|
This article outlines the steps to Troubleshoot the error 'Invalid username or password' encountered with the following error log entry from server.log:
/opt/glassfish/domains/domain1/logs/
cat server.log
ApplicationException: You have attempted to log in as administrator from an untrusted domain: x.x.x.x
at com.ph.phoenix.service.system.security.AuthenticatorBean.checkAdminDomain(AuthenticatorBean.java:416)
at com.ph.phoenix.service.system.security.AuthenticatorBean.authenticate(AuthenticatorBean.java:118)
The following error is observed because the user that is attempting to log into FortiSIEM GUI is from an untrusted host. This will occur when an administrator attempts to log in from an IP address that is not included in the trusted host list.
To verify trusted host login issues:
- Record the IP address where the administrator is attempting to log in to the FortSIEM unit.
- Log in to the web UI and go to All Settings -> System -> Trusted Host.
- Compare the list of trusted hosts to the problem IP address. If there is a match, the problem is not due to trusted hosts.
- If there is no match and the new address is valid (secure), add it to the list of trusted hosts.
- Select Save.
- Have the administrator log in.
In the event that the administrator is locked out, proceed to the following steps:
- Log into the Console of the Super as a root user.
- Run the following command to view the list of Trusted Hosts.
psql -U phoenix -d phoenixdb -c "select * from ph_sys_conf where property='Trust_Host'"
- Remove the Trusted Hosts IP.
psql -U phoenix -d phoenixdb -c "delete from ph_sys_conf where property='Trust_Host'"
- Currently, there is no setting to block any IP from logging into the SIEM. If the choice is made to enforce Trusted Host Security, add the necessary user IP and any other Hosts to allow access to the FortiSIEM GUI under All Settings -> System -> Trusted Host.
 Example
|
