<div dir="ltr"><div dir="ltr"><div dir="ltr"><div dir="ltr"><div dir="ltr"><div dir="ltr"><div dir="ltr"><div dir="ltr"><div dir="ltr"><font face="arial, sans-serif" size="1">Hi Guys<br></font><div><font face="arial, sans-serif" size="1">Has anyone successfully used the Flexible Authentication option with Active Directory?<br></font></div><div><div><font face="arial, sans-serif" size="1">I did the configuration following the wiki guidelines:</font></div><div><font face="arial, sans-serif" size="1"><a href="https://wiki.evolveum.com/display/midPoint/Flexible+Authentication+Configuration">https://wiki.evolveum.com/display/midPoint/Flexible+Authentication+Configuration</a></font></div></div><div><div><font face="arial, sans-serif" size="1">I created a test user in Active Directory and the same user in MP and granted the End User role.</font></div><div><font face="arial, sans-serif" size="1">After the settings I tried to authenticate at the midpoint with the test user, but I get an error message on the interface Invalid username and / or password</font></div><div><font face="arial, sans-serif" size="1">I have already verified the test user's credentials and they are correct, as well as the credentials to bind to Active Directory.</font></div></div><div><font face="arial, sans-serif" size="1"><br></font></div><div><font face="arial, sans-serif" size="1"><b>My  Flexible Authentication Config:</b></font></div><div><div class="gmail-gs" style="margin:0px;padding:0px 0px 20px;width:1119.2px"><div class="gmail-"><div id="gmail-:wg" class="gmail-ii gmail-gt" style="margin:8px 0px 0px;padding:0px"><div id="gmail-:wh" class="gmail-a3s gmail-aXjCH gmail-msg-4405361336467394602"><div dir="ltr"><div style="color:rgb(0,0,0)"><font face="arial, sans-serif" size="1"><ldap id="23"></font><div><font face="arial, sans-serif" size="1">                <name>ldapAuth</name></font></div><div><font face="arial, sans-serif" size="1">                <host>ldap://<a href="http://192.168.0.32:636">192.168.0.32:636</a></host></font></div><div><font face="arial, sans-serif" size="1">                <userDn>CN=svc_midpoint,OU=Users_SVC,DC=xyz,DC=net</userDn></font></div><div><font face="arial, sans-serif" size="1">                <userPassword></font></div><div><font face="arial, sans-serif" size="1">                    <t:encryptedData></font></div><div><font face="arial, sans-serif" size="1">                        <t:encryptionMethod></font></div><div><font face="arial, sans-serif" size="1">                            <t:algorithm><a href="http://www.w3.org/2001/04/xmlenc#aes256-cbc" target="_blank">http://www.w3.org/2001/04/xmlenc#aes256-cbc</a></t:algorithm></font></div><div><font face="arial, sans-serif" size="1">                        </t:encryptionMethod></font></div><div><font face="arial, sans-serif" size="1">                        <t:keyInfo></font></div><div><font face="arial, sans-serif" size="1">                            <t:keyName>XXXXXXXXXXXXXXXXXXXXXXXXXXX</t:keyName></font></div><div><font face="arial, sans-serif" size="1">                        </t:keyInfo></font></div><div><font face="arial, sans-serif" size="1">                        <t:cipherData></font></div><div><font face="arial, sans-serif" size="1">                            <t:cipherValue>XXXXXXXXXXXXXXXXXXXXXXXXXX</t:cipherValue></font></div><div><font face="arial, sans-serif" size="1">                        </t:cipherData></font></div><div><font face="arial, sans-serif" size="1">                    </t:encryptedData></font></div><div><font face="arial, sans-serif" size="1">                </userPassword></font></div><font face="arial, sans-serif" size="1">            </ldap></font></div><div dir="ltr"><font face="arial, sans-serif" size="1"><br></font></div><font face="arial, sans-serif" size="1"><b>Sequence</b></font></div><div dir="ltr"><span style="color:rgb(0,0,0)"><font face="arial, sans-serif" size="1"><sequence id="1"></font></span><div style="color:rgb(0,0,0)"><font face="arial, sans-serif" size="1">            <name>admin-gui-default</name></font></div><div style="color:rgb(0,0,0)"><font face="arial, sans-serif" size="1">            <description></font></div><div style="color:rgb(0,0,0)"><font face="arial, sans-serif" size="1">                Default GUI authentication sequence.</font></div><div style="color:rgb(0,0,0)"><font face="arial, sans-serif" size="1">                We want to try company SSO, federation and internal. In that order.</font></div><div style="color:rgb(0,0,0)"><font face="arial, sans-serif" size="1">                Just one of then need to be successful to let user in.</font></div><div style="color:rgb(0,0,0)"><font face="arial, sans-serif" size="1">            </description></font></div><div style="color:rgb(0,0,0)"><font face="arial, sans-serif" size="1">            <channel></font></div><div style="color:rgb(0,0,0)"><font face="arial, sans-serif" size="1">                <channelId><a href="http://midpoint.evolveum.com/xml/ns/public/model/channels-3#user" target="_blank">http://midpoint.evolveum.com/xml/ns/public/model/channels-3#user</a></channelId></font></div><div style="color:rgb(0,0,0)"><font face="arial, sans-serif" size="1">                <default>true</default></font></div><div style="color:rgb(0,0,0)"><font face="arial, sans-serif" size="1">                <urlSuffix>default</urlSuffix></font></div><div style="color:rgb(0,0,0)"><font face="arial, sans-serif" size="1">            </channel></font></div><div style="color:rgb(0,0,0)"><font face="arial, sans-serif" size="1">            <module id="4"></font></div><div style="color:rgb(0,0,0)"><font face="arial, sans-serif" size="1">                <name>internalLoginForm</name></font></div><div style="color:rgb(0,0,0)"><font face="arial, sans-serif" size="1">                <order>20</order></font></div><div style="color:rgb(0,0,0)"><font face="arial, sans-serif" size="1">                <necessity>sufficient</necessity></font></div><div style="color:rgb(0,0,0)"><font face="arial, sans-serif" size="1">            </module></font></div><div style="color:rgb(0,0,0)"><font face="arial, sans-serif" size="1">            <module id="5"></font></div><div style="color:rgb(0,0,0)"><font face="arial, sans-serif" size="1">                <name>ldapAuth</name></font></div><div style="color:rgb(0,0,0)"><font face="arial, sans-serif" size="1">                <order>20</order></font></div><div style="color:rgb(0,0,0)"><font face="arial, sans-serif" size="1">                <necessity>sufficient</necessity></font></div><div style="color:rgb(0,0,0)"><font face="arial, sans-serif" size="1">            </module></font></div><font face="arial, sans-serif" size="1"><span style="color:rgb(0,0,0)">        </sequence></span></font></div><div dir="ltr"><font face="arial, sans-serif" size="1"><font color="#000000"><br></font></font></div><div dir="ltr"><div><b>My Midpoint.log</b></div><div><span style="color:rgb(0,0,0);font-family:Calibri,Arial,Helvetica,sans-serif;font-size:16px">2020-09-15 00:27:26,175 [MODEL] [http-nio-127.0.0.1-8080-exec-</span><span style="color:rgb(0,0,0);font-family:Calibri,Arial,Helvetica,sans-serif;font-size:16px">1] INFO (com.evolveum.midpoint.web.</span><span style="color:rgb(0,0,0);font-family:Calibri,Arial,Helvetica,sans-serif;font-size:16px">security.provider.</span><span style="color:rgb(0,0,0);font-family:Calibri,Arial,Helvetica,sans-serif;font-size:16px">PasswordProvider): Authentication failed for test.user: web.security.provider.invalid</span><div style="color:rgb(0,0,0);font-family:Calibri,Arial,Helvetica,sans-serif;font-size:16px">2020-09-15 00:27:26,175 [MODEL] [http-nio-127.0.0.1-8080-exec-1] ERROR (com.evolveum.midpoint.web.security.provider.MidPointAbstractAuthenticationProvider): Authentication (runtime) error: web.security.provider.invalid</div><div style="color:rgb(0,0,0);font-family:Calibri,Arial,Helvetica,sans-serif;font-size:16px">org.springframework.security.authentication.AuthenticationCredentialsNotFoundException: web.security.provider.invalid</div><div style="color:rgb(0,0,0);font-family:Calibri,Arial,Helvetica,sans-serif;font-size:16px">        at com.evolveum.midpoint.model.impl.security.AuthenticationEvaluatorImpl.checkCredentials(AuthenticationEvaluatorImpl.java:191)</div><div style="color:rgb(0,0,0);font-family:Calibri,Arial,Helvetica,sans-serif;font-size:16px">        at com.evolveum.midpoint.model.impl.security.AuthenticationEvaluatorImpl.authenticate(AuthenticationEvaluatorImpl.java:107)</div><div style="color:rgb(0,0,0);font-family:Calibri,Arial,Helvetica,sans-serif;font-size:16px">        at com.evolveum.midpoint.web.security.provider.PasswordProvider.internalAuthentication(PasswordProvider.java:70)</div><div style="color:rgb(0,0,0);font-family:Calibri,Arial,Helvetica,sans-serif;font-size:16px">        at com.evolveum.midpoint.web.security.provider.MidPointAbstractAuthenticationProvider.authenticate(MidPointAbstractAuthenticationProvider.java:87)</div><div style="color:rgb(0,0,0);font-family:Calibri,Arial,Helvetica,sans-serif;font-size:16px">        at com.evolveum.midpoint.web.security.MidpointProviderManager.authenticate(MidpointProviderManager.java:58)</div><div style="color:rgb(0,0,0);font-family:Calibri,Arial,Helvetica,sans-serif;font-size:16px">        at org.springframework.security.authentication.ProviderManager.authenticate(ProviderManager.java:200)</div><div style="color:rgb(0,0,0);font-family:Calibri,Arial,Helvetica,sans-serif;font-size:16px">        at com.evolveum.midpoint.web.security.filter.MidpointUsernamePasswordAuthenticationFilter.attemptAuthentication(MidpointUsernamePasswordAuthenticationFilter.java:71)</div><div style="color:rgb(0,0,0);font-family:Calibri,Arial,Helvetica,sans-serif;font-size:16px">        at org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:212)</div><div style="color:rgb(0,0,0);font-family:Calibri,Arial,Helvetica,sans-serif;font-size:16px">        at com.evolveum.midpoint.web.security.filter.MidpointAuthFilter$VirtualFilterChain.doFilter(MidpointAuthFilter.java:289)</div><div style="color:rgb(0,0,0);font-family:Calibri,Arial,Helvetica,sans-serif;font-size:16px">        at org.springframework.security.web.authentication.logout.LogoutFilter.doFilter(LogoutFilter.java:116)</div><div style="color:rgb(0,0,0);font-family:Calibri,Arial,Helvetica,sans-serif;font-size:16px">        at com.evolveum.midpoint.web.security.filter.MidpointAuthFilter$VirtualFilterChain.doFilter(MidpointAuthFilter.java:289)</div><div style="color:rgb(0,0,0);font-family:Calibri,Arial,Helvetica,sans-serif;font-size:16px">        at com.evolveum.midpoint.web.security.filter.RedirectForLoginPagesWithAuthenticationFilter.doFilterInternal(RedirectForLoginPagesWithAuthenticationFilter.java:39)</div></div><font face="Arial" color="Gray" size="1" style="font-size:medium;font-family:Roboto,RobotoDraft,Helvetica,Arial,sans-serif"><br></font></div><div><font face="Arial" color="Gray" size="1" style="font-size:medium;font-family:Roboto,RobotoDraft,Helvetica,Arial,sans-serif">Regards</font></div><div><font face="Arial" color="Gray" size="1" style="font-size:medium;font-family:Roboto,RobotoDraft,Helvetica,Arial,sans-serif"><br></font></div><div><font face="Arial" color="Gray" size="1" style="font-size:medium;font-family:Roboto,RobotoDraft,Helvetica,Arial,sans-serif">Gus</font></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div>