Menu
▾
▴
Re: [Unity-idm-discuss] Unity - LDAP Integration
|
From: Krzysztof B. <go...@ic...> - 2014-08-21 15:52:17
|
Hi,
W dniu 21.08.2014 12:08, mahind pisze:
> Hello,
>
> I am using Unity version 1.3.1.
>
> The test user is registered in OpenLDAP.
>
> I am trying to get authentication from UNICORE commandline client (ucc)
> via Unity.
>
> From ucc I am able to get authentication for users registered in Unity.
>
> With the help of documentation, I configured unityServer.log for
> authenticator and endpoint settings.
>
> unityServer.core.authenticators.4.authenticatorName=ldapWeb
> unityServer.core.authenticators.4.authenticatorType=ldap with
> web-password
> unityServer.core.authenticators.4.verificatorConfigurationFile=conf/authenticators/ldap.properties
> unityServer.core.authenticators.4.retrievalConfigurationFile=conf/authenticators/passwordRetrieval.json
>
> unityServer.core.endpoints.4.endpointType=SAMLUnicoreSoapIdP
> unityServer.core.endpoints.4.endpointConfigurationFile=conf/endpoints/saml-webidp.properties
> unityServer.core.endpoints.4.contextPath=/unicore-soapidp
> unityServer.core.endpoints.4.endpointRealm=defaultRealm
> unityServer.core.endpoints.4.endpointName=UNITY UNICORE SOAP SAML
> service
> unityServer.core.endpoints.4.endpointAuthenticators=pwdWS;ldapWeb
>
>
> Also updated conf/authenticators/ldap.properties
>
> ldap.servers.1=xxx
> ldap.ports.1=xxx
>
> ldap.userDNTemplate=uid={USERNAME},ou=users,dc=tu-dresden,dc=de
> ldap.attributes.1=uid
> ldap.groupsBaseName=dc=tu-dresden,dc=de
> ldap.groups.1.objectClass=groups
> ldap.groups.1.memberAttribute=memberUid
> ldap.groups.1.matchByMemberAttribute=cn
> ldap.groups.1.nameAttribute=cn
>
> ldap.translationProfile=ldapProfile
>
>
> When I try to connect, I get -
>
> **************************
> Starting UNITY Web Server
> **************************
> 2014-08-21 09:29:30,340 [main] INFO unity.server.config.JettyServerBase
> - Creating Jetty HTTP server, will listen on: https://xxx
> 2014-08-21 09:29:34,058 [main] INFO unity.server.db.InitDB - Database
> initialized, skipping creation
> 2014-08-21 09:29:39,679 [main] INFO unity.server.EngineInitialization -
> Checking if all identity types are defined
> 2014-08-21 09:29:39,783 [main] INFO unity.server.EngineInitialization -
> Checking if all system attribute types are defined
> 2014-08-21 09:29:40,268 [main] INFO unity.server.EngineInitialization -
> Loading all configured credentials
> 2014-08-21 09:29:40,297 [main] INFO unity.server.EngineInitialization -
> Loading all configured credential requirements
> 2014-08-21 09:29:40,388 [main] INFO unity.server.EngineInitialization -
> Loading configured translation profiles
> 2014-08-21 09:29:40,389 [main] INFO unity.server.EngineInitialization -
> Loading all configured authenticators
> 2014-08-21 09:29:40,418 [main] INFO unity.server.EngineInitialization -
> Removing all persisted endpoints
> 2014-08-21 09:29:40,431 [main] INFO unity.server.EngineInitialization -
> Removing all persisted realms
> 2014-08-21 09:29:40,464 [main] INFO unity.server.EngineInitialization -
> Loading configured realms
> 2014-08-21 09:29:40,487 [main] INFO unity.server.EngineInitialization
> - - defaultRealm: [blockAfter 4, blockFor 30, rememberMe -1,
> maxInactive 3600
> 2014-08-21 09:29:40,500 [main] INFO unity.server.EngineInitialization
> - - adminRealm: [blockAfter 4, blockFor 30, rememberMe -1, maxInactive
> 1800
> 2014-08-21 09:29:40,500 [main] INFO unity.server.EngineInitialization -
> Loading all configured endpoints
> 2014-08-21 09:29:40,729 [main] INFO unity.server.EngineInitialization
> - - UNITY administration interface: WebAdminUI
> 2014-08-21 09:29:41,776 [main] INFO unity.server.EngineInitialization
> - - UNITY SAML web authentication: SAMLWebIdP
> 2014-08-21 09:29:41,844 [main] INFO unity.server.EngineInitialization
> - - UNITY UNICORE web authentication: SAMLUnicoreWebIdP
> 2014-08-21 09:29:41,891 [main] FATAL unity.server.EngineInitialization
> - Can't load endpoints which are configured
> pl.edu.icm.unity.exceptions.EngineException: Unable to deploy an
> endpoint: The authenticator of type web-vaadin7 is not supported by the
> binding. Supported are: [webservice-cxf2]
> at
> pl.edu.icm.unity.engine.EndpointManagementImpl.deployInt(EndpointManagementImpl.java:132)
> at
> pl.edu.icm.unity.engine.EndpointManagementImpl.deploy(EndpointManagementImpl.java:101)
> at
> pl.edu.icm.unity.engine.internal.EngineInitialization.loadEndpointsFromConfiguration(EngineInitialization.java:631)
> at
> pl.edu.icm.unity.engine.internal.EngineInitialization.initializeEndpoints(EngineInitialization.java:579)
> at
> pl.edu.icm.unity.engine.internal.EngineInitialization.initializeDatabaseContents(EngineInitialization.java:282)
> at
> pl.edu.icm.unity.engine.internal.EngineInitialization.start(EngineInitialization.java:181)
> at
> org.springframework.context.support.DefaultLifecycleProcessor.doStart(DefaultLifecycleProcessor.java:173)
> at
> org.springframework.context.support.DefaultLifecycleProcessor.access$200(DefaultLifecycleProcessor.java:51)
> at
> org.springframework.context.support.DefaultLifecycleProcessor$LifecycleGroup.start(DefaultLifecycleProcessor.java:346)
> at
> org.springframework.context.support.DefaultLifecycleProcessor.startBeans(DefaultLifecycleProcessor.java:149)
> at
> org.springframework.context.support.DefaultLifecycleProcessor.onRefresh(DefaultLifecycleProcessor.java:112)
> at
> org.springframework.context.support.AbstractApplicationContext.finishRefresh(AbstractApplicationContext.java:773)
> at
> org.springframework.context.support.AbstractApplicationContext.refresh(AbstractApplicationContext.java:485)
> at
> pl.edu.icm.unity.server.UnityApplication.run(UnityApplication.java:50)
> at
> pl.edu.icm.unity.server.UnityApplication.main(UnityApplication.java:58)
> Caused by: pl.edu.icm.unity.exceptions.WrongArgumentException: The
> authenticator of type web-vaadin7 is not supported by the binding.
> Supported are: [webservice-cxf2]
> at
> pl.edu.icm.unity.engine.EndpointManagementImpl.verifyAuthenticators(EndpointManagementImpl.java:147)
> at
> pl.edu.icm.unity.engine.EndpointManagementImpl.deployInt(EndpointManagementImpl.java:120)
> ... 14 more
>
> Is there any mistake in configuration?
Yes, there is. As the error message says the authenticator is
incompatible with the endpoint. The authenticator 'ldapWeb' can be used
only for web endpoints as it is configured to retrieve user's password
using the web form (see documentation of authenticators):
unityServer.core.authenticators.4.authenticatorType=ldap with web-password
It is not possible to use it with SOAP endpoint, used by UCC or URC. SO
you need to define another authenticator (LDAP specific part can reuse
the same configuration file), but the new authenticator must be of type:
ldap with cxf-httpbasic
This authenticator will work with the SOAP endpoint.
Best,
Krzysztof
|
