JAAS config for Active Directory LDAP

guillaumeguerin · 4 April 2014 14:24

Hi all, thanks in advance for your help.

I spent many hours since the last month to set an authentication on Bonita via JAAS. I use a TOMCAT 6.0.37 and BONITA 6.2.0

you can see the jaas-standard.cfg I used

BonitaAuthentication-1 {
com.sun.security.auth.module.LdapLoginModule sufficient
userProvider=“ldap://bdxemeadc01:389/OU=Standard User,OU=EMEA,DC=emea,DC=ad,DC=compagny,DC=com”
userFilter=“(&(samAccountName={USERNAME}) (objectClass=user))”
authIdentity=“{USERNAME}”
debug=true
useSSL=false;
};

I tried several config I found anywhere on the net without success.

I have two questions : do you think that the space in the OU “Standard User” could be an issue ?

second question, in my AD the cn is user with the lastname and firstname
CN= Bods, Paul
DistinguishedName= CN=Bods, Paul,OU=Standard User,OU=EMEA,DC=emea,DC=ad,DC=compagny,DC=com
SamAccountName= pbods

do you have any idea about Userfilter and AuthIdenty value.

I read several documentation and forum or Ldaploginmodule info (http://docs.oracle.com/javase/7/docs/jre/api/security/jaas/spec/com/sun/security/auth/module/LdapLoginModule.html)

thanks in advance for any clue that can help

system · 7 April 2014 13:12

Hi,

I got Active Directory working with a configuration like bellow:

BonitaAuthentication-1 {
com.sun.security.auth.module.LdapLoginModule REQUIRED
userProvider=“ldap://ad_url:ad_port/cn=users,dc=example,dc=com”
authIdentity=“{USERNAME}@example.com”
userFilter=“(&(|(samAccountName={USERNAME})(userPrincipalName={USERNAME})(cn={USERNAME}))(objectClass=user))”
debug=true
useSSL=false;
};

Regards,

Chris24 · 7 April 2014 07:29

Hello,

Very good question. I’m waiting for a response on this problem since 3 months and nothing…

http://community.bonitasoft.com/groups/french-corner/est-ce-que-bonita-6-est-utilisable-en-production
http://community.bonitasoft.com/groups/installation-6x/bonita-6-really-ready

Chris24 · 11 April 2014 19:55

Hi Elias

What is your Bonita version ?

system · 15 April 2014 07:28

Bonita Subscription version 6.1.

user11 · 15 October 2014 11:05

hi ,

i have the same problem .the active directory has “cn”,

when i try to login i get : java.io.IOException

have you any idea ?

thank you

system · 15 October 2014 13:49

Can you share the full log file content? That should be helpful to identify why you get such exception.
Also, about LDAP authentication configuration, official documentation page was recently updated and should provide all guidance in order to have a successful AD authentication setup.
If you need more details about the JAAS configuration, please share information about your configuration as listed under " Before you start section ".

user11 · 15 October 2014 14:01

thank you for your response,

for information, i use bonita community 5.10.2 with tomcat

here is the log file :

/** /
oct. 15, 2014 2:14:25 PM org.apache.catalina.core.StandardWrapperValve invoke
Grave: “Servlet.service()” pour la servlet org.bonitasoft.console.security.server.CredentialsEncryptionServlet/security/credentialsencryption a généré une exception
java.lang.SecurityException: Erreur de configuration :
Ligne 8 : attendu [option key]
at com.sun.security.auth.login.ConfigFile.(ConfigFile.java:110)
at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:57)
at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45)
at java.lang.reflect.Constructor.newInstance(Constructor.java:526)
at java.lang.Class.newInstance(Class.java:374)
at javax.security.auth.login.Configuration$3.run(Configuration.java:264)
at javax.security.auth.login.Configuration$3.run(Configuration.java:260)
at java.security.AccessController.doPrivileged(Native Method)
at javax.security.auth.login.Configuration.getConfiguration(Configuration.java:259)
at javax.security.auth.login.LoginContext$1.run(LoginContext.java:254)
at javax.security.auth.login.LoginContext$1.run(LoginContext.java:252)
at java.security.AccessController.doPrivileged(Native Method)
at javax.security.auth.login.LoginContext.init(LoginContext.java:251)
at javax.security.auth.login.LoginContext.(LoginContext.java:418)
at org.bonitasoft.console.security.server.CredentialsEncryptionServlet.doPost(CredentialsEncryptionServlet.java:125)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:637)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:717)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
at org.bonitasoft.forms.server.filter.SetCharacterEncodingFilter.doFilter(SetCharacterEncodingFilter.java:122)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:233)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:191)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
at org.bonitasoft.console.security.SessionFixationValve.invoke(SessionFixationValve.java:77)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:293)
at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:859)
at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:602)
at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:489)
at java.lang.Thread.run(Thread.java:744)
Caused by: java.io.IOException: Erreur de configuration :
Ligne 8 : attendu [option key]
at com.sun.security.auth.login.ConfigFile.match(ConfigFile.java:550)
at com.sun.security.auth.login.ConfigFile.parseLoginEntry(ConfigFile.java:439)
at com.sun.security.auth.login.ConfigFile.readConfig(ConfigFile.java:383)
at com.sun.security.auth.login.ConfigFile.init(ConfigFile.java:283)
at com.sun.security.auth.login.ConfigFile.init(ConfigFile.java:219)
at com.sun.security.auth.login.ConfigFile.(ConfigFile.java:108)
… 33 more
/ **/

system · 15 October 2014 14:14

From the following message
Caused by: java.io.IOException: Erreur de configuration : Ligne 8 : attendu [option key] - See more at: http://community.bonitasoft.com/answers/jaas-config-active-directory-ldap#node-13902
I assume that it’s a JAAS configuration file issue. So in order to help I would need all details as listed on documentation page.

To continue the discussion I suggest you keep it on the other topic you opened: http://community.bonitasoft.com/answers/bonita-5102-community-ldap (especially as this one is about Bonita 6)

Also for long block of content like log files, I suggest you put it in a shared file on Google Drive or Dropbox in order to keep the thread easy to read.

Thanks

Topic		Replies	Views
Bonita 5.10.2 community LDAP Q&A	10	6	17 October 2014
What are the steps to configure Apache Open LDAP with Bonita Tomcat Q&A	0	7	17 June 2022
[LDAP] Active Directory authentication using sAMAccountName Q&A	1	15	6 January 2017
LDAP authentication with non-anonymous access Q&A	0	0	27 May 2014
Bonita 7 : Ldap authentification Q&A	5	2	2 November 2015

JAAS config for Active Directory LDAP

Related topics