Case-Sensitive User Names!?

ShinobiRX · March 17, 2008, 1:20pm

I came across this problem recently, and am wondering if this is a known issue. We are implementing v6.5.2 soon, and I’ve noticed that if you have a user name, say for example “UserName1”. If you login with the correct case, you’re fine. If you login with this same user, but in all lowercase “username1”, you can login also. However, if you go back and try to login with the original case, you can login, but the bannerpage no longer appears! You can’t access communities, or the logout button…even if you’re an Admin. This has happened several times already, so I have to instruct users to be very careful and consistent when logging in.

I searched here, but did not see this issue. Anyone else experience something similar?

Oh, and to clarify - its not the case-sensitivity that’s the issue…its that you can successfully login with either case, but then later, one of them breaks. If its truly case-sensitive, then there should be a login error whenever you login with the wrong case!

Rhonda · March 17, 2008, 3:03pm

Hi,

I am unable to reproduce this problem with RX 6.5.2 Build 200710P01. I have it installed on a Windows XP system and I am using SQL2005 database for my user authentication. I created a user called UserName1 with a password of username1 and I am able to login successfully with mixed case letters. I was able to successfully login with the following:
username1 (all lower)
USERNAME1 (all upper)
UsErNaMe1 (every other one upper)
UserName1 (U and N upper)

What version of Rhythmyx are you running and what are you using for login authentication?

Rhonda

slolic · March 17, 2008, 6:16pm

Oops. Are we talking rxmaster or AD users?

jimbo · March 18, 2008, 4:28am

Hi Albert

I encounter this exact same problem yesterday on Rhythmyx 6.5.2.

The sAMAccountName in the active directory uses the syntax AB01. When logging into Rhythmyx using ab01 I could login but no banner appeared.

Cheers
James

Jay · March 19, 2008, 9:46am

Are you using a Role Provider, or the back-end roles with membership defined via the Server Administrator?

Also, if you login with the incorrect case, and request this url: /Rhythmyx/sys_psxCms/userinfo.xml, do you get back the correct list of roles (compare this to the same request logged in with the correct case)?

ShinobiRX · March 19, 2008, 12:03pm

[QUOTE=JaySeletz;1620]Are you using a Role Provider, or the back-end roles with membership defined via the Server Administrator?

Also, if you login with the incorrect case, and request this url: /Rhythmyx/sys_psxCms/userinfo.xml, do you get back the correct list of roles (compare this to the same request logged in with the correct case)?[/QUOTE]

We are using DB authentication for the moment, and assigning role membership via the Server Admin. We plan on setting up the Active Directory connection in the near future.

FYI, we’re using Version 6.5.2 Build 200710R01 (3173).

I will request the URL you specified and respond, and I will also be trying it again today with a new test acct to further document the issue.

jimbo · March 20, 2008, 4:33am

Hi Jay

yes the correct list of roles is returned from the url you posted:

  <?xml version="1.0" encoding="utf-8" ?> 
- <PSXUserInfo SecurityProvider="" SecurityProviderInstance="" SecurityProviderTypeId="">
  <SessionId>8b858bbaf19ebfc7c925370fedbddad6c1f70783</SessionId> 
  <UserName>sc19</UserName> 
  <CommunityId>1006</CommunityId> 
  <Locale>en-us</Locale> 
- <Roles>
  <Role>Admin</Role> 
  <Role>RichTextFullEditor</Role> 
  </Roles>
  <SessionTimeOut>7200</SessionTimeOut> 
  </PSXUserInfo>

Also get this in the console.log file

2008-03-20 08:31:35,816 WARN  [PSTransformErrorListener] javax.xml.transform.TransformerException: Failure reading http://127.0.0.1:9992/Rhythmyx/ui/banner.jsp?&sys_componentname=cmp_banner&sys_pagename=sys_content&pssessionid=8b858bbaf19ebfc7c925370fedbddad6c1f70783
2008-03-20 08:31:35,848 WARN  [PSTransformErrorListener] javax.xml.transform.TransformerException: Failure reading http://127.0.0.1:9992/Rhythmyx/ui/userstatus.jsp?&sys_componentname=cmp_userstatus&sys_pagename=sys_content&pssessionid=8b858bbaf19ebfc7c925370fedbddad6c1f70783

If I follow one of the urls above I get this message:

org.springframework.dao.DataIntegrityViolationException: Could not execute JDBC batch update; nested exception is org.hibernate.exception.ConstraintViolationException: Could not execute JDBC batch update
	org.springframework.orm.hibernate3.SessionFactoryUtils.convertHibernateAccessException(SessionFactoryUtils.java:628)
	org.springframework.orm.hibernate3.HibernateTransactionManager.convertHibernateAccessException(HibernateTransactionManager.java:695)
	org.springframework.orm.hibernate3.HibernateTransactionManager.doCommit(HibernateTransactionManager.java:566)
	org.springframework.transaction.support.AbstractPlatformTransactionManager.processCommit(AbstractPlatformTransactionManager.java:540)
	org.springframework.transaction.support.AbstractPlatformTransactionManager.commit(AbstractPlatformTransactionManager.java:510)
	org.springframework.transaction.interceptor.TransactionAspectSupport.commitTransactionAfterReturning(TransactionAspectSupport.java:310)
	org.springframework.transaction.interceptor.TransactionInterceptor.invoke(TransactionInterceptor.java:117)
	org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:185)
	org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:209)
	$Proxy85.savePersistentProperty(Unknown Source)
	com.percussion.server.PSPersistentPropertyManager.o00000(Unknown Source)
	com.percussion.server.PSPersistentPropertyManager.save(Unknown Source)
	com.percussion.server.PSUserSession.requestFinished(Unknown Source)
	com.percussion.servlets.PSSecurityFilter.doFilter(Unknown Source)
	org.jboss.web.tomcat.filters.ReplyHeaderFilter.doFilter(ReplyHeaderFilter.java:81)

Cheers
James

Jay · March 21, 2008, 9:10am

James -

Thanks for the extra information, it’s been really helpful. Can you please tell me what type of database you are using with Rhythmyx and if it is set up to be case sensitive?

Also, if possible, please run the follow sql query against the database and post/attach the output (be sure to specify the correct database and schema/owner where appropriate):

select * from PSX_PERSISTEDPROPERTYVALUES WHERE LOWER(USERNAME) like ‘ab01’

I’m using the username in the query that you mentioned in your earlier post

Thanks,
Jay

slolic · April 19, 2008, 6:13pm

Was there ever resolution here? If yes, please post reply.

Weirdest thing: we are upgrading our production to 6.5.2. Our system is configured on port 80, so during upgrade I changed it to 9992 (to prevent content changes). Now I’m having exactly the same issue described below. However, when I switch to port 80, everything’s back to normal! Also, I didn’t have this while testing in development (same security setup).

Thanks…