Auth0 Home Blog Docs

Can't enter default directory for tenant

legacy
database-connections

#1

Hi,

According to this post:


I should disable my “Username-Password-Authentication” connection for all apps, enable my legacy connection for all apps, and enter “Username-Password-Authentication” under tenant settings, “Default Directory”. I’ve done all that, but I still get “Wrong username or password” when trying the legacy connection.

I have tested the login and getuser scripts and they seem to work fine.

How can I investigate further? What might be wrong?


#2

The “default directory” setting under tenant should be your custom DB connection name, not “Username-Password-Authentication”.

Delete all users you added in “Username-Password-Authentication” connection. (I assume this is your testing environment, not production).

Then try it again.


#3

Tried that. Default Directory set to the custom connection. But I can’t test due to the following:

This morning, nothing else changed, trying the custom connection, it keeps displaying “Wrong user name or password” even when I enter correct credentials. Trying the login script itself works with the same credentials. What might be wrong?

Also, one of the test accounts is now blocked due to more than 10 failed login attempts from the same IP. I cannot unblock it from the dashboard because this user is not to be found anywhere. And there was no e-mail sent to its email address, so I have no link to unblock. How can I unblock it? Or can you? The address is kjell…at…rilbe.se.


#4

I had the same problem the other day, the testing email was blocked because many failed attempts. You can goto Anomaly Detection setting to turn off “Brute force protection” to avoid this while testing.

I had struggled with this “Wrong user name or password” issue for several days before it finally worked.

  1. I would try clear all users first.
  2. Create a new custom connection, make sure this “Import Users to Auth0” is on
  3. Modify Login/GetUser script to connect to your own database, Click Try button to make sure script works for your testing Email and Password. By the way, does your current login require UserName in addition to Email? If yes, you need to turn on the “Requires Username” flag as well.
  4. Make sure this custom connection is the only one on for your application.
    Two places to check:
  • Applications=> Your Application => Connections Tab
  • Connections => Your Connection => Applications Tab

Now you should try your login page.

I’ve found if I use “Try Connection” button first before I try the real login from my application, it will import the testing user into the Auth0. Then when I try to use the same credential from my app it will fail. I don’t know why. I had to remove that user from Auth0 DB before I can login from my app. So I would not use that “Try Connection” button to do test.


#5

Switched off brute force protection. Thanks, that helped - no longer being blocked.

Regarding your other suggestions:

  1. We have only four users and they are active admins/developers, working on one of our projects, so I can’t remove them. The accounts I’m testing with have nothing in common with these accounts, apart from first name/last name/full name. User id, user name, e-mail and password are completely different.
  2. Did so yesterday. Same problem.
  3. My legacy database uses user names that often are e-mail addresses, but are not required to be e-mail addresses. They contain e-mail address as a separate attribute. I have set connection to require username, yes. The scripts work, but I am slightly unsure about the object to pass to the callback function (Can I send custom attributes? Should the identities array be included with a single item refering to this legacy connection?). Currently passing this structure from both login and getByEmail: { "user_id": "MyConn|123456", "nickname": "kjell", "email": "kjell@company.com", "email_verified": true }. Verified that both scripts work and return this.
  4. The custom connections have been tested in several variations of app links, primarily the config you suggest, except that for an app under active dev we need to have the Username-Password-Authentication connection enabled and the custom connections disabled.

I have now also tested with the script debug log open while executing “Try” on the custom connection (not the script). I can see that the object being returned to callback is correct (as above) and I see no errors in the log.


#6

Now tested to add another database connection, non-custom. Assigned that as the Default Directory for the tenant. Assigned all applications only to my custom connection. Same successful data appearing in the script debug log, but same error “wrong username or password”.

Tried reassigning the tenant’s Default Directory to my custom connection. Same result.

Tried removing/clearing Default Directory for the tenant. Same result.

I have not tried the lock/login screen from any of the apps, only the “Try” button for the custom connection. Will attempt a test from an app.


#7

Tried login from our app now, with all three alternative regarding tenent’s Default Directory. Same result.

Also tried all three Default Directory settings with app linked to both the custom database connection and the Auth0 database connection. Same result.

I’m out of ideas to try.

I did try connecting the app to the Auth0 database connection where we have four users, but when I try to login with my credentials from there, I get a different error “We’re sorry, something went wrong when attempting to log in.”. How do I find out what’s causing that, and is it possibly relevant to the other problems? My colleagues seem to be able to login when testing/debugging the app. WHen I “try” the Auth0 database connection directly, login works.


#8

Now tried modifying the scripts, removed nickname from the returned object, and added username if legacy user name is different from e-mail address. Also making sure no characters are present that are not allowed for Auth0 usernames (replacing them with '-').

Still same result: scripts work but login doesn’t.