Recovering your Console application password

The Crowd console itself must authenticate to the Crowd framework to perform authentication and authorisation calls.

Like an integrated application, if you have an improper password in the crowd.properties configuration file, the following exception will be thrown when the application attempts to connect to Crowd SOAP services:

Caused by: com.atlassian.crowd.integration.exception.InvalidAuthenticationException: Invalid application client.
	at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
	at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:39)
	at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:27)
	at java.lang.reflect.Constructor.newInstance(Constructor.java:494)
	at org.codehaus.xfire.aegis.type.basic.BeanType.createFromFault(BeanType.java:235)
	at org.codehaus.xfire.aegis.type.basic.BeanType.readObject(BeanType.java:105)
	at org.codehaus.xfire.aegis.AegisBindingProvider.readParameter(AegisBindingProvider.java:169)
	at org.codehaus.xfire.client.ClientFaultConverter.processFaultDetail(ClientFaultConverter.java:51)
	at org.codehaus.xfire.client.ClientFaultConverter.invoke(ClientFaultConverter.java:32)
	at org.codehaus.xfire.handler.HandlerPipeline.invoke(HandlerPipeline.java:131)
	at org.codehaus.xfire.client.Client.onReceive(Client.java:424)
	at org.codehaus.xfire.transport.http.HttpChannel.sendViaClient(HttpChannel.java:139)
	at org.codehaus.xfire.transport.http.HttpChannel.send(HttpChannel.java:48)
	at org.codehaus.xfire.handler.OutMessageSender.invoke(OutMessageSender.java:26)
	at org.codehaus.xfire.handler.HandlerPipeline.invoke(HandlerPipeline.java:131)
	at org.codehaus.xfire.client.Invocation.invoke(Invocation.java:79)
	at org.codehaus.xfire.client.Invocation.invoke(Invocation.java:114)
	at org.codehaus.xfire.client.Client.invoke(Client.java:336)
	at org.codehaus.xfire.client.XFireProxy.handleRequest(XFireProxy.java:77)
	at org.codehaus.xfire.client.XFireProxy.invoke(XFireProxy.java:57)
	at $Proxy8.authenticateApplication(Unknown Source)
	at com.atlassian.crowd.integration.service.soap.client.GenericClient.authenticate(GenericClient.java:263)
	... 73 more
Caused by: org.codehaus.xfire.fault.XFireFault: Invalid application client.
	at org.codehaus.xfire.fault.Soap11FaultSerializer.readMessage(Soap11FaultSerializer.java:31)
	at org.codehaus.xfire.fault.SoapFaultSerializer.readMessage(SoapFaultSerializer.java:28)
	at org.codehaus.xfire.soap.handler.ReadHeadersHandler.checkForFault(ReadHeadersHandler.java:111)
	at org.codehaus.xfire.soap.handler.ReadHeadersHandler.invoke(ReadHeadersHandler.java:67)
	at org.codehaus.xfire.handler.HandlerPipeline.invoke(HandlerPipeline.java:131)
	at org.codehaus.xfire.client.Client.onReceive(Client.java:406)
	... 84 more

If the password for the Crowd console is lost, the only method of recovery is to reset the password in the crowd.properties configuration file to a known application password. To do this you will need to have access to the Crowd database server and run the following commands:

1. Get a list of the applications integrated with Crowd:
   

   mysql> select id, name from application;
   +--------+---------------------+
   | id     | name                |
   +--------+---------------------+
   |  98305 | crowd               | 
   |  98306 | demo                | 
   |  98307 | crowd-openid-server | 
   | 655361 | jira                | 
   | 753665 | jiveforums          | 
   +--------+---------------------+
   

2. Choose an application for which you have the password, and where you're happy to use the same password for the Crowd application. Let's call your application 'X'. Use application X's ID to query the database and retrieve X's credentials:
   

   mysql> select credential from applicationcredentials where applicationid = 655361;
   +------------------------------------------------------------------------------------------+
   | credential                                                                               |
   +------------------------------------------------------------------------------------------+
   | sQnzu7wkTrgkQZF+0G1hi5AI3Qmzvv0bXgc5THBqi7mAsdd4Xll27ASbRt9fEyavWi6m0QP9B8lThf+rDKy8hg== | 
   +------------------------------------------------------------------------------------------+
   

3. Now query the database for the ID of the Crowd application and set Crowd's application credentials to the credential of your application X:
   

   mysql> update applicationcredentials set credential = 'sQnzu7wkTrgkQZF+0G1hi5AI3Qmzvv0bXgc5THBqi7mAsdd4Xll27ASbRt9fEyavWi6m0QP9B8lThf+rDKy8hg==' where applicationid = 98305;
   Query OK, 0 rows affected (0.00 sec)
   Rows matched: 1  Changed: 0  Warnings: 0
   

4. Update your atlassian-crowd-1.1.2/crowd-webapp/WEB-INF/classes/crowd.properties application.password value to the value of X's password.
5. You may now start Crowd.

Further information

• If you have installed only Crowd and no other integrated applications, you'll need to clear all the database tables (if you've already hooked up to a database server) and re-install Crowd. This should not cause you to lose much data, since no other applications have yet been defined.
• The issue is that the password for the crowd application is being changed during the setup process for crowd. This problem will be resolved with Crowd 1.2 - see CWD-488.
• You may be tempted to try changing the password back to 'password'. Alas, this won't work, because the passwords are encrypted using SHA1.