[midPoint] Active Directory - Flexible Authentication
Gus Lou
gugalou38 at gmail.com
Thu Sep 17 12:33:18 CEST 2020
Hi Lukas
Thank you very much
I will make this change and report the results here.
Regards
Gus
Em qui., 17 de set. de 2020 às 02:36, Lukas Skublik via midPoint <
midpoint at lists.evolveum.com> escreveu:
> Hello Gus,
> when you want use only ldap module, you need remove module
> 'internalLoginForm' from sequence 'admin-gui-default'. Or when you want use
> both then change order for one module. Same order is supported only for
> httpModules and for channels of rest and actuator.
>
> Best regards,
> Lukas Skublik
>
> On 15. 9. 2020 2:48, Gus Lou via midPoint wrote:
>
> Hi Guys
> Has anyone successfully used the Flexible Authentication option with
> Active Directory?
> I did the configuration following the wiki guidelines:
>
> https://wiki.evolveum.com/display/midPoint/Flexible+Authentication+Configuration
> I created a test user in Active Directory and the same user in MP and
> granted the End User role.
> After the settings I tried to authenticate at the midpoint with the test
> user, but I get an error message on the interface Invalid username and / or
> password
> I have already verified the test user's credentials and they are correct,
> as well as the credentials to bind to Active Directory.
>
> *My Flexible Authentication Config:*
> <ldap id="23">
> <name>ldapAuth</name>
> <host>ldap://192.168.0.32:636</host>
> <userDn>CN=svc_midpoint,OU=Users_SVC,DC=xyz,DC=net</userDn>
> <userPassword>
> <t:encryptedData>
> <t:encryptionMethod>
> <t:algorithm>
> http://www.w3.org/2001/04/xmlenc#aes256-cbc</t:algorithm>
> </t:encryptionMethod>
> <t:keyInfo>
>
> <t:keyName>XXXXXXXXXXXXXXXXXXXXXXXXXXX</t:keyName>
> </t:keyInfo>
> <t:cipherData>
>
> <t:cipherValue>XXXXXXXXXXXXXXXXXXXXXXXXXX</t:cipherValue>
> </t:cipherData>
> </t:encryptedData>
> </userPassword>
> </ldap>
>
> *Sequence*
> <sequence id="1">
> <name>admin-gui-default</name>
> <description>
> Default GUI authentication sequence.
> We want to try company SSO, federation and internal. In
> that order.
> Just one of then need to be successful to let user in.
> </description>
> <channel>
> <channelId>
> http://midpoint.evolveum.com/xml/ns/public/model/channels-3#user
> </channelId>
> <default>true</default>
> <urlSuffix>default</urlSuffix>
> </channel>
> <module id="4">
> <name>internalLoginForm</name>
> <order>20</order>
> <necessity>sufficient</necessity>
> </module>
> <module id="5">
> <name>ldapAuth</name>
> <order>20</order>
> <necessity>sufficient</necessity>
> </module>
> </sequence>
>
> *My Midpoint.log*
> 2020-09-15 00:27:26,175 [MODEL] [http-nio-127.0.0.1-8080-exec-1] INFO
> (com.evolveum.midpoint.web.security.provider.PasswordProvider):
> Authentication failed for test.user: web.security.provider.invalid
> 2020-09-15 00:27:26,175 [MODEL] [http-nio-127.0.0.1-8080-exec-1] ERROR
> (com.evolveum.midpoint.web.security.provider.MidPointAbstractAuthenticationProvider):
> Authentication (runtime) error: web.security.provider.invalid
> org.springframework.security.authentication.AuthenticationCredentialsNotFoundException:
> web.security.provider.invalid
> at
> com.evolveum.midpoint.model.impl.security.AuthenticationEvaluatorImpl.checkCredentials(AuthenticationEvaluatorImpl.java:191)
> at
> com.evolveum.midpoint.model.impl.security.AuthenticationEvaluatorImpl.authenticate(AuthenticationEvaluatorImpl.java:107)
> at
> com.evolveum.midpoint.web.security.provider.PasswordProvider.internalAuthentication(PasswordProvider.java:70)
> at
> com.evolveum.midpoint.web.security.provider.MidPointAbstractAuthenticationProvider.authenticate(MidPointAbstractAuthenticationProvider.java:87)
> at
> com.evolveum.midpoint.web.security.MidpointProviderManager.authenticate(MidpointProviderManager.java:58)
> at
> org.springframework.security.authentication.ProviderManager.authenticate(ProviderManager.java:200)
> at
> com.evolveum.midpoint.web.security.filter.MidpointUsernamePasswordAuthenticationFilter.attemptAuthentication(MidpointUsernamePasswordAuthenticationFilter.java:71)
> at
> org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:212)
> at
> com.evolveum.midpoint.web.security.filter.MidpointAuthFilter$VirtualFilterChain.doFilter(MidpointAuthFilter.java:289)
> at
> org.springframework.security.web.authentication.logout.LogoutFilter.doFilter(LogoutFilter.java:116)
> at
> com.evolveum.midpoint.web.security.filter.MidpointAuthFilter$VirtualFilterChain.doFilter(MidpointAuthFilter.java:289)
> at
> com.evolveum.midpoint.web.security.filter.RedirectForLoginPagesWithAuthenticationFilter.doFilterInternal(RedirectForLoginPagesWithAuthenticationFilter.java:39)
>
> Regards
>
> Gus
>
> _______________________________________________
> midPoint mailing listmidPoint at lists.evolveum.comhttps://lists.evolveum.com/mailman/listinfo/midpoint
>
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com
> https://lists.evolveum.com/mailman/listinfo/midpoint
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20200917/5ff94009/attachment.htm>
More information about the midPoint
mailing list