Users are not validated through custom plugin

[maheshmadhyastha7]

Hi, I have a custom authentication and authorization plugin written and configured in pgina. Only first time when user logs in, the users are authenticated and authorized against the plugin. However for subsequent login, only LocalMachine is used for authentication and authorization. I am using pGina fork 3.9.9.12.

Can anyone help? pGina.Service.ServiceHost_log.txt

[maheshmadhyastha7]

I am trying to login on Windows using Remote Desktop Connection it seems that it checks only for local accounts password instead of custom plugin accounts. In that way with RDP it works only last synchronized user password, instead of last valid one on my custom plugin.

[maheshmadhyastha7]

Can anyone help?

[MutonUfoAI]

In Windows 10 a login has to happen fast not like in Windows 7 where you had plenty of time. Windows 10 will push you to the lock screen if your login process take to long 2020-02-17 07:36:32,572 [2268|3|INFO ] pGina.Service.Impl: SessionChange: 4 -> RemoteDisconnect

the next problem is pgina itself. Sometimes, out of the blue, the pipe breaks down .... I need to change the whole pipe stuff from c# to c++ code. In my environment is see the error extreme seldom, and if it happens no harm was done. 2020-02-17 07:36:52,900 [2268|22|ERROR] Abstractions: Error while trying to open pipe server: System.IO.IOException: Pipe is broken. at System.IO.Pipes.PipeStream.WinIOError(Int32 errorCode) at System.IO.Pipes.PipeStream.WriteCore(Byte[] buffer, Int32 offset, Int32 count) at Abstractions.Pipes.Pipe.WriteMessage(BinaryWriter writer, IDictionary2 msg) at Abstractions.Pipes.Pipe.DefaultMessageHandler(BinaryReader reader, BinaryWriter writer, Func2 callback) at Abstractions.Pipes.Pipe.HandlePipeConnection(BinaryReader reader, BinaryWriter writer, IDictionary`2 initialMessage) at Abstractions.Pipes.PipeServer.ServerThread()

Is there a need to let Local Machine process all those groups again? SyncToLocalUser() It takes 40 sec to to that ....

To your problem pGina.Plugin.WPMC.WpmcPlugin is called every time you log on but not if you are unlock a session Thats the way it should be look

[maheshmadhyastha7]

The problem is pGina.Plugin.WPMC.WpmcPlugin is not invoked when user logs off and login. Also , 2020-02-17 07:36:52,900 [2268|22|ERROR] Abstractions: Error while trying to open pipe server: System.IO.IOException: Pipe is broken, do you think is it because of some group policy which blocks it by any chance.

[MutonUfoAI]

In your example you lock and unlock the user

2020-02-17 07:47:32,311 [2268|6|INFO ] pGina.Service.Impl: SessionChange:5 7 2020-02-17 07:47:32,313 [2268|45|INFO ] pGina.Service.Impl: SessionChange: 5 -> SessionLock 2020-02-17 07:47:32,454 [2268|6|INFO ] pGina.Service.Impl: SessionChange:5 4 2020-02-17 07:47:32,456 [2268|43|INFO ] pGina.Service.Impl: SessionChange: 5 -> RemoteDisconnect 2020-02-17 07:47:32,544 [2268|6|INFO ] pGina.Service.Impl: SessionChange:6 4 2020-02-17 07:47:32,546 [2268|37|INFO ] pGina.Service.Impl: SessionChange: 6 -> RemoteDisconnect 2020-02-17 07:47:32,767 [2268|6|INFO ] pGina.Service.Impl: SessionChange:5 3 2020-02-17 07:47:32,770 [2268|39|INFO ] pGina.Service.Impl: SessionChange: 5 -> RemoteConnect 2020-02-17 07:47:32,862 [2268|6|INFO ] pGina.Service.Impl: SessionChange:5 8 2020-02-17 07:47:32,865 [2268|37|INFO ] pGina.Service.Impl: SessionChange: 5 -> SessionUnlock

and the pipe error always occurs during a remotedisconnect while logging on. So no harm is done.