JAAS config for Active Directory LDAP

Submitted by guillaumeguerin on Fri, 04/04/2014 - 16:24
1
0
-1

Hi all, thanks in advance for your help.

I spent many hours since the last month to set an authentication on Bonita via JAAS. I use a TOMCAT 6.0.37 and BONITA 6.2.0

you can see the jaas-standard.cfg I used

BonitaAuthentication-1 { com.sun.security.auth.module.LdapLoginModule sufficient userProvider="ldap://bdxemeadc01:389/OU=Standard User,OU=EMEA,DC=emea,DC=ad,DC=compagny,DC=com" userFilter="(&(samAccountName={USERNAME}) (objectClass=user))" authIdentity="{USERNAME}" debug=true useSSL=false; };

I tried several config I found anywhere on the net without success.

I have two questions : do you think that the space in the OU "Standard User" could be an issue ?

second question, in my AD the cn is user with the lastname and firstname CN= Bods, Paul DistinguishedName= CN=Bods\, Paul,OU=Standard User,OU=EMEA,DC=emea,DC=ad,DC=compagny,DC=com SamAccountName= pbods

do you have any idea about Userfilter and AuthIdenty value.

I read several documentation and forum or Ldaploginmodule info (http://docs.oracle.com/javase/7/docs/jre/api/security/jaas/spec/com/sun/...)

thanks in advance for any clue that can help

jaas
SamAccountName

Comments

Submitted by Chris24 on Mon, 04/07/2014 - 09:29

Hello,

Very good question. I'm waiting for a response on this problem since 3 months and nothing.... http://community.bonitasoft.com/groups/french-corner/est-ce-que-bonita-6...

http://community.bonitasoft.com/groups/installation-6x/bonita-6-really-r...
Permalink
1 answer

Submitted by elias.ricken on Mon, 04/07/2014 - 15:12
1
0
-1

Hi,

I got Active Directory working with a configuration like bellow:

BonitaAuthentication-1 { com.sun.security.auth.module.LdapLoginModule REQUIRED userProvider="ldap://ad_url:ad_port/cn=users,dc=example,dc=com" authIdentity="{USERNAME}@example.com" userFilter="(&(|(samAccountName={USERNAME})(userPrincipalName={USERNAME})(cn={USERNAME}))(objectClass=user))" debug=true useSSL=false; };

Regards,

Comments

Submitted by Chris24 on Fri, 04/11/2014 - 21:55

Hi Elias

What is your Bonita version ?

Permalink
Submitted by elias.ricken on Tue, 04/15/2014 - 09:28

Bonita Subscription version 6.1.

Permalink
Submitted by user11 on Wed, 10/15/2014 - 13:05

hi ,

i have the same problem .the active directory has "cn",

when i try to login i get : java.io.IOException

have you any idea ?

thank you

Permalink
Submitted by antoine.mottier on Wed, 10/15/2014 - 15:49

Can you share the full log file content? That should be helpful to identify why you get such exception. Also, about LDAP authentication configuration, official documentation page was recently updated and should provide all guidance in order to have a successful AD authentication setup. If you need more details about the JAAS configuration, please share information about your configuration as listed under " Before you start section ".

Permalink
Submitted by user11 on Wed, 10/15/2014 - 16:01

thank you for your response,

for information, i use bonita community 5.10.2 with tomcat

here is the log file :

/** / oct. 15, 2014 2:14:25 PM org.apache.catalina.core.StandardWrapperValve invoke Grave: "Servlet.service()" pour la servlet org.bonitasoft.console.security.server.CredentialsEncryptionServlet/security/credentialsencryption a généré une exception java.lang.SecurityException: Erreur de configuration : Ligne 8 : attendu [option key] at com.sun.security.auth.login.ConfigFile.(ConfigFile.java:110) at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method) at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:57) at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45) at java.lang.reflect.Constructor.newInstance(Constructor.java:526) at java.lang.Class.newInstance(Class.java:374) at javax.security.auth.login.Configuration$3.run(Configuration.java:264) at javax.security.auth.login.Configuration$3.run(Configuration.java:260) at java.security.AccessController.doPrivileged(Native Method) at javax.security.auth.login.Configuration.getConfiguration(Configuration.java:259) at javax.security.auth.login.LoginContext$1.run(LoginContext.java:254) at javax.security.auth.login.LoginContext$1.run(LoginContext.java:252) at java.security.AccessController.doPrivileged(Native Method) at javax.security.auth.login.LoginContext.init(LoginContext.java:251) at javax.security.auth.login.LoginContext.(LoginContext.java:418) at org.bonitasoft.console.security.server.CredentialsEncryptionServlet.doPost(CredentialsEncryptionServlet.java:125) at javax.servlet.http.HttpServlet.service(HttpServlet.java:637) at javax.servlet.http.HttpServlet.service(HttpServlet.java:717) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) at org.bonitasoft.forms.server.filter.SetCharacterEncodingFilter.doFilter(SetCharacterEncodingFilter.java:122) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:233) at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:191) at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127) at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102) at org.bonitasoft.console.security.SessionFixationValve.invoke(SessionFixationValve.java:77) at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109) at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:293) at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:859) at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:602) at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:489) at java.lang.Thread.run(Thread.java:744) Caused by: java.io.IOException: Erreur de configuration : Ligne 8 : attendu [option key] at com.sun.security.auth.login.ConfigFile.match(ConfigFile.java:550) at com.sun.security.auth.login.ConfigFile.parseLoginEntry(ConfigFile.java:439) at com.sun.security.auth.login.ConfigFile.readConfig(ConfigFile.java:383) at com.sun.security.auth.login.ConfigFile.init(ConfigFile.java:283) at com.sun.security.auth.login.ConfigFile.init(ConfigFile.java:219) at com.sun.security.auth.login.ConfigFile.(ConfigFile.java:108) ... 33 more / **/

Permalink
Submitted by antoine.mottier on Wed, 10/15/2014 - 16:14

From the following message

Caused by: java.io.IOException: Erreur de configuration :
Ligne 8 : attendu [option key] - See more at: http://community.bonitasoft.com/answers/jaas-config-active-directory-ldap#node-13902

I assume that it's a JAAS configuration file issue. So in order to help I would need all details as listed on documentation page.

To continue the discussion I suggest you keep it on the other topic you opened: http://community.bonitasoft.com/answers/bonita-5102-community-ldap (especially as this one is about Bonita 6)

Also for long block of content like log files, I suggest you put it in a shared file on Google Drive or Dropbox in order to keep the thread easy to read.

Thanks

Permalink
Notifications