justinc

FMSA PHP/CWP authentication issues

Discussion created by justinc on Nov 18, 2014
Latest reply on Nov 21, 2014 by justinc

Hey all,

I am having some issues with a solution that has a CWP/PHP component. The authentication is rather buggy, and we seem to get lots of 'authentication failed' issues in the middle of a user's login. That is, they log in, they get the home page (loading various information) they click around, then one of their clicks gets an error. They reload the page and it works fine; click - fine, click - fine, click - error, click - fine, etc. Rather random. (We are using PHP Sessions to hold their UN/PW so they aren't entering it every time.)

 

So, for this post I am looking for information about how FMSA authentication might be working.

 

Windows 2008 R2

FMSA 12.05

Single machine

IIS 7.5

Default PHP

External authentication / Active Directory

(2 plugins: Zulu and Supercontainer)

 

I wrote up a test PHP file that would just run a Find operation on a loop (10x). This is a new DB file; there're only 3 accounts on the file: two local, one External/AD group. A single table with 2 fields, total of 8 records.

 

I have tested a couple of different orders of setting up the FM object in the PHP and running the "fm->execute()" steps, but they all seem to behave the same. This file will execute a find 10 times, using different credentials, and report back the time it took each operation, and the error message if there was one.

 

So here is the PHP that I have now:

 

<?php
 require_once ('FileMaker.php'); 
?>

<!DOCTYPE html>
<html>
<body>

<?php

$layoutName = "TesterLayout";

$CurrLogin = 0;
$maxLogins = 2;
$LoginCreds = array ( 
 array ("AD User","goodPW","AD"),
 array ("Test User","validPW","local")
 );

$i = 1;
$max = 10;

while ($i <= $max ) {
 $overallStart = microtime(TRUE);
 echo ( "
<hr><div>Result " . $i . " at - " . microtime() );
 
 // create the FileMaker Object
 $fm = new FileMaker();
 $fm->setProperty('database', 'Tester');
 $fm->setProperty('username', $LoginCreds[0][0] );
 $fm->setProperty('password', $LoginCreds[0][1] );

 //Bit more complex Find command with 1 criteria, rather than a simple 'FindAny' command
 $findRequest1 = $fm->newFindCommand($layoutName);
 $findRequest1->addFindCriterion('TestField2', 'abc');

 $startTime = microtime(TRUE);
 $result = $findRequest1->execute(); 
 $endTime = microtime(TRUE);

 if (FileMaker::isError($result)) {
 echo ( "<br>(AD): " . round ( ($endTime - $startTime), 4) . " : " . $result->getMessage() ) ;
 } else { 
 echo ( "<br>(AD): " . round ( ($endTime - $startTime), 4) . " : OK. Found count: " . $result->getFoundSetCount() . " ... " . $result->GetFirstRecord()->GetField('TestField1') );
 }
 
 
 /* 2nd Login credentials */
 $fm = new FileMaker();
 $fm->setProperty('database', 'LoginTester');
 $fm->setProperty('username', $LoginCreds[1][0] );
 $fm->setProperty('password', $LoginCreds[1][1] );
 
 //Bit more complex Find command with 1 criteria
 $findRequest1 = $fm->newFindCommand($layoutName);
 $findRequest1->addFindCriterion('TestField2', '123');

 $startTime = microtime(TRUE);
 $result = $findRequest1->execute(); 
 $endTime = microtime(TRUE);

 if (FileMaker::isError($result)) {
 echo ( "<br>(local): " . round ( ($endTime - $startTime), 4) . " : " . $result->getMessage() . "<br>" ) ;
 } else { 
 echo ( "<br>(local): " . round ( ($endTime - $startTime), 4) . " : OK. Found count: " . $result->getFoundSetCount() . " ... " . $result->GetFirstRecord()->GetField('TestField1') );
 }
 
 $i++; 
} // end Testing WHILE

$overallEnd = microtime(TRUE);
echo "
<br><h3>Total Elapsed time = " . round( ($overallEnd - $overallStart) , 4 ) . "</h3>";


?> 
</body>
</html>
 

 

This all seems to work well, and unfortunately doesn't really show the authentication errors that we are seeing in the live solution file. (I have gotten a few, but they are far between.) HOWEVER, it does reveal a question that I would like some insight on:

 

If I purposely provide the wrong PW for the LOCAL account, the first 2 runs of the loop will each take 10 seconds to fail, while the remaining 8 will only take .5 seconds each to fail. What is happening that the first two take so long but the rest are fast?

 

And why does the OS Security log only show a single Active Directory request? I thought PHP was stateless, that it would have to log in each time. Why does the FM Server Admin Console show these accounts still connected, up to a minute or two later? Is FileMaker actually reusing the same login information for multiple requests?

 

 

Thanks,

Justin

Outcomes