Hello,
I had created our own 'Single-Signon' solution:
When a users logs into our website (DotNetNuke), under-the-water a password CHANGE is done in the SolidCP. Now the user can click a "go to management panel" button to go to SolidCP (this is in fact a POST action with username and one-time-password pre-filled).
Since upgrade to SolidCP 1.4 this no longer works.
I investigated and seem to got the problem:
From the webserver, we did a POST to the Enterprise server (this is the thing that happens under the water)
POST TO: http://xxx.xxx.xxx.xxx:9002/esUsers.asmx
HEADERS:
Content-Type: text/xml; charset=utf-8
SOAPAction: "http://smbsaas/solidcp/enterpriseserver/ChangeUserPassword"
Authorization: Basic **************** This is: Base64 encoded string of: serveradmin:<serveradminpassword>
BODY
<?xml version="1.0" encoding="utf-8"?>
<soap:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/">
<soap:Body>
<ChangeUserPassword xmlns="http://smbsaas/solidcp/enterpriseserver">
<userId><SOLIDCP_USERID></userId>
<password><NEW_ONE_TIME_PASSWORD></password>
</ChangeUserPassword>
</soap:Body>
</soap:Envelope>
Previously that request worked, but now it returns a HTTP 500 error:
HTTP/1.1 500 Internal Server Error
Cache-Control: private
Content-Type: text/xml; charset=utf-8
Server: Microsoft-IIS/10.0
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Date: Fri, 02 Feb 2018 00:10:18 GMT
Content-Length: 840
<?xml version="1.0" encoding="utf-8"?>
<soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:wsa="http://schemas.xmlsoap.org/ws/2004/08/addressing">
<soap:Header>
<wsa:Action> http://schemas.xmlsoap.org/ws/2004/08/addressing/fault</wsa:Action>
<wsa:MessageID>urn:uuid:423a2ef7-b9c0-4d15-af47-22a4cfa8f91b</wsa:MessageID>
<wsa:RelatesTo>urn:uuid:753f91be-9d39-47c3-b7b3-fe56bf40b3eb</wsa:RelatesTo>
<wsa:To> http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous</wsa:To>
</soap:Header>
<soap:Body>
<soap:Fault>
<faultcode>soap:Server</faultcode>
<faultstring>Server was unable to process request. ---> Object reference not set to an instance of an object.</faultstring>
<detail />
</soap:Fault>
</soap:Body>
</soap:Envelope>
Hello,
From what i know no changes has been made to the actual user aspects.
There is one bug which might be related (but existed in 1.3.0 too) which is special chars in the SolidCP User password.
This bug is tracked in our bug tracker (and still exists currently).
Could that be the issue your currently running into?
Regards,
Marco
Hi, I've tested while setting the password policy and complexity OFF (in SolidCP) and entererd a very simple password (just something like: t1e2s4sapp )
The strange thing is I get a "Server was unable to process request. —> Object reference not set to an instance of an object." error.
Normally I would have got a "cannot.... user unknown..etc." error That's what make me think it's a bug.
Can you please test the above XML in Fiddler and post it to the ezUsers.xml ?
(Make sure the Enterprise server is reachable by giving it an additional BINDING in IIS)
I have only "Anonymous" authentication ON for the "Enterprise Server" website, in IIS.
I have just installed Fiddler on the Same server as where the ENTERPRISE Server is running. Then I even get a NullPointer Exception / Stack Trace... :
HTTP/1.1 500 Internal Server Error
Cache-Control: private
Content-Type: text/xml; charset=utf-8
Server: Microsoft-IIS/10.0
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Date: Fri, 02 Feb 2018 00:52:08 GMT
Content-Length: 1150
<?xml version="1.0" encoding="utf-8"?><soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:wsa="http://schemas.xmlsoap.org/ws/2004/08/addressing">
<soap:Header>
<wsa:Action> http://schemas.xmlsoap.org/ws/2004/08/addressing/fault</wsa:Action>
<wsa:MessageID>urn:uuid:cc03a5eb-fc3a-4233-8d89-11c7d48d614d</wsa:MessageID>
<wsa:RelatesTo>urn:uuid:bb18d724-deb1-4121-9a52-bdb8585483e2</wsa:RelatesTo>
<wsa:To> http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous</wsa:To>
</soap:Header>
<soap:Body>
<soap:Fault>
<faultcode>soap:Server</faultcode>
<faultstring>System.Web.Services.Protocols.SoapException: Server was unable to process request. ---> System.NullReferenceException: Object reference not set to an instance of an object.
at SolidCP.EnterpriseServer.UserController.ChangeUserPassword(Int32 userId, String password)
at SolidCP.EnterpriseServer.esUsers.ChangeUserPassword(Int32 userId, String password)
--- End of inner exception stack trace ---</faultstring>
<detail />
</soap:Fault>
</soap:Body>
</soap:Envelope>
MY FAULT!! I got it working. For some reason we posted the USERID from the DotNetNuke site (which is in fact the USERNAME in SolidCP). We should post the USERID.
Very strange this worked before.. (which means it listened to username instead of user id.. ? Maybe this has finally come to the light now, because our usernames in DotNetNuke are in fact "numbers", so something to do with typecasting... :S Might be the reason it worked before.. partly.. :S )
