[midPoint] Active Directory - Flexible Authentication

Gus Lou gugalou38 at gmail.com
Tue Sep 15 02:48:37 CEST 2020 

Hi Guys
Has anyone successfully used the Flexible Authentication option with Active
Directory?
I did the configuration following the wiki guidelines:
https://wiki.evolveum.com/display/midPoint/Flexible+Authentication+Configuration
I created a test user in Active Directory and the same user in MP and
granted the End User role.
After the settings I tried to authenticate at the midpoint with the test
user, but I get an error message on the interface Invalid username and / or
password
I have already verified the test user's credentials and they are correct,
as well as the credentials to bind to Active Directory.

*My  Flexible Authentication Config:*
<ldap id="23">
                <name>ldapAuth</name>
                <host>ldap://192.168.0.32:636</host>
                <userDn>CN=svc_midpoint,OU=Users_SVC,DC=xyz,DC=net</userDn>
                <userPassword>
                    <t:encryptedData>
                        <t:encryptionMethod>
                            <t:algorithm>
http://www.w3.org/2001/04/xmlenc#aes256-cbc</t:algorithm>
                        </t:encryptionMethod>
                        <t:keyInfo>

<t:keyName>XXXXXXXXXXXXXXXXXXXXXXXXXXX</t:keyName>
                        </t:keyInfo>
                        <t:cipherData>

<t:cipherValue>XXXXXXXXXXXXXXXXXXXXXXXXXX</t:cipherValue>
                        </t:cipherData>
                    </t:encryptedData>
                </userPassword>
            </ldap>

*Sequence*
<sequence id="1">
            <name>admin-gui-default</name>
            <description>
                Default GUI authentication sequence.
                We want to try company SSO, federation and internal. In
that order.
                Just one of then need to be successful to let user in.
            </description>
            <channel>
                <channelId>
http://midpoint.evolveum.com/xml/ns/public/model/channels-3#user</channelId>
                <default>true</default>
                <urlSuffix>default</urlSuffix>
            </channel>
            <module id="4">
                <name>internalLoginForm</name>
                <order>20</order>
                <necessity>sufficient</necessity>
            </module>
            <module id="5">
                <name>ldapAuth</name>
                <order>20</order>
                <necessity>sufficient</necessity>
            </module>
        </sequence>

*My Midpoint.log*
2020-09-15 00:27:26,175 [MODEL] [http-nio-127.0.0.1-8080-exec-1] INFO
(com.evolveum.midpoint.web.security.provider.PasswordProvider):
Authentication failed for test.user: web.security.provider.invalid
2020-09-15 00:27:26,175 [MODEL] [http-nio-127.0.0.1-8080-exec-1] ERROR
(com.evolveum.midpoint.web.security.provider.MidPointAbstractAuthenticationProvider):
Authentication (runtime) error: web.security.provider.invalid
org.springframework.security.authentication.AuthenticationCredentialsNotFoundException:
web.security.provider.invalid
        at
com.evolveum.midpoint.model.impl.security.AuthenticationEvaluatorImpl.checkCredentials(AuthenticationEvaluatorImpl.java:191)
        at
com.evolveum.midpoint.model.impl.security.AuthenticationEvaluatorImpl.authenticate(AuthenticationEvaluatorImpl.java:107)
        at
com.evolveum.midpoint.web.security.provider.PasswordProvider.internalAuthentication(PasswordProvider.java:70)
        at
com.evolveum.midpoint.web.security.provider.MidPointAbstractAuthenticationProvider.authenticate(MidPointAbstractAuthenticationProvider.java:87)
        at
com.evolveum.midpoint.web.security.MidpointProviderManager.authenticate(MidpointProviderManager.java:58)
        at
org.springframework.security.authentication.ProviderManager.authenticate(ProviderManager.java:200)
        at
com.evolveum.midpoint.web.security.filter.MidpointUsernamePasswordAuthenticationFilter.attemptAuthentication(MidpointUsernamePasswordAuthenticationFilter.java:71)
        at
org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:212)
        at
com.evolveum.midpoint.web.security.filter.MidpointAuthFilter$VirtualFilterChain.doFilter(MidpointAuthFilter.java:289)
        at
org.springframework.security.web.authentication.logout.LogoutFilter.doFilter(LogoutFilter.java:116)
        at
com.evolveum.midpoint.web.security.filter.MidpointAuthFilter$VirtualFilterChain.doFilter(MidpointAuthFilter.java:289)
        at
com.evolveum.midpoint.web.security.filter.RedirectForLoginPagesWithAuthenticationFilter.doFilterInternal(RedirectForLoginPagesWithAuthenticationFilter.java:39)

Regards

Gus
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20200914/8036a41b/attachment.htm>

More information about the midPoint mailing list