1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

  2. Anuncie Aqui ! Entre em contato fdantas@4each.com.br
Cookies Anuncie aqui Patrocinador Anuncios

Ldap user authorization failed - Unhandled Spring authentication "Access is denied"

Discussão em 'StackOverflow' iniciado por fdantas, Janeiro 17, 2018.

  1. fdantas

    fdantas Administrator Moderador

    Question: Ldap user authorization failed - Unhandled Spring authentication "Access is denied"

    We have REST services we would authenticate for using with ldap.
    The REST services without the ldap security works fine as expected.
    The REST services are running on an PAS instance (Progress Technology)

    We use the form and filled in our credentials when I push the login button then I get the error message. As I read the logs file, I can see that: The login to the LDAP server is fine but when it try to authenticate the user I'm an exception.

    We use tomcat version 8.5.23

    EDIT 16/01/2018 09:24:

    I have the whole question updated with the latest information.
    If I set this grouprole attribute to cn:


    ldap.grouprole.attribute=cn

    I see in the logging that we get further but now we get an other error.

    Error Message:


    Access is denied - 403 status code

    Previous error message without ldap grouprole attribute set (for further readers):


    java.lang.IllegalArgumentException: Name must not be empty => initial error message

    Logging Messages:


    The oepas1.DATE.log shows the following:

    09:04:40.550/20215 [catalina-exec-5] DEBUG o.s.l.c.s.AbstractContextSource - Got Ldap context on server 'our internal ip'

    09:04:40.553/20218 [catalina-exec-5] DEBUG o.s.s.l.u.DefaultLdapAuthoritiesPopulator - Roles from search: [Makelaars]

    09:04:40.560/20225 [catalina-exec-5] WARN c.p.a.s.s.OEAuthenticationLogger - Unhandled Spring authentication event: org.springframework.security.web.authentication.session.SessionFixationProtectionEvent[source=org.springframework.security.authentication.UsernamePasswordAuthenticationToken@5d0c4105: Principal: org.springframework.security.ldap.userdetails.InetOrgPerson@aa53233b: Dn: cn=Test C&C,ou=Users,ou=Domain BPB,dc=bpb,dc=be; Username: tc; Password: [PROTECTED]; Enabled: true; AccountNonExpired: true; CredentialsNonExpired: true; AccountNonLocked: true; Granted Authorities: ROLE_MAKELAARS; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@fffc7f0c: RemoteIpAddress: 0:0:0:0:0:0:0:1; SessionId: 991C2EE38AA27E364FFB812CD6BFC9ABDD85795BF2F8.oepas1; Granted Authorities: ROLE_MAKELAARS]

    My Configuration: (oeablSecurity.properties in the WEB-INF folder)


    http.all.authmanager=ldap
    client.login.model=form
    ldap.url="internal ldap url"
    ldap.manager-dn=cn=Ad Reader,ou=Special Users,ou=Domain BPB,dc=bpb,dc=be
    ldap.manager-password=topsecret
    ldap.root.dn=
    ldap.grouprole.attribute= tc
    ldap.groupsearch.filter=(member={0})
    ldap.groupsearch.base=cn=Makelaars,ou=Groups,ou=Domain BPB,dc=bpb,dc=be
    ldap.usersearch.base=ou=Users,ou=Domain BPB,dc=bpb,dc=be
    ldap.usersearch.filter=(sAMAccountName={0})

    Expected solution:

    I expect that the user is correctly authenticated after I push the login button and I see the response JSON from the REST service. (After authenticated with ldap)

    Continue reading...
    fdantas, Janeiro 17, 2018
    #1

Compartilhe esta Página