Welcome to Knowage Q&A, where you can ask questions and receive answers from other members of the community.

Categories

Most popular tags

cockpit dataset error chart datasource installer datasets installation widget parameters business-model olap knowage knowage_7_1 integration login knowage_7_1-ce report-designer cross-navigation analyticaldriver

KNOWAGE single-sign-on (SSO) login

0 votes
1 view

Hi,

I am trying to complete KNOWAGE installation and stuck up with LDAP and SSO portion of the modification. 

For LDAP i got the following error .

 I setup SPAGOBI.SECURITY.USER-PROFILE-FACTORY-CLASS.className  to it.eng.spagobi.security.LdapSecurityServiceSupplier. 

I have a question, in the installation manual it mentioned "The LDAP security connectors check the user that is accessing Knowage, but the user must be already defined as a Knowage user. Therefore, the users must coexist in both authentication systems (LDAP and Knowage)". But, what if i want a mechanism where all the Active Directory (AD) users to login into KNOWAGE and none of them defined in KNOWAGE, Is it possible? If so how?

For SSO, i tried to follow CAS documents mentioned in KNOWAGE Manual but i don't see cas.war file in the CAS web site and it will be helpful if someone can provide this file or provide a clear guideline how to create this cas.war file. I also like to mention that i am first time working with sso and please forgive me if i ask very dumb question.

Thanks

Abu

Environment Environment Knowage 7.4, LINUX (Redhat 7.9), Oracle database 2.2
in Single Sign-On by (320 points)

1 Answer

0 votes

Hi muyeen70,

if you want to authenticate users with Microsoft Active Directory I suggest you to use the custom connector (https://knowage-suite.readthedocs.io/en/8.0/installation-guide/azure-signin-integration.html). However, please keep in mind that it is mandatory that users are already defined in Knowage, as it is mentioned in the documentation.

As for the CAS engine, it is deprecated and it will soon be removed from the product: Knowage already comes with an embedded SSO system, so if your goal is to have a Single-Sign On mechanism you don't need CAS and you can leverage on the embedded SSO system.

But if you still want to use CAS, since the Knowage cas.war file is deprecated, please use the official files provided by CAS website.

Thank you,

Bye,
Marco

by (9.3k points)
Show 18 previous comments

Here again, the error log

[http-nio-8080-exec-2] 03 May 2022 09:44:25,586 ERROR it.eng.spagobi.security.FullLdapSecurityServiceSupplier.

checkAuthentication:87 - Authentication failed for user [Abu Muyeen]

java.lang.NullPointerException

at it.eng.spagobi.security.FullLdapSecurityServiceSupplier.bindLdapUserWithCredentials(FullLdapSecurityServiceSupplier.java:143)

at it.eng.spagobi.security.FullLdapSecurityServiceSupplier.checkAuthentication(FullLdapSecurityServiceSupplier.java:78)

at it.eng.spagobi.services.security.service.SecurityServiceSupplierFactory$_SecurityServiceSupplierDecorator.checkAuthentication(SecurityServiceSupplierFactory.java:56)

at it.eng.spagobi.services.security.service.SecurityServiceSupplierFactory$TooMuchFailedLoginAttemtpsDecorator.checkAuthentication(SecurityServiceSupplierFactory.java:101)

at it.eng.spagobi.commons.services.LoginModule.service(LoginModule.java:171)

at it.eng.spago.dispatching.module.DefaultPage.invokeServiceBusiness(DefaultPage.java:352)

at java.security.AccessController.doPrivileged(Native Method)

at sun.reflect.GeneratedMethodAccessor344.invoke(Unknown Source)

at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)

at org.apache.catalina.core.ApplicationFilterChain.access$000(ApplicationFilterChain.java:47)

at org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilterChain.java:149)

at org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilterChain.java:145)

at java.security.AccessController.doPrivileged(Native Method)

at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:144)

at it.eng.spagobi.commons.filters.ProfileFilter.doFilter(ProfileFilter.java:176)

at sun.reflect.GeneratedMethodAccessor344.invoke(Unknown Source)

at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)

at java.lang.reflect.Method.invoke(Method.java:498)

at org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:282)

at org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:279)

at java.security.AccessController.doPrivileged(Native Method)

at javax.security.auth.Subject.doAsPrivileged(Subject.java:549)

at org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:314)

at org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:253)

at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:191)

at org.apache.catalina.core.ApplicationFilterChain.access$000(ApplicationFilterChain.java:47)

at org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilterChain.java:149)

at org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilterChain.java:145)

at java.security.AccessController.doPrivileged(Native Method)

at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:144)

at it.eng.spagobi.commons.filters.SpagoBICoreCheckSessionFilter.doFilter(SpagoBICoreCheckSessionFilter.java:94)

at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)

at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)

at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)

at org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:279)

at java.security.AccessController.doPrivileged(Native Method)

at javax.security.auth.Subject.doAsPrivileged(Subject.java:549)

at org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:314)

at org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:253)

at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:191)

at org.apache.catalina.core.ApplicationFilterChain.access$000(ApplicationFilterChain.java:47)

at org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilterChain.java:149)

at org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilterChain.java:145)

at java.security.AccessController.doPrivileged(Native Method)

at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:144)

at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:199)

at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:96)

at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:493)

at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:137)

at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:81)

at org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:660)

at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:87)

at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:343)

at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:798)

at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:66)

at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:808)

at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1498)

at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49)

at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)

at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)

at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)

at java.lang.Thread.run(Thread.java:748)

[http-nio-8080-exec-2] 03 May 2022 09:44:25,591 ERROR it.eng.spagobi.commons.services.LoginModule.service:173 - userName/pwd uncorrect

LDAP File:

INITIAL_CONTEXT_FACTORY   = com.sun.jndi.ldap.LdapCtxFactory

PROVIDER_URL              = ldap://was-tst-dc-01.test-cbi-epa.gov:389

SECURITY_AUTHENTICATION    = simple

DN_PREFIX                  = CN=

DN_POSTFIX                 = ,OU=ITRMD, OU=OPS, DC=test-cbi-epa, DC=gov

USER_ROLES_ATTRIBUTE_NAME  = isMemberOf

USER_ROLES_ATTRIBUTE_FIELD = cn

SUPERADMIN_ATTRIBUTE       = ADMIN

by (320 points)

Here again, the error log

[http-nio-8080-exec-2] 03 May 2022 09:44:25,586 ERROR it.eng.spagobi.security.FullLdapSecurityServiceSupplier.

checkAuthentication:87 - Authentication failed for user [Abu Muyeen]

java.lang.NullPointerException

at it.eng.spagobi.security.FullLdapSecurityServiceSupplier.bindLdapUserWithCredentials(FullLdapSecurityServiceSupplier.java:143)

at it.eng.spagobi.security.FullLdapSecurityServiceSupplier.checkAuthentication(FullLdapSecurityServiceSupplier.java:78)

at it.eng.spagobi.services.security.service.SecurityServiceSupplierFactory$_SecurityServiceSupplierDecorator.checkAuthentication(SecurityServiceSupplierFactory.java:56)

at it.eng.spagobi.services.security.service.SecurityServiceSupplierFactory$TooMuchFailedLoginAttemtpsDecorator.checkAuthentication(SecurityServiceSupplierFactory.java:101)

at it.eng.spagobi.commons.services.LoginModule.service(LoginModule.java:171)

at it.eng.spago.dispatching.module.DefaultPage.invokeServiceBusiness(DefaultPage.java:352)

at java.security.AccessController.doPrivileged(Native Method)

at sun.reflect.GeneratedMethodAccessor344.invoke(Unknown Source)

at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)

at org.apache.catalina.core.ApplicationFilterChain.access$000(ApplicationFilterChain.java:47)

at org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilterChain.java:149)

at org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilterChain.java:145)

at java.security.AccessController.doPrivileged(Native Method)

a

at sun.reflect.GeneratedMethodAccessor344.invoke(Unknown Source)

at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)

at java.lang.reflect.Method.invoke(Method.java:498)

at org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:282)

at org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:279)

at java.security.AccessController.doPrivileged(Native Method)

at javax.security.auth.Subject.doAsPrivileged(Subject.java:549)

at org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:314)

at org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:253)

at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:191)

at java.security.AccessController.doPrivileged(Native Method)

at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:144)

at it.eng.spagobi.commons.filters.SpagoBICoreCheckSessionFilter.doFilter(SpagoBICoreCheckSessionFilter.java:94)

at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)

at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)

at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)

at java.lang.reflect.Method.invoke(Method.java:498)

at org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:282)

at org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:279)

at java.security.AccessController.doPrivileged(Native Method)

at javax.security.auth.Subject.doAsPrivileged(Subject.java:549)

at org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:314)

at org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:253)

at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:191)

at org.apache.catalina.core.ApplicationFilterChain.access$000(ApplicationFilterChain.java:47)

at org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilterChain.java:149)

at org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilterChain.java:145)

at java.security.AccessController.doPrivileged(Native Method)

at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:144)

at it.eng.spagobi.utilities.filters.EncodingFilter.doFilter(EncodingFilter.java:54)

at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)

at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)

at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)

at java.lang.reflect.Method.invoke(Method.java:498)

at org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:282)

at org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:279)

at java.security.AccessController.doPrivileged(Native Method)

at javax.security.auth.Subject.doAsPrivileged(Subject.java:549)

at org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:314)

at org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:253)

at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:191)

at org.apache.catalina.core.ApplicationFilterChain.access$000(ApplicationFilterChain.java:47)

at org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilterChain.java:149)

at org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilterChain.java:145)

at java.security.AccessController.doPrivileged(Native Method)

at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:144)

at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:199)

at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:96)

at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:493)

at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:137)

at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:81)

at org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:660)

at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:87)

at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:343)

at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:798)

at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:66)

at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:808)

at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1498)

at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49)

at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)

at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)

at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)

at java.lang.Thread.run(Thread.java:748)

[http-nio-8080-exec-2] 03 May 2022 09:44:25,591 ERROR it.eng.spagobi.commons.services.LoginModule.service:173 - userName/pwd uncorrect

LDAP File:

INITIAL_CONTEXT_FACTORY   = com.sun.jndi.ldap.LdapCtxFactory

PROVIDER_URL              = ldap://was-tst-dc-01.test-cbi-epa.gov:389

SECURITY_AUTHENTICATION    = simple

DN_PREFIX                  = CN=

DN_POSTFIX                 = ,OU=ITRMD, OU=OPS, DC=test-cbi-epa, DC=gov

USER_ROLES_ATTRIBUTE_NAME  = isMemberOf

USER_ROLES_ATTRIBUTE_FIELD = cn

SUPERADMIN_ATTRIBUTE       = ADMIN

by (320 points)

Is there  a way or logfile, we can see the profile object built by the FullLdapSecurityServiceSupplier connector or the value which sent to the LDAP for authentication?

by (100 points)
edited by
Thanks for your response.
by (320 points)
edited by

Hi Abu,

I think you need a custom connector for your specific needs.

You can directly contribute to the source code by opening a pull request, or if you want the Knowage Labs to develop your idea you can contact the professional services 

Bye,
Marco

by (9.3k points)
Powered by Question2Answer
...