search

SafeExamBrowser / seb-server

The Safe Exam Browser Server web application simplifies and centralizes the configuration of SEB clients for exams. It interacts with a learning management or exam system for setting up and conducting e-assessments with Safe Exam Browser. It also improves security by allowing to monitor connected SEB clients in real time during e-assessments.
Mozilla Public License 2.0
43 stars 38 forks source link

sebserver-admin : Bad credentials #59

Closed roetsc closed 2 years ago

roetsc commented 2 years ago

Dears, I’m am experimenting with SEB-server in order to consider using this at the University of Applied Science in Brugge, Belgium. Initially I have been running the demo version, but there, was not possibility to link connections and exams to the new institute I had created. I am now using the production version. I tried export DB_SA_PWD=xxx export SEBSERVER_PWD=xxx SEBSERVER_PWD=xxx DB_SA_PWD=xxx docker-compose up -d

I have tried several versions of seb-server for days now, and except for the demo version, I cannot login(sebserver-admin).
I can connect to the mariadb using SQL, but the seb-server access shows me :

12:40:36.070 WARN [http-nio-0.0.0.0-8080-exec-1]:[org.springframework.security.oauth2.provider.endpoint.TokenEndpoint] Handling error: InvalidGrantException, Bad credentials 12:40:36.074 INFO [http-nio-0.0.0.0-8080-exec-9]:[ch.ethz.seb.sebserver.gui.service.remote.webservice.auth.OAuth2AuthorizationContextHolder] Access Denied for user: sebserver-admin 12:40:36.193 WARN [http-nio-0.0.0.0-8080-exec-8]:[org.springframework.security.oauth2.provider.endpoint.TokenEndpoint] Handling error: InvalidGrantException, Bad credentials 12:40:36.199 ERROR [http-nio-0.0.0.0-8080-exec-9]:[ch.ethz.seb.sebserver.gui.service.remote.webservice.auth.OAuth2AuthorizationContextHolder] Failed to log logout: Access token denied. 12:40:36.287 WARN [http-nio-0.0.0.0-8080-exec-4]:[org.springframework.security.oauth2.provider.endpoint.TokenEndpoint] Handling error: InvalidGrantException, Bad credentials 12:40:36.301 WARN [http-nio-0.0.0.0-8080-exec-9]:[ch.ethz.seb.sebserver.gui.service.remote.webservice.auth.CurrentUser] Unexpected error while logout: Access token denied. 12:40:36.303 WARN [http-nio-0.0.0.0-8080-exec-9]:[ch.ethz.seb.sebserver.gui.service.page.impl.PageServiceImpl] Failed to logout. See log-files for more information

anhefti commented 2 years ago

Hi, the main difference between the demo setup and the production setup is that the demo-setup has predefined user-account data for testing, while the productive one don't.

In the productive setup the SEB Server generates a initial admin account and puts that in the logs as described here in the Docu: https://seb-server-setup.readthedocs.io/en/latest/install-production.html But this is done only if the SEB Server do not find an already existing one on the DB therefore this will only happen within the very fist startup of SEB Server. If you are not able to grap it from the SEB Server logs anymore you can drop your DB or truncate the user Table on that DB and start SEB Server again. Then it should generate a new admin account for you and you can get the credentials from the Logs.

If you try several version on the same machine, please also make sure you have cleaned up our docker containers, images, volumes and networks before starting a new approach. Otherwise some old settings can interfere with new new setup.

The DB_SA_PWD and SEBSERVER_PWD by the way are not user-account passwords but passwords for the database connection and for internal encryption. Neither of them will work as a login password. Please read the Install Manual carefully before setting up the SEB Server.

If this is still not working for you or you facing other problems, wee need some more information about your setup and your use-case you want to achieve to give proper help. Please note that the demo setup functionally is the same as the productive version.

Best

roetsc commented 2 years ago

Hey Andreas, Thanks for your answer here is what I see using MySQL workbench : use SEBServer; select DATABASE(); show tables; select * from user;

username : sebserver-admin password : yULNf7fddxxg(wr-$PVIy8-X-pV6YxX!SP0Wg+1@-9Y5#[SzHcVF6v~E-3BAE3 -> I suppose this one is encrypted

How do I catch the password for the gui, or how do I define ? DB_SA_PWD and SEBSERVER_PWD does not seem to work entering the above pass for seb-server-admin, does neither For the demo version this was super-admin/admin

Logfile of "docker logs --follow seb-server" ----> SEB Server initial admin-account; name: sebserver-admin, pwd: yULNf7fddxxg(wr-$PVIy8-X-pV6YxX!SP0Wg+1@-9Y5#[SzHcVF6v~E-3BAE3 14:00:50.187 INFO [main]:[ch.ethz.seb.SEB_SERVER_INIT] ----> 14:00:50.189 INFO [main]:[ch.ethz.seb.SEB_SERVER_INIT] ----> !!!! NOTE: Do not forget to login and reset the generated admin password immediately !!!! 14:00:50.189 INFO [main]:[ch.ethz.seb.SEB_SERVER_INIT] ----> ****

anhefti commented 2 years ago

Hi, Okay, it has been generated so you should be able to login with this password as long as it has not changed since. The password is generated, not encrypted (the encrypted on is in the DB), just paste it in the login screen.

If this doesn't work, there might also be missing settings for the connection of the GUI service to the Webservice but to see this I need the whole Log of the SEB Server init phase to check the initial settings there.

roetsc commented 2 years ago

Thanks Andreas, I dropped de db so that it is recreated and now I can login. I will continue exploring as of next Wednesday. Thanks for the help. Chris