The Crowd console itself must authenticate to the Crowd framework to perform authentication and authorisation calls.
Like an integrated application, if you have an improper password in the crowd.properties configuration file, the following exception will be thrown when the application attempts to connect to Crowd SOAP services:
Caused by: com.atlassian.crowd.integration.exception.InvalidAuthenticationException: Invalid application client. at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method) at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:39) at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:27) at java.lang.reflect.Constructor.newInstance(Constructor.java:494) at org.codehaus.xfire.aegis.type.basic.BeanType.createFromFault(BeanType.java:235) at org.codehaus.xfire.aegis.type.basic.BeanType.readObject(BeanType.java:105) at org.codehaus.xfire.aegis.AegisBindingProvider.readParameter(AegisBindingProvider.java:169) at org.codehaus.xfire.client.ClientFaultConverter.processFaultDetail(ClientFaultConverter.java:51) at org.codehaus.xfire.client.ClientFaultConverter.invoke(ClientFaultConverter.java:32) at org.codehaus.xfire.handler.HandlerPipeline.invoke(HandlerPipeline.java:131) at org.codehaus.xfire.client.Client.onReceive(Client.java:424) at org.codehaus.xfire.transport.http.HttpChannel.sendViaClient(HttpChannel.java:139) at org.codehaus.xfire.transport.http.HttpChannel.send(HttpChannel.java:48) at org.codehaus.xfire.handler.OutMessageSender.invoke(OutMessageSender.java:26) at org.codehaus.xfire.handler.HandlerPipeline.invoke(HandlerPipeline.java:131) at org.codehaus.xfire.client.Invocation.invoke(Invocation.java:79) at org.codehaus.xfire.client.Invocation.invoke(Invocation.java:114) at org.codehaus.xfire.client.Client.invoke(Client.java:336) at org.codehaus.xfire.client.XFireProxy.handleRequest(XFireProxy.java:77) at org.codehaus.xfire.client.XFireProxy.invoke(XFireProxy.java:57) at $Proxy8.authenticateApplication(Unknown Source) at com.atlassian.crowd.integration.service.soap.client.GenericClient.authenticate(GenericClient.java:263) ... 73 more Caused by: org.codehaus.xfire.fault.XFireFault: Invalid application client. at org.codehaus.xfire.fault.Soap11FaultSerializer.readMessage(Soap11FaultSerializer.java:31) at org.codehaus.xfire.fault.SoapFaultSerializer.readMessage(SoapFaultSerializer.java:28) at org.codehaus.xfire.soap.handler.ReadHeadersHandler.checkForFault(ReadHeadersHandler.java:111) at org.codehaus.xfire.soap.handler.ReadHeadersHandler.invoke(ReadHeadersHandler.java:67) at org.codehaus.xfire.handler.HandlerPipeline.invoke(HandlerPipeline.java:131) at org.codehaus.xfire.client.Client.onReceive(Client.java:406) ... 84 more
If the password for the Crowd console is lost, the only method of recovery is to reset the password in the crowd.properties configuration file to a known application password. To do this you will need to have access to the Crowd database server and run the following commands:
Get a list of the applications integrated with Crowd:
mysql> select id, application_name from cwd_application; +--------+---------------------+ | id | application_name | +--------+---------------------+ | 98305 | crowd | | 98306 | demo | | 98307 | crowd-openid-server | | 655361 | jira | | 753665 | jiveforums | +--------+---------------------+
Choose an application for which you have the password, and where you're happy to use the same password for the Crowd application. Let's call your application 'X'. Use application X's
application_nameto query the database and retrieve X's credentials:mysql> select credential from cwd_application where application_name = 'jira'; +------------------------------------------------------------------------------------------+ | credential | +------------------------------------------------------------------------------------------+ | sQnzu7wkTrgkQZF+0G1hi5AI3Qmzvv0bXgc5THBqi7mAsdd4Xll27ASbRt9fEyavWi6m0QP9B8lThf+rDKy8hg== | +------------------------------------------------------------------------------------------+
Now set Crowd's application credentials to the
credentialof your application X:mysql> update cwd_application set credential = 'sQnzu7wkTrgkQZF+0G1hi5AI3Qmzvv0bXgc5THBqi7mAsdd4Xll27ASbRt9fEyavWi6m0QP9B8lThf+rDKy8hg==' where application_name = 'crowd'; Query OK, 0 rows affected (0.00 sec) Rows matched: 1 Changed: 0 Warnings: 0
- Update your
crowd.propertiesapplication.passwordvalue to the value of X's password. If you are using Crowd 1.5 or earlier, the file is located atatlassian-crowd-X.X.X/crowd-webapp/WEB-INF/classes/. If using 1.5.1 or later, the file will be located inside your Crowd-Home Directory. - You may now start Crowd.
Further information
- If you have installed only Crowd and no other integrated applications, you'll need to clear all the database tables (if you've already hooked up to a database server) and re-install Crowd. This should not cause you to lose much data, since no other applications have yet been defined.
- The issue is that the password for the crowd application is being changed during the setup process for crowd. This problem will be resolved with Crowd 1.2 - see CWD-488.
- You may be tempted to try changing the password back to 'password'. Alas, this won't work, because the passwords are encrypted using SHA1.