Error on authentication via LDAP-AD

cancel
Showing results for 
Search instead for 
Did you mean: 
Rituels
Active Member

Error on authentication via LDAP-AD

Jump to solution

Hello everyone,

I recently installed alfresco using the Loft Lux script here : https://github.com/loftuxab/alfresco-ubuntu-install

There was absolutely no problem during the installation process and the service is running fine.

I now am trying to link it to an Active Directory using the official post on alfresco : https://docs.alfresco.com/3.4/tasks/auth-example-oneldap-ad.html

 

I succeded in connecting to the active directory, as the users are created in the alfresco UI (checking with administrative tools on the admin panel). However, when i try to connect with them, using the password of the AD, i just can't.
I checked many times the creditentials, the parameters for the ldap connection but i don't see what i'm doing wrong.

Here is my config in alfresco-global.properties

### LDAP : Authentication ###
authentication.chain= alfinst:alfrescoNtlm,ldap1:ldap-ad 

ldap.authentication.active=true
ldap.authentication.allowGuestLogin=false
synchronization.syncOnStartup=true
synchronization.autoCreatePeopleOnLogin=true
synchronization.syncWhenMissingPeopleLogIn=true
ldap.authentication.java.naming.security.authentication=simple

ldap.authentication.userNameFormat=
# The URL to connect to the LDAP server 
ldap.authentication.java.naming.provider.url=ldap://myip:389
ldap.synchronization.java.naming.security.principal=administrator
ldap.synchronization.java.naming.security.credentials=mypassword
ldap.synchronization.groupSearchBase=ou=Groupes,ou=comp,dc=compagnie,dc=be

ldap.synchronization.userSearchBase=ou=Users,ou=comp,dc=compagnie,dc=be

Here is what my alfresco.log return as error :

2020-10-27 12:04:29,448 ERROR [org.springframework.extensions.webscripts.AbstractRuntime] [http-nio-8080-exec-48] Exception from executeScript: 09270005 Wrapped Exception (with status template): A valid SecureContext was not provided in the RequestContext
org.springframework.extensions.webscripts.WebScriptException: 09270005 Wrapped Exception (with status template): A valid SecureContext was not provided in the RequestContext
	at org.springframework.extensions.webscripts.AbstractWebScript.createStatusException(AbstractWebScript.java:1138)
	at org.springframework.extensions.webscripts.DeclarativeWebScript.execute(DeclarativeWebScript.java:171)
	at org.alfresco.repo.web.scripts.RepositoryContainer$3.execute(RepositoryContainer.java:519)
	at org.alfresco.repo.transaction.RetryingTransactionHelper.doInTransaction(RetryingTransactionHelper.java:464)
	at org.alfresco.repo.web.scripts.RepositoryContainer.transactionedExecute(RepositoryContainer.java:587)
	at org.alfresco.repo.web.scripts.RepositoryContainer.transactionedExecuteAs(RepositoryContainer.java:656)
	at org.alfresco.repo.web.scripts.RepositoryContainer.executeScriptInternal(RepositoryContainer.java:355)
	at org.alfresco.repo.web.scripts.RepositoryContainer.executeScript(RepositoryContainer.java:308)
	at org.springframework.extensions.webscripts.AbstractRuntime.executeScript(AbstractRuntime.java:399)
	at org.springframework.extensions.webscripts.AbstractRuntime.executeScript(AbstractRuntime.java:210)
	at org.springframework.extensions.webscripts.servlet.WebScriptServlet.service(WebScriptServlet.java:132)
	at javax.servlet.http.HttpServlet.service(HttpServlet.java:729)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:292)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:207)
	at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:240)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:207)
	at org.alfresco.module.aosmodule.service.ContextRootFilter.doFilter(ContextRootFilter.java:93)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:240)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:207)
	at org.alfresco.web.app.servlet.GlobalLocalizationFilter.doFilter(GlobalLocalizationFilter.java:68)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:240)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:207)
	at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:212)
	at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:94)
	at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:492)
	at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:141)
	at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:80)
	at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:88)
	at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:502)
	at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1152)
	at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:684)
	at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1539)
	at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.run(NioEndpoint.java:1495)
	at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
	at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
	at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
	at java.lang.Thread.run(Thread.java:748)
Caused by: net.sf.acegisecurity.AuthenticationCredentialsNotFoundException: A valid SecureContext was not provided in the RequestContext
	at net.sf.acegisecurity.intercept.AbstractSecurityInterceptor.credentialsNotFound(AbstractSecurityInterceptor.java:481)
	at net.sf.acegisecurity.intercept.AbstractSecurityInterceptor.beforeInvocation(AbstractSecurityInterceptor.java:359)
	at net.sf.acegisecurity.intercept.method.aopalliance.MethodSecurityInterceptor.invoke(MethodSecurityInterceptor.java:77)
	at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:172)
	at org.alfresco.repo.security.permissions.impl.ExceptionTranslatorMethodInterceptor.invoke(ExceptionTranslatorMethodInterceptor.java:53)
	at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:172)
	at org.alfresco.repo.audit.AuditMethodInterceptor.invoke(AuditMethodInterceptor.java:166)
	at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:172)
	at org.springframework.transaction.interceptor.TransactionInterceptor$1.proceedWithInvocation(TransactionInterceptor.java:96)
	at org.springframework.transaction.interceptor.TransactionAspectSupport.invokeWithinTransaction(TransactionAspectSupport.java:260)
	at org.springframework.transaction.interceptor.TransactionInterceptor.invoke(TransactionInterceptor.java:94)
	at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:172)
	at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:204)
	at com.sun.proxy.$Proxy109.getUserNamesAreCaseSensitive(Unknown Source)
	at org.alfresco.repo.security.authentication.AuthenticationServiceImpl.getUserNamesAreCaseSensitive(AuthenticationServiceImpl.java:116)
	at org.alfresco.repo.security.authentication.AuthenticationServiceImpl.getProtectedUserKey(AuthenticationServiceImpl.java:216)
	at org.alfresco.repo.security.authentication.AuthenticationServiceImpl.isUserProtected(AuthenticationServiceImpl.java:167)
	at org.alfresco.repo.security.authentication.AuthenticationServiceImpl.authenticate(AuthenticationServiceImpl.java:129)
	at org.alfresco.repo.security.authentication.AbstractChainingAuthenticationService.authenticate(AbstractChainingAuthenticationService.java:202)
	at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
	at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
	at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
	at java.lang.reflect.Method.invoke(Method.java:498)
	at org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:317)
	at org.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint(ReflectiveMethodInvocation.java:183)
	at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:150)
	at net.sf.acegisecurity.intercept.method.aopalliance.MethodSecurityInterceptor.invoke(MethodSecurityInterceptor.java:80)
	at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:172)
	at org.alfresco.repo.security.permissions.impl.ExceptionTranslatorMethodInterceptor.invoke(ExceptionTranslatorMethodInterceptor.java:53)
	at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:172)
	at org.alfresco.repo.audit.AuditMethodInterceptor.invoke(AuditMethodInterceptor.java:166)
	at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:172)
	at org.springframework.transaction.interceptor.TransactionInterceptor$1.proceedWithInvocation(TransactionInterceptor.java:96)
	at org.springframework.transaction.interceptor.TransactionAspectSupport.invokeWithinTransaction(TransactionAspectSupport.java:260)
	at org.springframework.transaction.interceptor.TransactionInterceptor.invoke(TransactionInterceptor.java:94)
	at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:172)
	at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:204)
	at com.sun.proxy.$Proxy75.authenticate(Unknown Source)
	at org.alfresco.repo.web.scripts.bean.AbstractLoginBean.login(AbstractLoginBean.java:86)
	at org.alfresco.repo.web.scripts.bean.LoginPost.executeImpl(LoginPost.java:79)
	at org.springframework.extensions.webscripts.DeclarativeWebScript.executeImpl(DeclarativeWebScript.java:235)

According to the log, it feels like i'm missing a parameter but i d'ont know which ... Is it possible that the AD authoryze the syncronization and not the authenticate ?

 

Thanks you very much for your time and help,
Kind regards

1 Solution

Accepted Solutions
Rituels
Active Member

Re: Error on authentication via LDAP-AD

Jump to solution

I finaly found a way out. I decided to try to install alfresco community 6.2 with docker from official repository. After installing, i copied my settings from alfresco community 5.2 into the new alfresco and it instantly worked.

Seems like it was something going wrong with the 5.2 and authentication.

View solution in original post

6 Replies
kintu_barot
Senior Member

Re: Error on authentication via LDAP-AD

Jump to solution

There is already one thread

https://hub.alfresco.com/t5/alfresco-content-services-forum/alfresco-community-5-2-edition-ldap-ad-c...

Please, take a look a solution you might get the issue.

Regards,
Kintu
Rituels
Active Member

Re: Error on authentication via LDAP-AD

Jump to solution

Dear Kintu,

In advance, thank you for taking time to respond.

I already saw this post and i tried to apply the solution. This is actualy my current config. Unfortunately it doesn't seem to work.

 

Is it posible that my AD would block the authentication ? If so, how can i enable the Authentication ?

 

Do i need to ad my linux VM to the domain controller so my AD recognyze the system ?

 

Thanks you,
Simon

EddieMay
Alfresco Employee

Re: Error on authentication via LDAP-AD

Jump to solution

Hi @Rituels 

Just noted that you're referencing documenation from an older version of Alfresco Enterprise. The Loft Lux script installs Alfresco Community version 6.1, so you should look to use the appropriate version documentation if at all possible.

Cheers,

Digital Community Manager, Alfresco Software.
Problem solved? Click Accept as Solution!
Rituels
Active Member

Re: Error on authentication via LDAP-AD

Jump to solution

Hi @EddieMay 

 

I looked into the alfresco community 6.1 doc, and it seems like the syntax for ldap-ad connection is exactlythe same.

When i look into my log, i get the following message showing my sync is active and working

2020-11-06 15:08:02,996 INFO  [org.alfresco.repo.management.subsystems.ChildApplicationContextFactory] [localhost-startStop-1] Starting 'Synchronization' subsystem, ID: [Synchronization, default]
2020-11-06 15:08:03,111 INFO  [org.alfresco.repo.security.sync.ChainingUserRegistrySynchronizer] [localhost-startStop-1] Synchronizing users and groups with user registry 'ldap1'
2020-11-06 15:08:03,168 INFO  [org.alfresco.repo.security.sync.ChainingUserRegistrySynchronizer] [localhost-startStop-1] Retrieving groups changed since Nov 3, 2020 3:05:58 PM from user registry 'ldap1'
2020-11-06 15:08:03,189 INFO  [org.alfresco.repo.security.sync.ChainingUserRegistrySynchronizer] [localhost-startStop-1] Synchronization,Category=directory,id1=ldap1,id2=1 Group Analysis: Commencing batch of 0 entries
2020-11-06 15:08:03,190 INFO  [org.alfresco.repo.security.sync.ChainingUserRegistrySynchronizer] [localhost-startStop-1] Synchronization,Category=directory,id1=ldap1,id2=1 Group Analysis: Completed batch of 0 entries
2020-11-06 15:08:03,195 INFO  [org.alfresco.repo.security.sync.ChainingUserRegistrySynchronizer] [localhost-startStop-1] Retrieving users changed since Nov 4, 2020 4:53:06 PM from user registry 'ldap1'
2020-11-06 15:08:03,203 INFO  [org.alfresco.repo.security.sync.ChainingUserRegistrySynchronizer] [localhost-startStop-1] Synchronization,Category=directory,id1=ldap1,id2=6 User Creation and Association: Commencing batch of 1 entries
2020-11-06 15:08:03,247 INFO  [org.alfresco.repo.security.sync.ChainingUserRegistrySynchronizer] [localhost-startStop-1] Synchronization,Category=directory,id1=ldap1,id2=6 User Creation and Association: Processed 1 entries out of 1. 100% complete. Rate: 23 per second. 0 failures detected.
2020-11-06 15:08:03,247 INFO  [org.alfresco.repo.security.sync.ChainingUserRegistrySynchronizer] [localhost-startStop-1] Synchronization,Category=directory,id1=ldap1,id2=6 User Creation and Association: Completed batch of 1 entries
2020-11-06 15:08:03,273 INFO  [org.alfresco.repo.security.sync.ChainingUserRegistrySynchronizer] [localhost-startStop-1] Finished synchronizing users and groups with user registry 'ldap1'
2020-11-06 15:08:03,273 INFO  [org.alfresco.repo.security.sync.ChainingUserRegistrySynchronizer] [localhost-startStop-1] 1 user(s) and 0 group(s) processed
2020-11-06 15:08:03,321 INFO  [org.alfresco.repo.management.subsystems.ChildApplicationContextFactory] [localhost-startStop-1] Startup of 'Synchronization' subsystem, ID: [Synchronization, default] complete

And the folowing one shows authentication is getting started properly

2020-11-06 15:07:51,213 INFO  [org.alfresco.repo.management.subsystems.ChildApplicationContextFactory] [localhost-startStop-1] Starting 'Authentication' subsystem, ID: [Authentication, managed, alfinst]
2020-11-06 15:07:51,421 INFO  [org.alfresco.repo.management.subsystems.ChildApplicationContextFactory] [localhost-startStop-1] Startup of 'Authentication' subsystem, ID: [Authentication, managed, alfinst] complete
2020-11-06 15:07:51,421 INFO  [org.alfresco.repo.management.subsystems.ChildApplicationContextFactory] [localhost-startStop-1] Starting 'Authentication' subsystem, ID: [Authentication, managed, ldap1]
2020-11-06 15:07:51,506 WARN  [org.alfresco.repo.security.authentication.ldap.LDAPInitialDirContextFactoryImpl] [localhost-startStop-1] LDAP server supports anonymous bind ldap://my.ip.add:389
2020-11-06 15:07:51,542 INFO  [org.alfresco.repo.management.subsystems.ChildApplicationContextFactory] [localhost-startStop-1] Startup of 'Authentication' subsystem, ID: [Authentication, managed, ldap1] complete

However, while using the same creditential for authenticating test, as for sync, i get the folowing message

DEBUG [org.alfresco.repo.security.authentication.AbstractChainingAuthenticationService] [http-nio-8080-exec-35] authenticate test@ALFRESCO.internal with alfinst failed (try next in chain)
2020-11-06 14:26:32,030 DEBUG [org.alfresco.repo.security.authentication.AuthenticationUtil] [http-nio-8080-exec-35] Removing the current security information.
2020-11-06 14:26:32,030 DEBUG [org.alfresco.repo.security.authentication.AuthenticationUtil] [http-nio-8080-exec-35] Removing the current security information.
2020-11-06 14:26:32,032 ERROR [org.springframework.extensions.webscripts.AbstractRuntime] [http-nio-8080-exec-35] Exception from executeScript: 10060003 Wrapped Exception (with status template): A valid SecureContext was not provided in the RequestContext
org.springframework.extensions.webscripts.WebScriptException: 10060003 Wrapped Exception (with status template): A valid SecureContext was not provided in the RequestContext
	at org.springframework.extensions.webscripts.AbstractWebScript.createStatusException(AbstractWebScript.java:1138)

Even though i know the creditential are good, the authentication system is up and running an my parameters should be ok, it is still not working.

I truly searched everything on the forum and no one seems to have my issue, even though i did a standar installation.

 

Thank you for your time,

Simon.

Rituels
Active Member

Re: Error on authentication via LDAP-AD

Jump to solution

I finaly found a way out. I decided to try to install alfresco community 6.2 with docker from official repository. After installing, i copied my settings from alfresco community 5.2 into the new alfresco and it instantly worked.

Seems like it was something going wrong with the 5.2 and authentication.

EddieMay
Alfresco Employee

Re: Error on authentication via LDAP-AD

Jump to solution

Hi @Rituels 

Great that you found a solution & thanks for updating us.

Keep up the good work!

Digital Community Manager, Alfresco Software.
Problem solved? Click Accept as Solution!