December 13, 2013

SharePoint FBA LdapRoleProvider login issue

Problem

After configuring Active Directory Forms Based Authentication (FBA) towards your Claims enabled Web Application successfully, users still cannot log in, but get generic error: “The server could not sign you in. Make sure your user name and password are correct, and then try again.”

You can assign permissions to users normally, so People Picker on Central Admin site and the actual portal site do find FBA versions of user accounts.

Even if you set ULS logs to Verbose, there isn’t a single row mentioning any errors or even verbose details of the login process. You have double-and triple checked that everything is configured OK.

Only error that is logged, is into Windows Application log:

Log Name:      Application
Source:        Microsoft-SharePoint Products-SharePoint Foundation
Date:          13.12.2013 12:19:25
Event ID:      8306
Task Category: Claims Authentication
Level:         Error
Keywords:     
User:          SP\MyPortalAppPool
Computer:      spportal.sp.dev
Description:
An exception occurred when trying to issue security token: The security token username and password could not be validated..

image

Solution

The interweb was full of valid reasons why this error is occurring, but none of them mentioned the most self-evident reason for the error message: your username is incorrect! The picture above actually already includes a simple textual instructions for users so they know what they need to type into the username field.

When moving from traditional Windows authentication to FBA, you no longer can use DOMAIN\username or email address as username. Instead you must use the “User logon name” as defined in AD user properties.

image

 

Technorati Tags:

1 comment: