Menu
▾
▴
[Unity-idm-discuss] Unity 2.7.5 to 2.8.0 update: LDAP authentication not working
|
From: Rolf H. <rol...@un...> - 2019-03-29 07:42:26
|
Dear all,
I am trying to update Unity 2.7.5 to 2.8.0 but I cannot get it working.
Unity is used as attribute source for UNICORE (core server bundle
7.12.0), users should be authenticated via LDAP.
In Unity 2.7.5 I changed the module unicoreWithPAM.module so that it
uses the authenticator ldapPasswordWS:
# Used by UNICORE/X when authenticating its REST clients and by UCC/URC
to provide certificate-less access
unityServer.core.endpoints.unicoreSOAPPass.endpointType=SAMLUnicoreSoapIdP
unityServer.core.endpoints.unicoreSOAPPass.endpointConfigurationFile=${CONF}/modules/unicore/saml-unicoreidp.properties
unityServer.core.endpoints.unicoreSOAPPass.contextPath=/unicore-soapidp
unityServer.core.endpoints.unicoreSOAPPass.endpointRealm=defaultRealm
unityServer.core.endpoints.unicoreSOAPPass.endpointName=UNITY UNICORE
SOAP SAML service for REST queries
unityServer.core.endpoints.unicoreSOAPPass.endpointAuthenticators=ldapPasswordWS
# ldapPasswordWS:
unityServer.core.authenticators.ldapPasswordWS.authenticatorName=ldapPasswordWS
unityServer.core.authenticators.ldapPasswordWS.authenticatorType=ldap
with cxf-httpbasic
unityServer.core.authenticators.ldapPasswordWS.verificatorConfigurationFile=${CONF}/authenticators/ldap.properties
unityServer.core.authenticators.ldapPasswordWS.retrievalConfigurationFile=${CONF}/authenticators/passwordRetrieval-ldap.json
This configuration is working and users can be authenticated via Unity
in the Unicore Rich Client.
I tried to do the same in Unity 2.8.0. Again, I changed the module
unicoreWithPAM.module so that it uses ldapPassword as authenticator:
# Used by UNICORE/X when authenticating its REST clients and by UCC/URC
to provide certificate-less access
unityServer.core.endpoints.unicoreSOAPPass.endpointType=SAMLUnicoreSoapIdP
unityServer.core.endpoints.unicoreSOAPPass.endpointConfigurationFile=${CONF}/modules/unicore/saml-unicoreidp.properties
unityServer.core.endpoints.unicoreSOAPPass.contextPath=/unicore-soapidp
unityServer.core.endpoints.unicoreSOAPPass.endpointRealm=defaultRealm
unityServer.core.endpoints.unicoreSOAPPass.endpointName=UNITY UNICORE
SOAP SAML service for REST queries
unityServer.core.endpoints.unicoreSOAPPass.endpointAuthenticators=ldapPassword
# ldapPassword with new syntax:
unityServer.core.authenticators.ldapPassword.authenticatorName=ldapPassword
unityServer.core.authenticators.ldapPassword.authenticatorType=ldap
unityServer.core.authenticators.ldapPassword.configurationFile=${CONF}/authenticators/ldap.properties
This configuration is not working. If I try to login via Unity in the
Unicore Rich Client I get the errow message “Could not refresh resource
properties of service Grid/Registry:
org.apache.cxf.binding.soap.SoapFault: Invalid user name, credential or
external authentication failed.”
unity-server.log shows the following messages:
2019-03-28T09:39:58,917 [qtp327575653-125] TRACE
unity.server.rest.AuthenticationInterceptor: Processing authenticator
ldapPassword
2019-03-28T09:39:58,917 [qtp327575653-125] TRACE
unity.server.rest.AuthenticationInterceptor: Authenticator ldapPassword
returned notApplicable
2019-03-28T09:39:58,917 [qtp327575653-125] DEBUG
unity.server.rest.AuthenticationInterceptor: Authentication set failed
to authenticate the client using flow ldapPassword, will try another:
pl.edu.icm.unity.engine.api.authn.AuthenticationException:
AuthenticationProcessorImpl.authnFailed
2019-03-28T09:39:58,917 [qtp327575653-125] INFO
unity.server.rest.AuthenticationInterceptor: Authentication failed for
client
2019-03-28T09:39:58,917 [qtp327575653-125] INFO
unity.server.rest.AuthenticationInterceptor: Authentication failed for
client
The configuration of the authenticator ldapPassword should be correct.
If I use it as authenticator for the UserHomeUI endpoint useres can
login via LDAP.
Does anyone see the error?
Best regards
Rolf
|
