<div dir="ltr"><div dir="ltr">Hi Lukas<br><div>Thank you very much</div><div>I will make this change and report the results here.<br></div><div>Regards</div><div>Gus</div><div><br></div></div></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">Em qui., 17 de set. de 2020 às 02:36, Lukas Skublik via midPoint <<a href="mailto:midpoint@lists.evolveum.com">midpoint@lists.evolveum.com</a>> escreveu:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">
<div>
<p>Hello Gus,<br>
when you want use only ldap module, you need remove module
'internalLoginForm' from sequence 'admin-gui-default'. Or when you
want use both then change order for one module. Same order is
supported only for httpModules and for channels of rest and
actuator.<br>
<br>
Best regards,<br>
Lukas Skublik<br>
<br>
</p>
<div>On 15. 9. 2020 2:48, Gus Lou via
midPoint wrote:<br>
</div>
<blockquote type="cite">
<div dir="ltr">
<div dir="ltr">
<div dir="ltr">
<div dir="ltr">
<div dir="ltr">
<div dir="ltr">
<div dir="ltr">
<div dir="ltr">
<div dir="ltr"><font size="1" face="arial,
sans-serif">Hi Guys<br>
</font>
<div><font size="1" face="arial, sans-serif">Has
anyone successfully used the Flexible
Authentication option with Active Directory?<br>
</font></div>
<div>
<div><font size="1" face="arial, sans-serif">I
did the configuration following the wiki
guidelines:</font></div>
<div><font size="1" face="arial, sans-serif"><a href="https://wiki.evolveum.com/display/midPoint/Flexible+Authentication+Configuration" target="_blank">https://wiki.evolveum.com/display/midPoint/Flexible+Authentication+Configuration</a></font></div>
</div>
<div>
<div><font size="1" face="arial, sans-serif">I
created a test user in Active Directory
and the same user in MP and granted the
End User role.</font></div>
<div><font size="1" face="arial, sans-serif">After
the settings I tried to authenticate at
the midpoint with the test user, but I get
an error message on the interface Invalid
username and / or password</font></div>
<div><font size="1" face="arial, sans-serif">I
have already verified the test user's
credentials and they are correct, as well
as the credentials to bind to Active
Directory.</font></div>
</div>
<div><font size="1" face="arial, sans-serif"><br>
</font></div>
<div><font size="1" face="arial, sans-serif"><b>My Flexible
Authentication Config:</b></font></div>
<div>
<div style="margin:0px;padding:0px 0px 20px;width:1119.2px">
<div>
<div id="gmail-m_-1922088185811323126gmail-:wg" style="margin:8px 0px 0px;padding:0px">
<div id="gmail-m_-1922088185811323126gmail-:wh">
<div dir="ltr">
<div style="color:rgb(0,0,0)"><font size="1" face="arial,
sans-serif"><ldap id="23"></font>
<div><font size="1" face="arial,
sans-serif">
<name>ldapAuth</name></font></div>
<div><font size="1" face="arial,
sans-serif">
<host><a>ldap://</a><a href="http://192.168.0.32:636" target="_blank">192.168.0.32:636</a></host></font></div>
<div><font size="1" face="arial,
sans-serif">
<userDn>CN=svc_midpoint,OU=Users_SVC,DC=xyz,DC=net</userDn></font></div>
<div><font size="1" face="arial,
sans-serif">
<userPassword></font></div>
<div><font size="1" face="arial,
sans-serif">
<t:encryptedData></font></div>
<div><font size="1" face="arial,
sans-serif">
<t:encryptionMethod></font></div>
<div><font size="1" face="arial,
sans-serif">
<t:algorithm><a href="http://www.w3.org/2001/04/xmlenc#aes256-cbc" target="_blank">http://www.w3.org/2001/04/xmlenc#aes256-cbc</a></t:algorithm></font></div>
<div><font size="1" face="arial,
sans-serif">
</t:encryptionMethod></font></div>
<div><font size="1" face="arial,
sans-serif">
<t:keyInfo></font></div>
<div><font size="1" face="arial,
sans-serif">
<t:keyName>XXXXXXXXXXXXXXXXXXXXXXXXXXX</t:keyName></font></div>
<div><font size="1" face="arial,
sans-serif">
</t:keyInfo></font></div>
<div><font size="1" face="arial,
sans-serif">
<t:cipherData></font></div>
<div><font size="1" face="arial,
sans-serif">
<t:cipherValue>XXXXXXXXXXXXXXXXXXXXXXXXXX</t:cipherValue></font></div>
<div><font size="1" face="arial,
sans-serif">
</t:cipherData></font></div>
<div><font size="1" face="arial,
sans-serif">
</t:encryptedData></font></div>
<div><font size="1" face="arial,
sans-serif">
</userPassword></font></div>
<font size="1" face="arial,
sans-serif">
</ldap></font></div>
<div dir="ltr"><font size="1" face="arial, sans-serif"><br>
</font></div>
<font size="1" face="arial,
sans-serif"><b>Sequence</b></font></div>
<div dir="ltr"><span style="color:rgb(0,0,0)"><font size="1" face="arial,
sans-serif"><sequence
id="1"></font></span>
<div style="color:rgb(0,0,0)"><font size="1" face="arial,
sans-serif">
<name>admin-gui-default</name></font></div>
<div style="color:rgb(0,0,0)"><font size="1" face="arial,
sans-serif">
<description></font></div>
<div style="color:rgb(0,0,0)"><font size="1" face="arial,
sans-serif">
Default GUI authentication
sequence.</font></div>
<div style="color:rgb(0,0,0)"><font size="1" face="arial,
sans-serif"> We
want to try company SSO,
federation and internal. In that
order.</font></div>
<div style="color:rgb(0,0,0)"><font size="1" face="arial,
sans-serif"> Just
one of then need to be
successful to let user in.</font></div>
<div style="color:rgb(0,0,0)"><font size="1" face="arial,
sans-serif">
</description></font></div>
<div style="color:rgb(0,0,0)"><font size="1" face="arial,
sans-serif">
<channel></font></div>
<div style="color:rgb(0,0,0)"><font size="1" face="arial,
sans-serif">
<channelId><a href="http://midpoint.evolveum.com/xml/ns/public/model/channels-3#user" target="_blank">http://midpoint.evolveum.com/xml/ns/public/model/channels-3#user</a></channelId></font></div>
<div style="color:rgb(0,0,0)"><font size="1" face="arial,
sans-serif">
<default>true</default></font></div>
<div style="color:rgb(0,0,0)"><font size="1" face="arial,
sans-serif">
<urlSuffix>default</urlSuffix></font></div>
<div style="color:rgb(0,0,0)"><font size="1" face="arial,
sans-serif">
</channel></font></div>
<div style="color:rgb(0,0,0)"><font size="1" face="arial,
sans-serif">
<module id="4"></font></div>
<div style="color:rgb(0,0,0)"><font size="1" face="arial,
sans-serif">
<name>internalLoginForm</name></font></div>
<div style="color:rgb(0,0,0)"><font size="1" face="arial,
sans-serif">
<order>20</order></font></div>
<div style="color:rgb(0,0,0)"><font size="1" face="arial,
sans-serif">
<necessity>sufficient</necessity></font></div>
<div style="color:rgb(0,0,0)"><font size="1" face="arial,
sans-serif">
</module></font></div>
<div style="color:rgb(0,0,0)"><font size="1" face="arial,
sans-serif">
<module id="5"></font></div>
<div style="color:rgb(0,0,0)"><font size="1" face="arial,
sans-serif">
<name>ldapAuth</name></font></div>
<div style="color:rgb(0,0,0)"><font size="1" face="arial,
sans-serif">
<order>20</order></font></div>
<div style="color:rgb(0,0,0)"><font size="1" face="arial,
sans-serif">
<necessity>sufficient</necessity></font></div>
<div style="color:rgb(0,0,0)"><font size="1" face="arial,
sans-serif">
</module></font></div>
<font size="1" face="arial,
sans-serif"><span style="color:rgb(0,0,0)">
</sequence></span></font></div>
<div dir="ltr"><font size="1" face="arial, sans-serif"><font color="#000000"><br>
</font></font></div>
<div dir="ltr">
<div><b>My Midpoint.log</b></div>
<div><span style="color:rgb(0,0,0);font-family:Calibri,Arial,Helvetica,sans-serif;font-size:16px">2020-09-15
00:27:26,175 [MODEL]
[http-nio-127.0.0.1-8080-exec-</span><span style="color:rgb(0,0,0);font-family:Calibri,Arial,Helvetica,sans-serif;font-size:16px">1]
INFO (com.evolveum.midpoint.web.</span><span style="color:rgb(0,0,0);font-family:Calibri,Arial,Helvetica,sans-serif;font-size:16px">security.provider.</span><span style="color:rgb(0,0,0);font-family:Calibri,Arial,Helvetica,sans-serif;font-size:16px">PasswordProvider):
Authentication failed for
test.user:
web.security.provider.invalid</span>
<div style="color:rgb(0,0,0);font-family:Calibri,Arial,Helvetica,sans-serif;font-size:16px">2020-09-15
00:27:26,175 [MODEL]
[http-nio-127.0.0.1-8080-exec-1]
ERROR
(com.evolveum.midpoint.web.security.provider.MidPointAbstractAuthenticationProvider):
Authentication (runtime) error:
web.security.provider.invalid</div>
<div style="color:rgb(0,0,0);font-family:Calibri,Arial,Helvetica,sans-serif;font-size:16px">org.springframework.security.authentication.AuthenticationCredentialsNotFoundException:
web.security.provider.invalid</div>
<div style="color:rgb(0,0,0);font-family:Calibri,Arial,Helvetica,sans-serif;font-size:16px">
at
com.evolveum.midpoint.model.impl.security.AuthenticationEvaluatorImpl.checkCredentials(AuthenticationEvaluatorImpl.java:191)</div>
<div style="color:rgb(0,0,0);font-family:Calibri,Arial,Helvetica,sans-serif;font-size:16px">
at
com.evolveum.midpoint.model.impl.security.AuthenticationEvaluatorImpl.authenticate(AuthenticationEvaluatorImpl.java:107)</div>
<div style="color:rgb(0,0,0);font-family:Calibri,Arial,Helvetica,sans-serif;font-size:16px">
at
com.evolveum.midpoint.web.security.provider.PasswordProvider.internalAuthentication(PasswordProvider.java:70)</div>
<div style="color:rgb(0,0,0);font-family:Calibri,Arial,Helvetica,sans-serif;font-size:16px">
at
com.evolveum.midpoint.web.security.provider.MidPointAbstractAuthenticationProvider.authenticate(MidPointAbstractAuthenticationProvider.java:87)</div>
<div style="color:rgb(0,0,0);font-family:Calibri,Arial,Helvetica,sans-serif;font-size:16px">
at
com.evolveum.midpoint.web.security.MidpointProviderManager.authenticate(MidpointProviderManager.java:58)</div>
<div style="color:rgb(0,0,0);font-family:Calibri,Arial,Helvetica,sans-serif;font-size:16px">
at
org.springframework.security.authentication.ProviderManager.authenticate(ProviderManager.java:200)</div>
<div style="color:rgb(0,0,0);font-family:Calibri,Arial,Helvetica,sans-serif;font-size:16px">
at
com.evolveum.midpoint.web.security.filter.MidpointUsernamePasswordAuthenticationFilter.attemptAuthentication(MidpointUsernamePasswordAuthenticationFilter.java:71)</div>
<div style="color:rgb(0,0,0);font-family:Calibri,Arial,Helvetica,sans-serif;font-size:16px">
at
org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:212)</div>
<div style="color:rgb(0,0,0);font-family:Calibri,Arial,Helvetica,sans-serif;font-size:16px">
at
com.evolveum.midpoint.web.security.filter.MidpointAuthFilter$VirtualFilterChain.doFilter(MidpointAuthFilter.java:289)</div>
<div style="color:rgb(0,0,0);font-family:Calibri,Arial,Helvetica,sans-serif;font-size:16px">
at
org.springframework.security.web.authentication.logout.LogoutFilter.doFilter(LogoutFilter.java:116)</div>
<div style="color:rgb(0,0,0);font-family:Calibri,Arial,Helvetica,sans-serif;font-size:16px">
at
com.evolveum.midpoint.web.security.filter.MidpointAuthFilter$VirtualFilterChain.doFilter(MidpointAuthFilter.java:289)</div>
<div style="color:rgb(0,0,0);font-family:Calibri,Arial,Helvetica,sans-serif;font-size:16px">
at
com.evolveum.midpoint.web.security.filter.RedirectForLoginPagesWithAuthenticationFilter.doFilterInternal(RedirectForLoginPagesWithAuthenticationFilter.java:39)</div>
</div>
<font style="font-size:medium;font-family:Roboto,RobotoDraft,Helvetica,Arial,sans-serif" size="1" face="Arial" color="Gray"><br>
</font></div>
<div><font style="font-size:medium;font-family:Roboto,RobotoDraft,Helvetica,Arial,sans-serif" size="1" face="Arial" color="Gray">Regards</font></div>
<div><font style="font-size:medium;font-family:Roboto,RobotoDraft,Helvetica,Arial,sans-serif" size="1" face="Arial" color="Gray"><br>
</font></div>
<div><font style="font-size:medium;font-family:Roboto,RobotoDraft,Helvetica,Arial,sans-serif" size="1" face="Arial" color="Gray">Gus</font></div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
<br>
<fieldset></fieldset>
<pre>_______________________________________________
midPoint mailing list
<a href="mailto:midPoint@lists.evolveum.com" target="_blank">midPoint@lists.evolveum.com</a>
<a href="https://lists.evolveum.com/mailman/listinfo/midpoint" target="_blank">https://lists.evolveum.com/mailman/listinfo/midpoint</a>
</pre>
</blockquote>
</div>
_______________________________________________<br>
midPoint mailing list<br>
<a href="mailto:midPoint@lists.evolveum.com" target="_blank">midPoint@lists.evolveum.com</a><br>
<a href="https://lists.evolveum.com/mailman/listinfo/midpoint" rel="noreferrer" target="_blank">https://lists.evolveum.com/mailman/listinfo/midpoint</a><br>
</blockquote></div>