Recovering your Console application password

The Crowd console itself must authenticate to the Crowd framework to perform authentication and authorization calls.

Like an integrated application, if you have an improper password in the crowd.properties configuration file, the following exception will be thrown when the application attempts to connect to Crowd SOAP services:

Caused by: com.atlassian.crowd.integration.exception.InvalidAuthenticationException: Invalid application client.
	at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
	at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:39)
	at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:27)
	at java.lang.reflect.Constructor.newInstance(Constructor.java:494)
	at org.codehaus.xfire.aegis.type.basic.BeanType.createFromFault(BeanType.java:235)
	at org.codehaus.xfire.aegis.type.basic.BeanType.readObject(BeanType.java:105)
	at org.codehaus.xfire.aegis.AegisBindingProvider.readParameter(AegisBindingProvider.java:169)
	at org.codehaus.xfire.client.ClientFaultConverter.processFaultDetail(ClientFaultConverter.java:51)
	at org.codehaus.xfire.client.ClientFaultConverter.invoke(ClientFaultConverter.java:32)
	at org.codehaus.xfire.handler.HandlerPipeline.invoke(HandlerPipeline.java:131)
	at org.codehaus.xfire.client.Client.onReceive(Client.java:424)
	at org.codehaus.xfire.transport.http.HttpChannel.sendViaClient(HttpChannel.java:139)
	at org.codehaus.xfire.transport.http.HttpChannel.send(HttpChannel.java:48)
	at org.codehaus.xfire.handler.OutMessageSender.invoke(OutMessageSender.java:26)
	at org.codehaus.xfire.handler.HandlerPipeline.invoke(HandlerPipeline.java:131)
	at org.codehaus.xfire.client.Invocation.invoke(Invocation.java:79)
	at org.codehaus.xfire.client.Invocation.invoke(Invocation.java:114)
	at org.codehaus.xfire.client.Client.invoke(Client.java:336)
	at org.codehaus.xfire.client.XFireProxy.handleRequest(XFireProxy.java:77)
	at org.codehaus.xfire.client.XFireProxy.invoke(XFireProxy.java:57)
	at $Proxy8.authenticateApplication(Unknown Source)
	at com.atlassian.crowd.integration.service.soap.client.GenericClient.authenticate(GenericClient.java:263)
	... 73 more
Caused by: org.codehaus.xfire.fault.XFireFault: Invalid application client.
	at org.codehaus.xfire.fault.Soap11FaultSerializer.readMessage(Soap11FaultSerializer.java:31)
	at org.codehaus.xfire.fault.SoapFaultSerializer.readMessage(SoapFaultSerializer.java:28)
	at org.codehaus.xfire.soap.handler.ReadHeadersHandler.checkForFault(ReadHeadersHandler.java:111)
	at org.codehaus.xfire.soap.handler.ReadHeadersHandler.invoke(ReadHeadersHandler.java:67)
	at org.codehaus.xfire.handler.HandlerPipeline.invoke(HandlerPipeline.java:131)
	at org.codehaus.xfire.client.Client.onReceive(Client.java:406)
	... 84 more

If the password for the Crowd console is lost, the only method of recovery is to reset the password in the crowd.properties configuration file to a known application password. To do this you will need to have access to the Crowd database server and run the following commands:

  1. Get a list of the applications integrated with Crowd:

    mysql> select id, application_name from cwd_application;
    +--------+---------------------+
    | id     | application_name    |
    +--------+---------------------+
    |  98305 | crowd               | 
    |  98306 | demo                | 
    |  98307 | crowd-openid-server | 
    | 655361 | jira                | 
    | 753665 | jiveforums          | 
    +--------+---------------------+
    
  2. Choose an application for which you have the password, and where you're happy to use the same password for the Crowd application. Let's call your application 'X'. Use application X's application_name to query the database and retrieve X's credentials:

    mysql> select credential from cwd_application where application_name = 'jira';
    +------------------------------------------------------------------------------------------+
    | credential                                                                               |
    +------------------------------------------------------------------------------------------+
    | sQnzu7wkTrgkQZF+0G1hi5AI3Qmzvv0bXgc5THBqi7mAsdd4Xll27ASbRt9fEyavWi6m0QP9B8lThf+rDKy8hg== | 
    +------------------------------------------------------------------------------------------+
    
  3. Now set Crowd's application credentials to the credential of your application X:

    mysql> update cwd_application set credential = 'sQnzu7wkTrgkQZF+0G1hi5AI3Qmzvv0bXgc5THBqi7mAsdd4Xll27ASbRt9fEyavWi6m0QP9B8lThf+rDKy8hg==' where application_name = 'crowd';
    Query OK, 0 rows affected (0.00 sec)
    Rows matched: 1  Changed: 0  Warnings: 0
    
  4. Update your crowd.properties application.password value to the value of X's password. If you are using Crowd 1.5 or earlier, the file is located at atlassian-crowd-X.X.X/crowd-webapp/WEB-INF/classes/. If using 1.5.1 or later, the file will be located inside your Crowd-Home Directory.
  5. You may now start Crowd.
  6. If recovering the application password didn't work, you can also change it for another one as the following:

    1. In the <Crowd-Home>/crowd.properties file, change the application.password entry to "To7CfmPz";
    2. In the database, run the following command:

      UPDATE cwd_application 
      SET credential = '{PKCS5S2}+ebYspXujIGikRoLVenN/BpbtwEg+WfR1u1Okk1BJpFG4nJwbeAr0Sv5U+YG7x5k' 
      WHERE application_name = 'crowd';
    3. Restart Crowd

Further information

  • If you have installed only Crowd and no other integrated applications, you'll need to clear all the database tables (if you've already hooked up to a database server) and re-install Crowd. This should not cause you to lose much data, since no other applications have yet been defined.
  • The issue is that the password for the crowd application is being changed during the setup process for crowd. This problem will be resolved with Crowd 1.2 - see CWD-488.
  • You may be tempted to try changing the password back to 'password'. Alas, this won't work, because the passwords are hashed.

Was this helpful?

Thanks for your feedback!

Why was this unhelpful?

Have a question about this article?

See questions about this article

Powered by Confluence and Scroll Viewport