Win a copy of Succeeding with AI this week in the Artificial Intelligence and Machine Learning forum!
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Paul Clapham
  • Ron McLeod
  • Liutauras Vilda
  • Junilu Lacar
Sheriffs:
  • Tim Cooke
  • Jeanne Boyarsky
  • Knute Snortum
Saloon Keepers:
  • Stephan van Hulst
  • Tim Moores
  • Tim Holloway
  • Carey Brown
  • Piet Souris
Bartenders:
  • salvin francis
  • fred rosenberger
  • Frits Walraven

Spring Active Directory Authentication

 
Ranch Hand
Posts: 80
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I have been trying (and trying) to get a Spring application to authenticate against an AD LDAP server. I keep getting "Bad credentials" exception. When I use the same username/password in a LDAP tool, it works without issue. I am using Spring Security 3.1.2 and there isn't much to configuration. Does anyone have any ideas? I just want to see it authenticate and work from there. I can't even get that to happen. Help..


<authentication-manager>
<authentication-provider ref="activeDirectoryAuthenticationProvider"/>
</authentication-manager>

<beans:bean id="activeDirectoryAuthenticationProvider" class="org.springframework.security.ldap.authentication.ad.ActiveDirectoryLdapAuthenticationProvider">
<beans:constructor-arg value="my.domain.com" />
<beans:constructor-arg value="ldap://my.domain:389"; />
<beans:property name="convertSubErrorCodesToExceptions" value="true"/>
</beans:bean>
 
Bartender
Posts: 1682
7
Android Mac OS X IntelliJ IDE Spring Linux
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Please UseCodeTags.

You are probably going to need a little more information to figure out what is happening. I would set your logger levels for org.springframework.security to DEBUG and you should get a better picture of what exactly you are missing.
 
Greenhorn
Posts: 3
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi James,

Did you ever discover what your issue was? I'm having the exact same problem with pretty much the same setup.

I know it's hitting AD because if I use a non-existent username, I get:

DEBUG org.springframework.security.ldap.authentication.ad.ActiveDirectoryLdapAuthenticationProvider - Processing authentication request for user: batman
DEBUG org.springframework.security.ldap.authentication.ad.ActiveDirectoryLdapAuthenticationProvider - Authentication for batman@domain.net failed:javax.naming.AuthenticationException: [LDAP: error code 49 - 80090308: LdapErr: DSID-0C0903AA, comment: AcceptSecurityContext error, data 525, v1772
INFO org.springframework.security.ldap.authentication.ad.ActiveDirectoryLdapAuthenticationProvider - Active Directory authentication failed: User was not found in directory
DEBUG org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter - Authentication request failed: org.springframework.security.authentication.BadCredentialsException: Bad credentials

If I use an incorrect password, I get:

DEBUG org.springframework.security.ldap.authentication.ad.ActiveDirectoryLdapAuthenticationProvider - Processing authentication request for user: msolano
DEBUG org.springframework.security.ldap.authentication.ad.ActiveDirectoryLdapAuthenticationProvider - Authentication for msolano@domain.net failed:javax.naming.AuthenticationException: [LDAP: error code 49 - 80090308: LdapErr: DSID-0C0903AA, comment: AcceptSecurityContext error, data 52e, v1772
INFO org.springframework.security.ldap.authentication.ad.ActiveDirectoryLdapAuthenticationProvider - Active Directory authentication failed: Supplied password was invalid
DEBUG org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter - Authentication request failed: org.springframework.security.authentication.BadCredentialsException: Bad credentials


However, with the correct username and password, I only get a message saying Ignoring PartialResultException (which I think is ok) and the BadCredentialsException.

DEBUG org.springframework.security.ldap.authentication.ad.ActiveDirectoryLdapAuthenticationProvider - Processing authentication request for user: msolano
DEBUG org.springframework.security.ldap.SpringSecurityLdapTemplate - Searching for entry under DN ', base = dc=domain,dc=net, filter = (&(objectClass=user)(userPrincipalName={0}))
INFO org.springframework.security.ldap.SpringSecurityLdapTemplate - Ignoring PartialResultException
DEBUG org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter - Authentication request failed: org.springframework.security.authentication.BadCredentialsException: Bad credentials

I appreciate any feedback you or anyone else may have. Thank you!

-Mike
 
Mike Solano
Greenhorn
Posts: 3
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I believe the problem I'm seeing may be a bug in ActiveDirectoryLdapAuthenticationProvider. I found the following forum post on the spring forums:

http://forum.springsource.org/showthread.php?134991-Active-Directory-authentication-in-Spring-3-1

And I created a JIRA issue for it here since one didn't seem to exist:

https://jira.springsource.org/browse/SEC-2224
 
Bill Gorder
Bartender
Posts: 1682
7
Android Mac OS X IntelliJ IDE Spring Linux
  • Likes 1
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Welcome to the Ranch Mike and thanks for posting back with what you have found!
 
Mike Solano
Greenhorn
Posts: 3
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Thanks Bill! Long time lurker, first time caller

I'll update again when/if I see any traction on the JIRA issue.
 
Don't sweat petty things, or pet sweaty things. But cuddle this tiny ad:
Two software engineers solve most of the world's problems in one K&R sized book
https://coderanch.com/wiki/718759/books/Building-World-Backyard-Paul-Wheaton
    Bookmark Topic Watch Topic
  • New Topic