Error on authentication via LDAP-AD
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- Alfresco Hub
- :
- ACS - Forum
- :
- Error on authentication via LDAP-AD
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello everyone,
I recently installed alfresco using the Loft Lux script here : https://github.com/loftuxab/alfresco-ubuntu-install
There was absolutely no problem during the installation process and the service is running fine.
I now am trying to link it to an Active Directory using the official post on alfresco : https://docs.alfresco.com/3.4/tasks/auth-example-oneldap-ad.html
I succeded in connecting to the active directory, as the users are created in the alfresco UI (checking with administrative tools on the admin panel). However, when i try to connect with them, using the password of the AD, i just can't.
I checked many times the creditentials, the parameters for the ldap connection but i don't see what i'm doing wrong.
Here is my config in alfresco-global.properties
### LDAP : Authentication ### authentication.chain= alfinst:alfrescoNtlm,ldap1:ldap-ad ldap.authentication.active=true ldap.authentication.allowGuestLogin=false synchronization.syncOnStartup=true synchronization.autoCreatePeopleOnLogin=true synchronization.syncWhenMissingPeopleLogIn=true ldap.authentication.java.naming.security.authentication=simple ldap.authentication.userNameFormat= # The URL to connect to the LDAP server ldap.authentication.java.naming.provider.url=ldap://myip:389 ldap.synchronization.java.naming.security.principal=administrator ldap.synchronization.java.naming.security.credentials=mypassword ldap.synchronization.groupSearchBase=ou=Groupes,ou=comp,dc=compagnie,dc=be ldap.synchronization.userSearchBase=ou=Users,ou=comp,dc=compagnie,dc=be
Here is what my alfresco.log return as error :
2020-10-27 12:04:29,448 ERROR [org.springframework.extensions.webscripts.AbstractRuntime] [http-nio-8080-exec-48] Exception from executeScript: 09270005 Wrapped Exception (with status template): A valid SecureContext was not provided in the RequestContext org.springframework.extensions.webscripts.WebScriptException: 09270005 Wrapped Exception (with status template): A valid SecureContext was not provided in the RequestContext at org.springframework.extensions.webscripts.AbstractWebScript.createStatusException(AbstractWebScript.java:1138) at org.springframework.extensions.webscripts.DeclarativeWebScript.execute(DeclarativeWebScript.java:171) at org.alfresco.repo.web.scripts.RepositoryContainer$3.execute(RepositoryContainer.java:519) at org.alfresco.repo.transaction.RetryingTransactionHelper.doInTransaction(RetryingTransactionHelper.java:464) at org.alfresco.repo.web.scripts.RepositoryContainer.transactionedExecute(RepositoryContainer.java:587) at org.alfresco.repo.web.scripts.RepositoryContainer.transactionedExecuteAs(RepositoryContainer.java:656) at org.alfresco.repo.web.scripts.RepositoryContainer.executeScriptInternal(RepositoryContainer.java:355) at org.alfresco.repo.web.scripts.RepositoryContainer.executeScript(RepositoryContainer.java:308) at org.springframework.extensions.webscripts.AbstractRuntime.executeScript(AbstractRuntime.java:399) at org.springframework.extensions.webscripts.AbstractRuntime.executeScript(AbstractRuntime.java:210) at org.springframework.extensions.webscripts.servlet.WebScriptServlet.service(WebScriptServlet.java:132) at javax.servlet.http.HttpServlet.service(HttpServlet.java:729) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:292) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:207) at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:240) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:207) at org.alfresco.module.aosmodule.service.ContextRootFilter.doFilter(ContextRootFilter.java:93) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:240) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:207) at org.alfresco.web.app.servlet.GlobalLocalizationFilter.doFilter(GlobalLocalizationFilter.java:68) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:240) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:207) at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:212) at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:94) at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:492) at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:141) at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:80) at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:88) at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:502) at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1152) at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:684) at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1539) at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.run(NioEndpoint.java:1495) at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624) at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61) at java.lang.Thread.run(Thread.java:748) Caused by: net.sf.acegisecurity.AuthenticationCredentialsNotFoundException: A valid SecureContext was not provided in the RequestContext at net.sf.acegisecurity.intercept.AbstractSecurityInterceptor.credentialsNotFound(AbstractSecurityInterceptor.java:481) at net.sf.acegisecurity.intercept.AbstractSecurityInterceptor.beforeInvocation(AbstractSecurityInterceptor.java:359) at net.sf.acegisecurity.intercept.method.aopalliance.MethodSecurityInterceptor.invoke(MethodSecurityInterceptor.java:77) at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:172) at org.alfresco.repo.security.permissions.impl.ExceptionTranslatorMethodInterceptor.invoke(ExceptionTranslatorMethodInterceptor.java:53) at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:172) at org.alfresco.repo.audit.AuditMethodInterceptor.invoke(AuditMethodInterceptor.java:166) at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:172) at org.springframework.transaction.interceptor.TransactionInterceptor$1.proceedWithInvocation(TransactionInterceptor.java:96) at org.springframework.transaction.interceptor.TransactionAspectSupport.invokeWithinTransaction(TransactionAspectSupport.java:260) at org.springframework.transaction.interceptor.TransactionInterceptor.invoke(TransactionInterceptor.java:94) at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:172) at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:204) at com.sun.proxy.$Proxy109.getUserNamesAreCaseSensitive(Unknown Source) at org.alfresco.repo.security.authentication.AuthenticationServiceImpl.getUserNamesAreCaseSensitive(AuthenticationServiceImpl.java:116) at org.alfresco.repo.security.authentication.AuthenticationServiceImpl.getProtectedUserKey(AuthenticationServiceImpl.java:216) at org.alfresco.repo.security.authentication.AuthenticationServiceImpl.isUserProtected(AuthenticationServiceImpl.java:167) at org.alfresco.repo.security.authentication.AuthenticationServiceImpl.authenticate(AuthenticationServiceImpl.java:129) at org.alfresco.repo.security.authentication.AbstractChainingAuthenticationService.authenticate(AbstractChainingAuthenticationService.java:202) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.lang.reflect.Method.invoke(Method.java:498) at org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:317) at org.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint(ReflectiveMethodInvocation.java:183) at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:150) at net.sf.acegisecurity.intercept.method.aopalliance.MethodSecurityInterceptor.invoke(MethodSecurityInterceptor.java:80) at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:172) at org.alfresco.repo.security.permissions.impl.ExceptionTranslatorMethodInterceptor.invoke(ExceptionTranslatorMethodInterceptor.java:53) at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:172) at org.alfresco.repo.audit.AuditMethodInterceptor.invoke(AuditMethodInterceptor.java:166) at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:172) at org.springframework.transaction.interceptor.TransactionInterceptor$1.proceedWithInvocation(TransactionInterceptor.java:96) at org.springframework.transaction.interceptor.TransactionAspectSupport.invokeWithinTransaction(TransactionAspectSupport.java:260) at org.springframework.transaction.interceptor.TransactionInterceptor.invoke(TransactionInterceptor.java:94) at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:172) at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:204) at com.sun.proxy.$Proxy75.authenticate(Unknown Source) at org.alfresco.repo.web.scripts.bean.AbstractLoginBean.login(AbstractLoginBean.java:86) at org.alfresco.repo.web.scripts.bean.LoginPost.executeImpl(LoginPost.java:79) at org.springframework.extensions.webscripts.DeclarativeWebScript.executeImpl(DeclarativeWebScript.java:235)
According to the log, it feels like i'm missing a parameter but i d'ont know which ... Is it possible that the AD authoryze the syncronization and not the authenticate ?
Thanks you very much for your time and help,
Kind regards
Solved! Go to Solution.
Labels
1 Solution
Accepted Solutions
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I finaly found a way out. I decided to try to install alfresco community 6.2 with docker from official repository. After installing, i copied my settings from alfresco community 5.2 into the new alfresco and it instantly worked.
Seems like it was something going wrong with the 5.2 and authentication.
6 Replies
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: Error on authentication via LDAP-AD
There is already one thread
Please, take a look a solution you might get the issue.
Regards,
Kintu
Kintu
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: Error on authentication via LDAP-AD
Dear Kintu,
In advance, thank you for taking time to respond.
I already saw this post and i tried to apply the solution. This is actualy my current config. Unfortunately it doesn't seem to work.
Is it posible that my AD would block the authentication ? If so, how can i enable the Authentication ?
Do i need to ad my linux VM to the domain controller so my AD recognyze the system ?
Thanks you,
Simon
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: Error on authentication via LDAP-AD
Hi @Rituels
Just noted that you're referencing documenation from an older version of Alfresco Enterprise. The Loft Lux script installs Alfresco Community version 6.1, so you should look to use the appropriate version documentation if at all possible.
Cheers,
Digital Community Manager, Alfresco Software.
Problem solved? Click Accept as Solution!
Problem solved? Click Accept as Solution!
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: Error on authentication via LDAP-AD
Hi @EddieMay
I looked into the alfresco community 6.1 doc, and it seems like the syntax for ldap-ad connection is exactlythe same.
When i look into my log, i get the following message showing my sync is active and working
2020-11-06 15:08:02,996 INFO [org.alfresco.repo.management.subsystems.ChildApplicationContextFactory] [localhost-startStop-1] Starting 'Synchronization' subsystem, ID: [Synchronization, default] 2020-11-06 15:08:03,111 INFO [org.alfresco.repo.security.sync.ChainingUserRegistrySynchronizer] [localhost-startStop-1] Synchronizing users and groups with user registry 'ldap1' 2020-11-06 15:08:03,168 INFO [org.alfresco.repo.security.sync.ChainingUserRegistrySynchronizer] [localhost-startStop-1] Retrieving groups changed since Nov 3, 2020 3:05:58 PM from user registry 'ldap1' 2020-11-06 15:08:03,189 INFO [org.alfresco.repo.security.sync.ChainingUserRegistrySynchronizer] [localhost-startStop-1] Synchronization,Category=directory,id1=ldap1,id2=1 Group Analysis: Commencing batch of 0 entries 2020-11-06 15:08:03,190 INFO [org.alfresco.repo.security.sync.ChainingUserRegistrySynchronizer] [localhost-startStop-1] Synchronization,Category=directory,id1=ldap1,id2=1 Group Analysis: Completed batch of 0 entries 2020-11-06 15:08:03,195 INFO [org.alfresco.repo.security.sync.ChainingUserRegistrySynchronizer] [localhost-startStop-1] Retrieving users changed since Nov 4, 2020 4:53:06 PM from user registry 'ldap1' 2020-11-06 15:08:03,203 INFO [org.alfresco.repo.security.sync.ChainingUserRegistrySynchronizer] [localhost-startStop-1] Synchronization,Category=directory,id1=ldap1,id2=6 User Creation and Association: Commencing batch of 1 entries 2020-11-06 15:08:03,247 INFO [org.alfresco.repo.security.sync.ChainingUserRegistrySynchronizer] [localhost-startStop-1] Synchronization,Category=directory,id1=ldap1,id2=6 User Creation and Association: Processed 1 entries out of 1. 100% complete. Rate: 23 per second. 0 failures detected. 2020-11-06 15:08:03,247 INFO [org.alfresco.repo.security.sync.ChainingUserRegistrySynchronizer] [localhost-startStop-1] Synchronization,Category=directory,id1=ldap1,id2=6 User Creation and Association: Completed batch of 1 entries 2020-11-06 15:08:03,273 INFO [org.alfresco.repo.security.sync.ChainingUserRegistrySynchronizer] [localhost-startStop-1] Finished synchronizing users and groups with user registry 'ldap1' 2020-11-06 15:08:03,273 INFO [org.alfresco.repo.security.sync.ChainingUserRegistrySynchronizer] [localhost-startStop-1] 1 user(s) and 0 group(s) processed 2020-11-06 15:08:03,321 INFO [org.alfresco.repo.management.subsystems.ChildApplicationContextFactory] [localhost-startStop-1] Startup of 'Synchronization' subsystem, ID: [Synchronization, default] complete
And the folowing one shows authentication is getting started properly
2020-11-06 15:07:51,213 INFO [org.alfresco.repo.management.subsystems.ChildApplicationContextFactory] [localhost-startStop-1] Starting 'Authentication' subsystem, ID: [Authentication, managed, alfinst] 2020-11-06 15:07:51,421 INFO [org.alfresco.repo.management.subsystems.ChildApplicationContextFactory] [localhost-startStop-1] Startup of 'Authentication' subsystem, ID: [Authentication, managed, alfinst] complete 2020-11-06 15:07:51,421 INFO [org.alfresco.repo.management.subsystems.ChildApplicationContextFactory] [localhost-startStop-1] Starting 'Authentication' subsystem, ID: [Authentication, managed, ldap1] 2020-11-06 15:07:51,506 WARN [org.alfresco.repo.security.authentication.ldap.LDAPInitialDirContextFactoryImpl] [localhost-startStop-1] LDAP server supports anonymous bind ldap://my.ip.add:389 2020-11-06 15:07:51,542 INFO [org.alfresco.repo.management.subsystems.ChildApplicationContextFactory] [localhost-startStop-1] Startup of 'Authentication' subsystem, ID: [Authentication, managed, ldap1] complete
However, while using the same creditential for authenticating test, as for sync, i get the folowing message
DEBUG [org.alfresco.repo.security.authentication.AbstractChainingAuthenticationService] [http-nio-8080-exec-35] authenticate test@ALFRESCO.internal with alfinst failed (try next in chain) 2020-11-06 14:26:32,030 DEBUG [org.alfresco.repo.security.authentication.AuthenticationUtil] [http-nio-8080-exec-35] Removing the current security information. 2020-11-06 14:26:32,030 DEBUG [org.alfresco.repo.security.authentication.AuthenticationUtil] [http-nio-8080-exec-35] Removing the current security information. 2020-11-06 14:26:32,032 ERROR [org.springframework.extensions.webscripts.AbstractRuntime] [http-nio-8080-exec-35] Exception from executeScript: 10060003 Wrapped Exception (with status template): A valid SecureContext was not provided in the RequestContext org.springframework.extensions.webscripts.WebScriptException: 10060003 Wrapped Exception (with status template): A valid SecureContext was not provided in the RequestContext at org.springframework.extensions.webscripts.AbstractWebScript.createStatusException(AbstractWebScript.java:1138)
Even though i know the creditential are good, the authentication system is up and running an my parameters should be ok, it is still not working.
I truly searched everything on the forum and no one seems to have my issue, even though i did a standar installation.
Thank you for your time,
Simon.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I finaly found a way out. I decided to try to install alfresco community 6.2 with docker from official repository. After installing, i copied my settings from alfresco community 5.2 into the new alfresco and it instantly worked.
Seems like it was something going wrong with the 5.2 and authentication.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: Error on authentication via LDAP-AD
Hi @Rituels
Great that you found a solution & thanks for updating us.
Keep up the good work!
Digital Community Manager, Alfresco Software.
Problem solved? Click Accept as Solution!
Problem solved? Click Accept as Solution!
Alfresco Content Services Forum
Ask for and offer help to other Alfresco Content Services Users and members of the Alfresco team.
Related links:
Latest Articles
- How to Override a Bean in Solr Search Subsystem?
- How to add version comment when using "Edit in MS ...
- Use Microsoft Office community edition
- customize inbound smtp to not split up mails but s...
- Import pages Wiki MediaWiki
- Problems with uploading big files in Alfresco
- AFTS query doesn't work with text
- Getting Internal Server Error(HTTP Status 500) whi...
- Direct Access URL is not working / cannot be enabl...
- Why is there no document scanning and capture?
- Direct Access URL with multiple buckets
- Update log setting for package via curl/postmen
- Adjusting the Search Filter Limit (facet.limit)
- Cannot find Alfresco Repository on this server
- Alfresco Transform Services and Core AIO Integrati...
We use cookies on this site to enhance your user experience
By using this site, you are agreeing to allow us to collect and use cookies as outlined in Alfresco’s Cookie Statement and Terms of Use (and you have a legitimate interest in Alfresco and our products, authorizing us to contact you in such methods). If you are not ok with these terms, please do not use this website.