<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
</head>
<body>
<p>Hello Gus,<br>
when you want use only ldap module, you need remove module
'internalLoginForm' from sequence 'admin-gui-default'. Or when you
want use both then change order for one module. Same order is
supported only for httpModules and for channels of rest and
actuator.<br>
<br>
Best regards,<br>
Lukas Skublik<br>
<br>
</p>
<div class="moz-cite-prefix">On 15. 9. 2020 2:48, Gus Lou via
midPoint wrote:<br>
</div>
<blockquote type="cite"
cite="mid:CA+XZjGQEDdYx+GbCfOn=9sD6FYUc-+-5okUVQRY_HZjb4MjkwQ@mail.gmail.com">
<meta http-equiv="content-type" content="text/html; charset=UTF-8">
<div dir="ltr">
<div dir="ltr">
<div dir="ltr">
<div dir="ltr">
<div dir="ltr">
<div dir="ltr">
<div dir="ltr">
<div dir="ltr">
<div dir="ltr"><font size="1" face="arial,
sans-serif">Hi Guys<br>
</font>
<div><font size="1" face="arial, sans-serif">Has
anyone successfully used the Flexible
Authentication option with Active Directory?<br>
</font></div>
<div>
<div><font size="1" face="arial, sans-serif">I
did the configuration following the wiki
guidelines:</font></div>
<div><font size="1" face="arial, sans-serif"><a
href="https://wiki.evolveum.com/display/midPoint/Flexible+Authentication+Configuration"
moz-do-not-send="true">https://wiki.evolveum.com/display/midPoint/Flexible+Authentication+Configuration</a></font></div>
</div>
<div>
<div><font size="1" face="arial, sans-serif">I
created a test user in Active Directory
and the same user in MP and granted the
End User role.</font></div>
<div><font size="1" face="arial, sans-serif">After
the settings I tried to authenticate at
the midpoint with the test user, but I get
an error message on the interface Invalid
username and / or password</font></div>
<div><font size="1" face="arial, sans-serif">I
have already verified the test user's
credentials and they are correct, as well
as the credentials to bind to Active
Directory.</font></div>
</div>
<div><font size="1" face="arial, sans-serif"><br>
</font></div>
<div><font size="1" face="arial, sans-serif"><b>My Flexible
Authentication Config:</b></font></div>
<div>
<div class="gmail-gs"
style="margin:0px;padding:0px 0px
20px;width:1119.2px">
<div class="gmail-">
<div id="gmail-:wg" class="gmail-ii
gmail-gt" style="margin:8px 0px
0px;padding:0px">
<div id="gmail-:wh" class="gmail-a3s
gmail-aXjCH
gmail-msg-4405361336467394602">
<div dir="ltr">
<div style="color:rgb(0,0,0)"><font
size="1" face="arial,
sans-serif"><ldap id="23"></font>
<div><font size="1" face="arial,
sans-serif">
<name>ldapAuth</name></font></div>
<div><font size="1" face="arial,
sans-serif">
<host><a class="moz-txt-link-freetext" href="ldap://">ldap://</a><a
href="http://192.168.0.32:636"
moz-do-not-send="true">192.168.0.32:636</a></host></font></div>
<div><font size="1" face="arial,
sans-serif">
<userDn>CN=svc_midpoint,OU=Users_SVC,DC=xyz,DC=net</userDn></font></div>
<div><font size="1" face="arial,
sans-serif">
<userPassword></font></div>
<div><font size="1" face="arial,
sans-serif">
<t:encryptedData></font></div>
<div><font size="1" face="arial,
sans-serif">
<t:encryptionMethod></font></div>
<div><font size="1" face="arial,
sans-serif">
<t:algorithm><a
href="http://www.w3.org/2001/04/xmlenc#aes256-cbc" target="_blank"
moz-do-not-send="true">http://www.w3.org/2001/04/xmlenc#aes256-cbc</a></t:algorithm></font></div>
<div><font size="1" face="arial,
sans-serif">
</t:encryptionMethod></font></div>
<div><font size="1" face="arial,
sans-serif">
<t:keyInfo></font></div>
<div><font size="1" face="arial,
sans-serif">
<t:keyName>XXXXXXXXXXXXXXXXXXXXXXXXXXX</t:keyName></font></div>
<div><font size="1" face="arial,
sans-serif">
</t:keyInfo></font></div>
<div><font size="1" face="arial,
sans-serif">
<t:cipherData></font></div>
<div><font size="1" face="arial,
sans-serif">
<t:cipherValue>XXXXXXXXXXXXXXXXXXXXXXXXXX</t:cipherValue></font></div>
<div><font size="1" face="arial,
sans-serif">
</t:cipherData></font></div>
<div><font size="1" face="arial,
sans-serif">
</t:encryptedData></font></div>
<div><font size="1" face="arial,
sans-serif">
</userPassword></font></div>
<font size="1" face="arial,
sans-serif">
</ldap></font></div>
<div dir="ltr"><font size="1"
face="arial, sans-serif"><br>
</font></div>
<font size="1" face="arial,
sans-serif"><b>Sequence</b></font></div>
<div dir="ltr"><span
style="color:rgb(0,0,0)"><font
size="1" face="arial,
sans-serif"><sequence
id="1"></font></span>
<div style="color:rgb(0,0,0)"><font
size="1" face="arial,
sans-serif">
<name>admin-gui-default</name></font></div>
<div style="color:rgb(0,0,0)"><font
size="1" face="arial,
sans-serif">
<description></font></div>
<div style="color:rgb(0,0,0)"><font
size="1" face="arial,
sans-serif">
Default GUI authentication
sequence.</font></div>
<div style="color:rgb(0,0,0)"><font
size="1" face="arial,
sans-serif"> We
want to try company SSO,
federation and internal. In that
order.</font></div>
<div style="color:rgb(0,0,0)"><font
size="1" face="arial,
sans-serif"> Just
one of then need to be
successful to let user in.</font></div>
<div style="color:rgb(0,0,0)"><font
size="1" face="arial,
sans-serif">
</description></font></div>
<div style="color:rgb(0,0,0)"><font
size="1" face="arial,
sans-serif">
<channel></font></div>
<div style="color:rgb(0,0,0)"><font
size="1" face="arial,
sans-serif">
<channelId><a
href="http://midpoint.evolveum.com/xml/ns/public/model/channels-3#user"
target="_blank"
moz-do-not-send="true">http://midpoint.evolveum.com/xml/ns/public/model/channels-3#user</a></channelId></font></div>
<div style="color:rgb(0,0,0)"><font
size="1" face="arial,
sans-serif">
<default>true</default></font></div>
<div style="color:rgb(0,0,0)"><font
size="1" face="arial,
sans-serif">
<urlSuffix>default</urlSuffix></font></div>
<div style="color:rgb(0,0,0)"><font
size="1" face="arial,
sans-serif">
</channel></font></div>
<div style="color:rgb(0,0,0)"><font
size="1" face="arial,
sans-serif">
<module id="4"></font></div>
<div style="color:rgb(0,0,0)"><font
size="1" face="arial,
sans-serif">
<name>internalLoginForm</name></font></div>
<div style="color:rgb(0,0,0)"><font
size="1" face="arial,
sans-serif">
<order>20</order></font></div>
<div style="color:rgb(0,0,0)"><font
size="1" face="arial,
sans-serif">
<necessity>sufficient</necessity></font></div>
<div style="color:rgb(0,0,0)"><font
size="1" face="arial,
sans-serif">
</module></font></div>
<div style="color:rgb(0,0,0)"><font
size="1" face="arial,
sans-serif">
<module id="5"></font></div>
<div style="color:rgb(0,0,0)"><font
size="1" face="arial,
sans-serif">
<name>ldapAuth</name></font></div>
<div style="color:rgb(0,0,0)"><font
size="1" face="arial,
sans-serif">
<order>20</order></font></div>
<div style="color:rgb(0,0,0)"><font
size="1" face="arial,
sans-serif">
<necessity>sufficient</necessity></font></div>
<div style="color:rgb(0,0,0)"><font
size="1" face="arial,
sans-serif">
</module></font></div>
<font size="1" face="arial,
sans-serif"><span
style="color:rgb(0,0,0)">
</sequence></span></font></div>
<div dir="ltr"><font size="1"
face="arial, sans-serif"><font
color="#000000"><br>
</font></font></div>
<div dir="ltr">
<div><b>My Midpoint.log</b></div>
<div><span
style="color:rgb(0,0,0);font-family:Calibri,Arial,Helvetica,sans-serif;font-size:16px">2020-09-15
00:27:26,175 [MODEL]
[http-nio-127.0.0.1-8080-exec-</span><span
style="color:rgb(0,0,0);font-family:Calibri,Arial,Helvetica,sans-serif;font-size:16px">1]
INFO (com.evolveum.midpoint.web.</span><span
style="color:rgb(0,0,0);font-family:Calibri,Arial,Helvetica,sans-serif;font-size:16px">security.provider.</span><span
style="color:rgb(0,0,0);font-family:Calibri,Arial,Helvetica,sans-serif;font-size:16px">PasswordProvider):
Authentication failed for
test.user:
web.security.provider.invalid</span>
<div
style="color:rgb(0,0,0);font-family:Calibri,Arial,Helvetica,sans-serif;font-size:16px">2020-09-15
00:27:26,175 [MODEL]
[http-nio-127.0.0.1-8080-exec-1]
ERROR
(com.evolveum.midpoint.web.security.provider.MidPointAbstractAuthenticationProvider):
Authentication (runtime) error:
web.security.provider.invalid</div>
<div
style="color:rgb(0,0,0);font-family:Calibri,Arial,Helvetica,sans-serif;font-size:16px">org.springframework.security.authentication.AuthenticationCredentialsNotFoundException:
web.security.provider.invalid</div>
<div
style="color:rgb(0,0,0);font-family:Calibri,Arial,Helvetica,sans-serif;font-size:16px">
at
com.evolveum.midpoint.model.impl.security.AuthenticationEvaluatorImpl.checkCredentials(AuthenticationEvaluatorImpl.java:191)</div>
<div
style="color:rgb(0,0,0);font-family:Calibri,Arial,Helvetica,sans-serif;font-size:16px">
at
com.evolveum.midpoint.model.impl.security.AuthenticationEvaluatorImpl.authenticate(AuthenticationEvaluatorImpl.java:107)</div>
<div
style="color:rgb(0,0,0);font-family:Calibri,Arial,Helvetica,sans-serif;font-size:16px">
at
com.evolveum.midpoint.web.security.provider.PasswordProvider.internalAuthentication(PasswordProvider.java:70)</div>
<div
style="color:rgb(0,0,0);font-family:Calibri,Arial,Helvetica,sans-serif;font-size:16px">
at
com.evolveum.midpoint.web.security.provider.MidPointAbstractAuthenticationProvider.authenticate(MidPointAbstractAuthenticationProvider.java:87)</div>
<div
style="color:rgb(0,0,0);font-family:Calibri,Arial,Helvetica,sans-serif;font-size:16px">
at
com.evolveum.midpoint.web.security.MidpointProviderManager.authenticate(MidpointProviderManager.java:58)</div>
<div
style="color:rgb(0,0,0);font-family:Calibri,Arial,Helvetica,sans-serif;font-size:16px">
at
org.springframework.security.authentication.ProviderManager.authenticate(ProviderManager.java:200)</div>
<div
style="color:rgb(0,0,0);font-family:Calibri,Arial,Helvetica,sans-serif;font-size:16px">
at
com.evolveum.midpoint.web.security.filter.MidpointUsernamePasswordAuthenticationFilter.attemptAuthentication(MidpointUsernamePasswordAuthenticationFilter.java:71)</div>
<div
style="color:rgb(0,0,0);font-family:Calibri,Arial,Helvetica,sans-serif;font-size:16px">
at
org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:212)</div>
<div
style="color:rgb(0,0,0);font-family:Calibri,Arial,Helvetica,sans-serif;font-size:16px">
at
com.evolveum.midpoint.web.security.filter.MidpointAuthFilter$VirtualFilterChain.doFilter(MidpointAuthFilter.java:289)</div>
<div
style="color:rgb(0,0,0);font-family:Calibri,Arial,Helvetica,sans-serif;font-size:16px">
at
org.springframework.security.web.authentication.logout.LogoutFilter.doFilter(LogoutFilter.java:116)</div>
<div
style="color:rgb(0,0,0);font-family:Calibri,Arial,Helvetica,sans-serif;font-size:16px">
at
com.evolveum.midpoint.web.security.filter.MidpointAuthFilter$VirtualFilterChain.doFilter(MidpointAuthFilter.java:289)</div>
<div
style="color:rgb(0,0,0);font-family:Calibri,Arial,Helvetica,sans-serif;font-size:16px">
at
com.evolveum.midpoint.web.security.filter.RedirectForLoginPagesWithAuthenticationFilter.doFilterInternal(RedirectForLoginPagesWithAuthenticationFilter.java:39)</div>
</div>
<font
style="font-size:medium;font-family:Roboto,RobotoDraft,Helvetica,Arial,sans-serif"
size="1" face="Arial" color="Gray"><br>
</font></div>
<div><font
style="font-size:medium;font-family:Roboto,RobotoDraft,Helvetica,Arial,sans-serif"
size="1" face="Arial" color="Gray">Regards</font></div>
<div><font
style="font-size:medium;font-family:Roboto,RobotoDraft,Helvetica,Arial,sans-serif"
size="1" face="Arial" color="Gray"><br>
</font></div>
<div><font
style="font-size:medium;font-family:Roboto,RobotoDraft,Helvetica,Arial,sans-serif"
size="1" face="Arial" color="Gray">Gus</font></div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<pre class="moz-quote-pre" wrap="">_______________________________________________
midPoint mailing list
<a class="moz-txt-link-abbreviated" href="mailto:midPoint@lists.evolveum.com">midPoint@lists.evolveum.com</a>
<a class="moz-txt-link-freetext" href="https://lists.evolveum.com/mailman/listinfo/midpoint">https://lists.evolveum.com/mailman/listinfo/midpoint</a>
</pre>
</blockquote>
</body>
</html>