Login failure in the Identity Platform (IDP) reset password journey

achalla · September 17, 2024, 8:32pm

Hey team,

I am currently setting up a reset password journey for end-users in our ForgeRock Identity Platform tenant. We are using the journey outlined below.

However, during testing, we consistently encounter a prompt for login failure. In the AM debug logs, we’re seeing error message stating ‘Thread[https-jsse-nio-9090-exec-11]: TransactionId[de8a2032-4c6e-4e50-a98a-2491283a6dec-852]

I tried testing the journey with individual nodes and then finally I understood whenever I was trying to use the attribute collector node this error was occurring.

Any inputs on this?

ERROR:
Exception in processing the tree
org.forgerock.openam.auth.node.api.NodeProcessException: Node processing failed’ I’ve attached a screenshot of the debug log for reference.
Error:
o.f.o.c.r.a.t.AuthTrees: 2024-09-17T20:08:22.683Z: Thread[https-jsse-nio-9090-exec-9]: TransactionId[de8a2032-4c6e-4e50-a98a-2491283a6dec-4615]
ERROR: Exception in processing the tree
org.forgerock.openam.auth.node.api.NodeProcessException: Node processing failed
[CONTINUED] at org.forgerock.openam.auth.trees.engine.AuthTreeExecutor.process(AuthTreeExecutor.java:156)
[CONTINUED] at org.forgerock.openam.core.rest.authn.trees.AuthTrees.processTree(AuthTrees.java:515)
[CONTINUED] at org.forgerock.openam.core.rest.authn.trees.AuthTrees.evaluateTreeAndProcessResult(AuthTrees.java:318)
[CONTINUED] at org.forgerock.openam.core.rest.authn.trees.AuthTrees.invokeTree(AuthTrees.java:295)
[CONTINUED] at org.forgerock.openam.core.rest.authn.RestAuthenticationHandler.authenticate(RestAuthenticationHandler.java:259)
[CONTINUED] at org.forgerock.openam.core.rest.authn.http.AuthenticationServiceV1.authenticate(AuthenticationServiceV1.java:157)
[CONTINUED] at jdk.internal.reflect.GeneratedMethodAccessor179.invoke(Unknown Source)
[CONTINUED] at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
[CONTINUED] at java.base/java.lang.reflect.Method.invoke(Method.java:566)
[CONTINUED] at org.forgerock.openam.http.annotations.AnnotatedMethod.invoke(AnnotatedMethod.java:81)
[CONTINUED] at org.forgerock.openam.http.annotations.Endpoints$1.handle(Endpoints.java:77)
[CONTINUED] at org.forgerock.http.routing.Router.handle(Router.java:100)
[CONTINUED] at org.forgerock.openam.rest.DisableCachingFilter.filter(DisableCachingFilter.java:90)
[CONTINUED] at org.forgerock.http.handler.Handlers$1.handle(Handlers.java:54)
[CONTINUED] at org.forgerock.openam.audit.AbstractHttpAccessAuditFilter.filter(AbstractHttpAccessAuditFilter.java:88)
[CONTINUED] at org.forgerock.http.handler.Handlers$1.handle(Handlers.java:54)
[CONTINUED] at org.forgerock.http.routing.Router.handle(Router.java:100)
[CONTINUED] at org.forgerock.openam.cors.CorsFilter.filter(CorsFilter.java:91)
[CONTINUED] at org.forgerock.http.handler.Handlers$1.handle(Handlers.java:54)
[CONTINUED] at org.forgerock.openam.rest.RealmContextFilter.filter(RealmContextFilter.java:87)
[CONTINUED] at org.forgerock.http.handler.Handlers$1.handle(Handlers.java:54)
[CONTINUED] at org.forgerock.http.routing.Router.handle(Router.java:100)
[CONTINUED] at org.forgerock.http.routing.Router.handle(Router.java:100)
[CONTINUED] at org.forgerock.openam.rest.RealmRoutingFactory$ChfRealmRouter.handle(RealmRoutingFactory.java:123)
[CONTINUED] at org.forgerock.http.routing.Router.handle(Router.java:100)
[CONTINUED] at org.forgerock.openam.rest.RealmRoutingFactory$ChfRealmRouter.handle(RealmRoutingFactory.java:123)

ajaykumar_suri · September 17, 2024, 8:49pm

Hi Achalla

Does it fail on the launch itself (on attribute collector node)?

Please can you share a screenshot of the attribute collector node config in the journey? To see what attributes you are trying to collect.

achalla · September 18, 2024, 4:35pm

Hi Ajay,

Yes it fails one the launch itself (it says Login failure)
Below I’ve attached a screenshot of the attribute node configuration.

Thanks for responding back Ajay appreciate it!

mwtech · September 18, 2024, 7:59pm

Hi @achalla - have you tried enabling debug logging (Debug logging :: PingAM 7.5.0)?
The Attribute Collector node includes a few debug log messages that could help pinpoint what action it is taking before the error occurs.

ajaykumar_suri · September 19, 2024, 12:29am

It is failing on the launch itself and the only node is the attribute collector.

Can you check the user schema for the realm and confirm that “mail” attribute is still there?

The most common reason I have seen for “Login failure” on attribute collector is when we try to collect an attribute that doesn’t exist.

andrew.potter · September 20, 2024, 12:25pm

@achalla Which Identity Object is the journey configured to use? The Attribute Collector will be using the schema associated with that object.
To check, in the journey designer, use the ... menu at the top right, and “Edit Details”.