Troubleshooting User Access¶
"Your account has not been granted access."¶
This series of steps will grant the user the group memberships required to access Game Warden hosted applications while eliminating possible cached credential issues.
-
Open Chrome in Incognito mode and with their CAC inserted
-
Browse to https://login.dso.mil.
a. If you have not already, you will be prompted to associate your CAC with your P1 account.
-
Browse to http://login.afwerx.dso.mil/.
a. If you have not already, you will be prompted to associate your CAC with your Game Warden account.
-
Return to your original application URL and try again.
"Oops, your session has expired. Please try again."¶
This can occasionally happen if a previous authentication gets stored in your cache. When this happens you can go up to the URL, delete the .mil portion of the website, and reenter it back in. Once this happens the URL should reset and it will ask you to provide your Platform One credentials. If the first reset of the URL comes up with the same error, attempt this at least two more times. if that doesn’t resolve your issue, please contact us via a Support Ticket.
"Game Warden Account Disabled."¶
Inactive users will have their accounts disabled after 30 days of inactivity. They will receive an email notification with steps to restore their account. See our Keycloak Article for more information.
Troubleshooting Game Warden Hosted Application User Access from NIPRNet¶
These instructions are used for determining why a user on NIPRNet may be having trouble accessing an endpoint(s). Perform these steps if the user is reporting that they are timing out or receive a blank / white page when attempting to access applications.
Ensure the user has:
- Created a P1-SSO account
- Configured their CAC/ECA/PIV for access to IL4+ environments.
AND
- Associated their CAC with the Game Warden keycloak.
Your end-user MUST complete all steps for association of CAC/ECA/PIV from the links above before continuing the process for individual access troubleshooting.
Success would be a webpage loading with a login prompt.
Failed tests would result in a blank page, or a timeout.
Local Firewall Test¶
Attempt to reach the following URL: https://login.dso.mil
-
Success: OUTBOUND GOOD. Proceed to P1/CNAP Test.
-
Failure: Contact your local network support to remediate.
P1/CNAP Test¶
Attempt to reach the following URLs: https://code.il4.dso.mil
- Success:
- Will display "Your account has not been granted access to this application group yet."
- CNAP PASS THROUGH VERIFIED. Proceed to AFWERX Test.
- Will display "Your account has not been granted access to this application group yet."
- Failure:
- Whitelisting with P1 needed. Proceed to Information Collection for CNAP Whitelisting below.
- Whitelisting with P1 needed. Proceed to Information Collection for CNAP Whitelisting below.
Success Example Result:
AFWERX Test¶
Attempt to reach the following URL: https://grafana.il4.afwerx.dso.mil
- Success: GAME WARDEN SERVICES ONLINE.
- Failure: Potential issue with AFWERX or GAMEWARDEN.
Information Collection for CNAP Whitelisting¶
Gather IP address for CNAP whitelisting. The most effective course of action is to enlist the assistance of your network administrator to gather all applicable IP ranges necessary for your agency. Request this information in “CIDR” format.
Security settings may only allow use of one of the following options:
- From Command Prompt (Windows Key + R type cmd) type ipconfig
- Copy the IPv4 Address
OR
- From Powershell (Windows Key + R type powershell) type ipconfig
- Copy the IPv4 Address
Verification email from P1 not received
Check spam filters, check user's network policies as they may block emails from P1.
Why don’t I already have CNAP Access?
See CNAP Whitelist for more information.
Common Access Issues¶
-
Re-establishing MFA (e.g. for a new or lost device)
-
Not receiving password reset email
- Try having the email sent again and check your spam/junk folder.
- If the second attempt fails, reach out to: help@dsop.io
-
P1 User account is disabled
- Send an email to help@dsop.io with the word "unlock", "disable", or "reactivate" in the body.
- Your account should automatically unlock and you will receive an email reply once complete.
Last Updated: 06/20/2024