With most sites, given a username and password, you can check if an account exists.
All you have to do is post some data to a url and parse the output for a successful login.
You may have problems with the bigger sites since they have other checks in place to deter scripted logins.

Resources