Welcome to Knowage Q&A, where you can ask questions and receive answers from other members of the community.

Categories

Most popular tags

cockpit dataset error chart datasource installer datasets installation widget parameters business-model olap knowage knowage_7_1 integration login knowage_7_1-ce report-designer cross-navigation analyticaldriver

KNOWAGE single-sign-on (SSO) login

0 votes
1 view

Hi,

I am trying to complete KNOWAGE installation and stuck up with LDAP and SSO portion of the modification. 

For LDAP i got the following error .

 I setup SPAGOBI.SECURITY.USER-PROFILE-FACTORY-CLASS.className  to it.eng.spagobi.security.LdapSecurityServiceSupplier. 

I have a question, in the installation manual it mentioned "The LDAP security connectors check the user that is accessing Knowage, but the user must be already defined as a Knowage user. Therefore, the users must coexist in both authentication systems (LDAP and Knowage)". But, what if i want a mechanism where all the Active Directory (AD) users to login into KNOWAGE and none of them defined in KNOWAGE, Is it possible? If so how?

For SSO, i tried to follow CAS documents mentioned in KNOWAGE Manual but i don't see cas.war file in the CAS web site and it will be helpful if someone can provide this file or provide a clear guideline how to create this cas.war file. I also like to mention that i am first time working with sso and please forgive me if i ask very dumb question.

Thanks

Abu

Environment Environment Knowage 7.4, LINUX (Redhat 7.9), Oracle database 2.2
in Single Sign-On by (320 points)

1 Answer

0 votes

Hi muyeen70,

if you want to authenticate users with Microsoft Active Directory I suggest you to use the custom connector (https://knowage-suite.readthedocs.io/en/8.0/installation-guide/azure-signin-integration.html). However, please keep in mind that it is mandatory that users are already defined in Knowage, as it is mentioned in the documentation.

As for the CAS engine, it is deprecated and it will soon be removed from the product: Knowage already comes with an embedded SSO system, so if your goal is to have a Single-Sign On mechanism you don't need CAS and you can leverage on the embedded SSO system.

But if you still want to use CAS, since the Knowage cas.war file is deprecated, please use the official files provided by CAS website.

Thank you,

Bye,
Marco

by (9.3k points)

Thanks Marco for your response.

Here is the Properties defined :

************************************************************************************

INITIAL_CONTEXT_FACTORY    = com.sun.jndi.ldap.LdapCtxFactory
PROVIDER_URL               = ldaps://was-XX-XXX-XXX.gov:389
SECURITY_AUTHENTICATION    = simple
DN_PREFIX                  = CN=
DN_POSTFIX                 = ,ou=IT staff,o="Example, Inc",c=US
AUTHENTICATION_FILTER      = (&(enabled=true)(!(deprecated=true)))
USER_ROLES_ATTRIBUTE_NAME  = isMemberOf
USER_ROLES_ATTRIBUTE_FIELD = cn
SUPERADMIN_ATTRIBUTE       = ADMIN

*************************************************************************************

But, when I setup value SPAGOBI.SECURITY.USER-PROFILE-FACTORY-CLASS.className  it.eng.spagobi.security.FullLdapSecurityServiceSupplier 

Then got the error message - " An Error has occurred. Retry later. If the Problem persists, contact the system administrator" . Please let me know if there any mistake in the property file above.

As you mentioned, every user needs to define into KNOWAGE though they will be authenticated through LDAP means that USAER1 has to create in KNOWAGE first then LDAP will authenticate it? I am a bit confused, it will be helpful if there is an explanation with example.

I am going to create another ticket for SSO, because everything on one ticket will be confusing.

Thanks

Abu

by (320 points)
edited by

Hi,

can you please attach the log files of the error? It is the knowage.log file under {TOMCAT_HOME}/logs folder.

Thanks,
Marco

by (9.3k points)

Here is KNOWAGE.log, also i would like to include cataline.out but it is too big. Don't have option to attach file. I used option LDAP security connector Authentication + authorization because it does not need users to be present in Knowage metadata (but only on LDAP system). Also a question, is it mandatory to include USER_ROLES_ATTRIBUTE_NAME and USER_ROLES_ATTRIBUTE_FIELD? 

KNOWAGE.log

***********************

[localhost-startStop-4] 21 Apr 2022 10:31:04,448 ERROR it.eng.spagobi.commons.initializers.caching.CachingInitializer.init:59 - Cannot initialize cache

it.eng.spagobi.utilities.exceptions.SpagoBIRuntimeException: An error occurred while creating connection

at it.eng.spagobi.tools.dataset.common.dataproxy.JDBCDataProxy.load(JDBCDataProxy.java:103)

at it.eng.spagobi.tools.dataset.bo.ConfigurableDataSet.loadData(ConfigurableDataSet.java:149)

at it.eng.spagobi.tools.datasource.bo.DataSource.executeStatement(DataSource.java:573)

at it.eng.spagobi.tools.datasource.bo.DataSource.executeStatement(DataSource.java:552)

at it.eng.spagobi.tools.datasource.bo.DataSource.executeStatement(DataSource.java:541)

at it.eng.spagobi.tools.dataset.persist.PersistedTableManager.dropTablesWithPrefix(PersistedTableManager.java:1116)

at it.eng.spagobi.commons.initializers.caching.CachingInitializer.init(CachingInitializer.java:56)

at it.eng.spago.init.InitializerManager.init(InitializerManager.java:79)

at it.eng.spago.configuration.ConfigServlet.init(ConfigServlet.java:115)

at sun.reflect.GeneratedMethodAccessor59.invoke(Unknown Source)

at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)

at java.lang.reflect.Method.invoke(Method.java:498)

at org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:282)

at org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:279)

at java.security.AccessController.doPrivileged(Native Method)

at javax.security.auth.Subject.doAsPrivileged(Subject.java:549)

at org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:314)

at org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:170)

at org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:123)

at org.apache.catalina.core.StandardWrapper.initServlet(StandardWrapper.java:1120)

at org.apache.catalina.core.StandardWrapper.loadServlet(StandardWrapper.java:1079)

at org.apache.catalina.core.StandardWrapper.load(StandardWrapper.java:973)

at org.apache.catalina.core.StandardContext.loadOnStartup(StandardContext.java:4885)

at org.apache.catalina.core.StandardContext.startInternal(StandardContext.java:5199)

at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:150)

at org.apache.catalina.core.ContainerBase.addChildInternal(ContainerBase.java:743)

at org.apache.catalina.core.ContainerBase.access$000(ContainerBase.java:129)

at org.apache.catalina.core.ContainerBase$PrivilegedAddChild.run(ContainerBase.java:150)

at org.apache.catalina.core.ContainerBase$PrivilegedAddChild.run(ContainerBase.java:140)

at java.security.AccessController.doPrivileged(Native Method)

at org.apache.catalina.core.ContainerBase.addChild(ContainerBase.java:717)

at org.apache.catalina.core.StandardHost.addChild(StandardHost.java:714)

at org.apache.catalina.startup.HostConfig.deployDirectory(HostConfig.java:1125)

at org.apache.catalina.startup.HostConfig$DeployDirectory.run(HostConfig.java:1859)

at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511)

at java.util.concurrent.FutureTask.run(FutureTask.java:266)

at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)

at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)

at java.lang.Thread.run(Thread.java:748)

Caused by: it.eng.spagobi.utilities.engines.SpagoBIEngineRuntimeException: Cannot get connection to datasource

at it.eng.spagobi.tools.datasource.bo.DataSource.getConnectionByUserProfile(DataSource.java:203)

at it.eng.spagobi.tools.datasource.bo.DataSource.getConnection(DataSource.java:190)

at it.eng.spagobi.tools.dataset.common.dataproxy.JDBCDataProxy.load(JDBCDataProxy.java:101)

... 38 more

Caused by: javax.naming.NameNotFoundException: Name [ds_cache] is not bound in this Context. Unable to find [ds_cache].

at org.apache.naming.NamingContext.lookup(NamingContext.java:816)

at org.apache.naming.NamingContext.lookup(NamingContext.java:159)

at org.apache.naming.NamingContext.lookup(NamingContext.java:827)

at org.apache.naming.NamingContext.lookup(NamingContext.java:159)

at org.apache.naming.NamingContext.lookup(NamingContext.java:827)

at org.apache.naming.NamingContext.lookup(NamingContext.java:159)

at org.apache.naming.NamingContext.lookup(NamingContext.java:827)

at org.apache.naming.NamingContext.lookup(NamingContext.java:173)

at org.apache.naming.SelectorContext.lookup(SelectorContext.java:163)

at javax.naming.InitialContext.lookup(InitialContext.java:417)

at it.eng.spagobi.tools.datasource.bo.DataSource.getJndiConnection(DataSource.java:219)

at it.eng.spagobi.tools.datasource.bo.DataSource.getConnectionByUserProfile(DataSource.java:198)

... 40 more

by (320 points)
Hi,

the error that I see is not related to LDAP.
It is related to missing cache configuration inside context.xml file (see https://knowage-suite.readthedocs.io/en/8.0/installation-guide/manual-installation.html?highlight=context.xml#datasource-link-within-the-applications)

Please add this configuration and then try again.

Let me know if this works,

Bye,
Marco
by (9.3k points)

Here is the new Error i got after fixing data source issue. It's a LDAP authentication issue that i could not resolve and need help. I am useing connector = fullLdapsecuritysurvicesupplier.

Property file

Here is actual AD information for a user. 

Lastly, as you mentioned earlier "Knowage already comes with an embedded SSO system, so if your goal is to have a Single-Sign On mechanism you don't need CAS and you can leverage on the embedded SSO system." - where can i get information about KNOWAGE embedded SSO? I searched knowage manual but it only mentioned about CAS. Is it possible to send a link about how to setup KNOWAGE embedded SSO?

Thanks

Abu

by (320 points)
edited by
Hello Abu,
can you please attach the entire stack trace of the error?
Thank you very much,

Bye,
Marco
by (9.3k points)
Here it is most of it.

[http-nio-8080-exec-4] 25 Apr 2022 14:03:31,287 ERROR it.eng.spagobi.security.FullLdapSecurityServiceSupplier.

checkAuthentication:84 - LDAP authentication failed for user [amuyeen]. Trying to authenticate user in metadata

database

it.eng.spagobi.security.exceptions.LDAPAuthenticationFailed: Authentication NOT successfull for user [amuyeen]

       at it.eng.spagobi.security.FullLdapSecurityServiceSupplier.bindLdapUserWithCredentials

(FullLdapSecurityServiceSupplier.java:145)

       at it.eng.spagobi.security.FullLdapSecurityServiceSupplier.checkAuthentication

(FullLdapSecurityServiceSupplier.java:78)

       at it.eng.spagobi.services.security.service.SecurityServiceSupplierFactory$_SecurityServiceSupplierDecorator.

checkAuthentication(SecurityServiceSupplierFactory.java:56)

       at it.eng.spagobi.services.security.service.SecurityServiceSupplierFactory$TooMuchFailedLoginAttemtps

Decorator.checkAuthentication(SecurityServiceSupplierFactory.java:101)

       at it.eng.spagobi.commons.services.LoginModule.service(LoginModule.java:171)

       at it.eng.spago.dispatching.module.DefaultPage.invokeServiceBusiness(DefaultPage.java:352)

       at it.eng.spago.dispatching.module.DefaultPage.nextStep(DefaultPage.java:302)

       at it.eng.spago.dispatching.module.DefaultPage.service(DefaultPage.java:202)

       at it.eng.spago.dispatching.module.ModuleCoordinator.service(ModuleCoordinator.java:102)

       at it.eng.spago.dispatching.httpchannel.AdapterHTTP.service(AdapterHTTP.java:413)

       at javax.servlet.http.HttpServlet.service(HttpServlet.java:741)

       at org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:282)

       at org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:279)

       at java.security.AccessController.doPrivileged(Native Method)

       at org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:282)

       at org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:279)

       at java.security.AccessController.doPrivileged(Native Method)

       at javax.security.auth.Subject.doAsPrivileged(Subject.java:549)

       at org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:314)

       at org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:253)

       at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:191)

       at org.apache.catalina.core.ApplicationFilterChain.access$000(ApplicationFilterChain.java:47)

       at org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilterChain.java:149)

       at org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilterChain.java:145)

       at java.security.AccessController.doPrivileged(Native Method)

       at it.eng.spagobi.utilities.filters.AntiInjectionFilter.doFilter(AntiInjectionFilter.java:45)

       at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:144)

       at it.eng.spagobi.commons.filters.ProfileFilter.doFilter(ProfileFilter.java:176)

       at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)

       at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)

       at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)

       at java.lang.reflect.Method.invoke(Method.java:498)

       (SpagoBICoreCheckSessionFilter.java:94)

       at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)

       at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)

       at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)

       at java.lang.reflect.Method.invoke(Method.java:498)

       at org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:282)

       at org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:279)

       at java.security.AccessController.doPrivileged(Native Method)

       at javax.security.auth.Subject.doAsPrivileged(Subject.java:549)

       at org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:314)

       at org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:253)

       at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:191)

       at org.apache.catalina.core.ApplicationFilterChain.access$000(ApplicationFilterChain.java:47)

       at org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilterChain.java:149)

       at org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilterChain.java:145)

       at java.security.AccessController.doPrivileged(Native Method)

       at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:144)

       at it.eng.spagobi.utilities.filters.EncodingFilter.doFilter(EncodingFilter.java:54)

       at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)

       at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)

       at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)

       at java.lang.reflect.Method.invoke(Method.java:498)

       at org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:282)

       at org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:279)

       at java.security.AccessController.doPrivileged(Native Method)

       at javax.security.auth.Subject.doAsPrivileged(Subject.java:549)

       at org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:314)

       at org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:253)

       at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:191)

       at org.apache.catalina.core.ApplicationFilterChain.access$000(ApplicationFilterChain.java:47)

       at java.lang.Thread.run(Thread.java:748)

Caused by: javax.naming.AuthenticationNotSupportedException: false

       at com.sun.jndi.ldap.sasl.LdapSasl.saslBind(LdapSasl.java:119)

       at com.sun.jndi.ldap.LdapClient.authenticate(LdapClient.java:236)

       at com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2895)

       at com.sun.jndi.ldap.LdapCtx.<init>(LdapCtx.java:348)

       at com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxFromUrl(LdapCtxFactory.java:225)

       at com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(LdapCtxFactory.java:189)

       at com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(LdapCtxFactory.java:243)

       at com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(LdapCtxFactory.java:154)

       at com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(LdapCtxFactory.java:84)

       at javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:694)

       at javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:313)

       at javax.naming.InitialContext.init(InitialContext.java:244)

       at javax.naming.InitialContext.<init>(InitialContext.java:216)

       at javax.naming.directory.InitialDirContext.<init>(InitialDirContext.java:101)

       at it.eng.spagobi.security.FullLdapSecurityServiceSupplier.bindLdapUserWithCredentials(FullLdapSecurityServiceSupplier.java:130)

       ... 128 more

[http-nio-8080-exec-4] 25 Apr 2022 14:03:31,296 ERROR it.eng.spagobi.security.InternalSecurityServiceSupplierImpl.checkAuthentication:99 - UserName not found into database

[http-nio-8080-exec-4] 25 Apr 2022 14:03:31,315 ERROR it.eng.spagobi.commons.services.LoginModule.service:173 - userName/pwd uncorrect
by (320 points)
edited by

Hi,
it looks like in the ldap.properties file there is a wrong configuration:
SECURITY_AUTHENTICATION = false

It must be changed to:
SECURITY_AUTHENTICATION = simple

After changing the file please restart tomcat and try again.

Bye;
Marco

by (9.3k points)
I modified property file according to your advise and go the following error (It's too big, so i am adding in two separate replies:

[http-nio-8080-exec-4] 26 Apr 2022 11:44:01,681 ERROR it.eng.spagobi.security.FullLdapSecurityServiceSupplier.checkAuthentication:84 - LDAP authentication failed for user [amuyeen]. Trying to authenticate user in metadata database

it.eng.spagobi.security.exceptions.LDAPAuthenticationFailed: Authentication NOT successfull for user [amuyeen]

at it.eng.spagobi.security.FullLdapSecurityServiceSupplier.bindLdapUserWithCredentials(FullLdapSecurityServiceSupplier.java:145)

at it.eng.spagobi.security.FullLdapSecurityServiceSupplier.checkAuthentication(FullLdapSecurityServiceSupplier.java:78)

at it.eng.spagobi.services.security.service.SecurityServiceSupplierFactory$_SecurityServiceSupplierDecorator.checkAuthentication(SecurityServiceSupplierFactory.java:56)

at it.eng.spagobi.services.security.service.SecurityServiceSupplierFactory$TooMuchFailedLoginAttemtpsDecorator.checkAuthentication(SecurityServiceSupplierFactory.java:101)

at it.eng.spagobi.commons.services.LoginModule.service(LoginModule.java:171)

at it.eng.spago.dispatching.module.DefaultPage.invokeServiceBusiness(DefaultPage.java:352)

at it.eng.spago.dispatching.module.DefaultPage.nextStep(DefaultPage.java:302)

at it.eng.spago.dispatching.module.DefaultPage.service(DefaultPage.java:202)

at it.eng.spago.dispatching.module.ModuleCoordinator.service(ModuleCoordinator.java:102)

at it.eng.spago.dispatching.httpchannel.AdapterHTTP.service(AdapterHTTP.java:413)

at javax.servlet.http.HttpServlet.service(HttpServlet.java:741)

at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)

at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)

at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)

at java.lang.reflect.Method.invoke(Method.java:498)

at org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:282)

at org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:279)

at java.security.AccessController.doPrivileged(Native Method)

at javax.security.auth.Subject.doAsPrivileged(Subject.java:549)

at org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:314)

at org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:170)

at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:225)

at org.apache.catalina.core.ApplicationFilterChain.access$000(ApplicationFilterChain.java:47)

at org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilterChain.java:149)

at org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilterChain.java:145)

at java.security.AccessController.doPrivileged(Native Method)

at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:144)

at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)

at sun.reflect.GeneratedMethodAccessor347.invoke(Unknown Source)

at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)

at java.lang.reflect.Method.invoke(Method.java:498)

at org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:282)

at org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:279)

at java.security.AccessController.doPrivileged(Native Method)

at javax.security.auth.Subject.doAsPrivileged(Subject.java:549)

at org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:314)

at org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:253)

at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:191)

at org.apache.catalina.core.ApplicationFilterChain.access$000(ApplicationFilterChain.java:47)

at org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilterChain.java:149)

at org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilterChain.java:145)

at java.security.AccessController.doPrivileged(Native Method)

at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:144)

at it.eng.spagobi.utilities.filters.AntiInjectionFilter.doFilter(AntiInjectionFilter.java:45)

at sun.reflect.GeneratedMethodAccessor347.invoke(Unknown Source)

at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)

at java.lang.reflect.Method.invoke(Method.java:498)

at org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:282)

at org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:279)

at java.security.AccessController.doPrivileged(Native Method)

at javax.security.auth.Subject.doAsPrivileged(Subject.java:549)

at org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:314)

at org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:253)

at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:191)

at org.apache.catalina.core.ApplicationFilterChain.access$000(ApplicationFilterChain.java:47)

at org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilterChain.java:149)

at org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilterChain.java:145)

at java.security.AccessController.doPrivileged(Native Method)

at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:144)

at it.eng.spagobi.commons.filters.ProfileFilter.doFilter(ProfileFilter.java:176)

at sun.reflect.GeneratedMethodAccessor347.invoke(Unknown Source)

at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)

at java.lang.reflect.Method.invoke(Method.java:498)

at org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:282)

at org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:279)

at java.security.AccessController.doPrivileged(Native Method)

at javax.security.auth.Subject.doAsPrivileged(Subject.java:549)

at org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:314)

at org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:253)

at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:191)

at org.apache.catalina.core.ApplicationFilterChain.access$000(ApplicationFilterChain.java:47)

at org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilterChain.java:149)

at org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilterChain.java:145)

at java.security.AccessController.doPrivileged(Native Method)

at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:144)

at it.eng.spagobi.commons.filters.SpagoBICoreCheckSessionFilter.doFilter(SpagoBICoreCheckSessionFilter.java:94)

at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)

at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)

at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)

at java.lang.reflect.Method.invoke(Method.java:498)
by (320 points)
.......continuation

at org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:282)

at org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:279)

at java.security.AccessController.doPrivileged(Native Method)

at javax.security.auth.Subject.doAsPrivileged(Subject.java:549)

at org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:314)

at org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:253)

at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:191)

at org.apache.catalina.core.ApplicationFilterChain.access$000(ApplicationFilterChain.java:47)

at org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilterChain.java:149)

at org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilterChain.java:145)

at java.security.AccessController.doPrivileged(Native Method)

at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:144)

at it.eng.spagobi.utilities.filters.EncodingFilter.doFilter(EncodingFilter.java:54)

at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)

at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)

at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)

at java.lang.reflect.Method.invoke(Method.java:498)

at org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:282)

at org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:279)

at java.security.AccessController.doPrivileged(Native Method)

at javax.security.auth.Subject.doAsPrivileged(Subject.java:549)

at org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:314)

at org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:253)

at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:191)

at org.apache.catalina.core.ApplicationFilterChain.access$000(ApplicationFilterChain.java:47)

at org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilterChain.java:149)

at org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilterChain.java:145)

at java.security.AccessController.doPrivileged(Native Method)

at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:144)

at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:199)

at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:96)

at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:493)

at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:137)

at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:81)

at org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:660)

at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:87)

at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:343)

at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:798)

at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:66)

at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:808)

at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1498)

at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49)

at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)

at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)

at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)

at java.lang.Thread.run(Thread.java:748)

Caused by: javax.naming.AuthenticationException: [LDAP: error code 49 - 80090308: LdapErr: DSID-0C09044E, comment: AcceptSecurityContext error, data 52e, v2580

at org.apache.catalina.core.StandardEngineValve.invokeat com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:3259)

at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:3205)

at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2991)

at com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2905)

at com.sun.jndi.ldap.LdapCtx.<init>(LdapCtx.java:348)

at com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxFromUrl(LdapCtxFactory.java:225)

at com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(LdapCtxFactory.java:189)

at com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(LdapCtxFactory.java:243)

at com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(LdapCtxFactory.java:154)

at com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(LdapCtxFactory.java:84)

at javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:694)

at javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:313)

at javax.naming.InitialContext.init(InitialContext.java:244)

at javax.naming.InitialContext.<init>(InitialContext.java:216)

at javax.naming.directory.InitialDirContext.<init>(InitialDirContext.java:101)

at it.eng.spagobi.security.FullLdapSecurityServiceSupplier.bindLdapUserWithCredentials(FullLdapSecurityServiceSupplier.java:130)

... 125 more

[http-nio-8080-exec-4] 26 Apr 2022 11:44:01,687 ERROR it.eng.spagobi.security.InternalSecurityServiceSupplierImpl.checkAuthentication:99 - UserName not found into database

[http-nio-8080-exec-4] 26 Apr 2022 11:44:01,689 ERROR it.eng.spagobi.commons.services.LoginModule.service:173 - userName/pwd uncorrec

***************************************************************************************************

So, the error probably not matching DN_PREFIX + <Knowage user ID (amuyeen) > + DN_POSTFIX = distinguished name. But in our AD there is no UID.
by (320 points)
edited by

Yes, the problem is that DN_PREFIX + amuyeen + DN_POSTFIX is not a valid user in your LDAP system.
What do you mean when you say that there is no UID in your AD?

Bye,
Marco

by (9.3k points)

Please see below AD information for a user. In our AD, identity = amuyeen (not UID=amuyeen)

So, can i setup DN_PREFIX = identity and DN_POSTFIX = , ou=test-cbi-epa, ou=gov ?

THanks

Abu

by (320 points)

I think in this case the configuration should be as follows:

DN_PREFIX = CN=
DN_POSTFIX = ,OU=ITRMD, OU=OPS, DC=CBI-EPA, DC=GOV
Username to put in the Knowage login page = Abu Muyeen

So that the concatenation of this three entities matches with the DistinguishedName.

Bye,
Marco

by (9.3k points)
Getting same error. Here is ldap Property file:

INITIAL_CONTEXT_FACTORY   = com.sun.jndi.ldap.LdapCtxFactory

PROVIDER_URL              = ldap://was-tst-dc-01.test-cbi-epa.gov:389

SECURITY_AUTHENTICATION    = simple

DN_PREFIX                  = CN=

DN_POSTFIX                 = ,OU=ITRMD, OU=OPS, DC=test-cbi-epa, DC=gov

AUTHENTICATION_FILTER      = (&(enabled=true)(!(deprecated=false)))

USER_ROLES_ATTRIBUTE_NAME  = isMemberOf

USER_ROLES_ATTRIBUTE_FIELD = cn

SUPERADMIN_ATTRIBUTE       = ADMIN

ldap error log:

[http-nio-8080-exec-5] 28 Apr 2022 12:01:07,147 ERROR it.eng.spagobi.security.FullLdapSecurityServiceSupplier.

checkAuthentication:84 - LDAP authentication failed for user [Abu Muyeen].

Trying to authenticate user in metadata database

it.eng.spagobi.security.exceptions.LDAPAuthenticationFailed: Validation filter not satisfied for user [Abu Muyeen]

at it.eng.spagobi.security.FullLdapSecurityServiceSupplier.bindLdapUserWithCredentials(FullLdapSecurityServiceSupplier.java:137)

at it.eng.spagobi.security.FullLdapSecurityServiceSupplier.checkAuthentication(FullLdapSecurityServiceSupplier.java:78)

at it.eng.spagobi.services.security.service.SecurityServiceSupplierFactory$_SecurityServiceSupplierDecorator.checkAuthentication(SecurityServiceSupplierFactory.java:56)

at it.eng.spagobi.services.security.service.SecurityServiceSupplierFactory$TooMuchFailedLoginAttemtpsDecorator.checkAuthentication(SecurityServiceSupplierFactory.java:101)

at it.eng.spagobi.commons.services.LoginModule.service(LoginModule.java:171)

at it.eng.spago.dispatching.module.DefaultPage.invokeServiceBusiness(DefaultPage.java:352)

at it.eng.spago.dispatching.module.DefaultPage.nextStep(DefaultPage.java:302)

at it.eng.spago.dispatching.module.DefaultPage.service(DefaultPage.java:202)

at org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:314)

at org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:253)

at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:191)

at org.apache.catalina.core.ApplicationFilterChain.access$000(ApplicationFilterChain.java:47)

at org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilterChain.java:149)

at org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilterChain.java:145)

at java.security.AccessController.doPrivileged(Native Method)

at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)

at java.lang.reflect.Method.invoke(Method.java:498)

at org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:314)

at org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:253)

at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:191)

at org.apache.catalina.core.ApplicationFilterChain.access$000(ApplicationFilterChain.java:47)

at org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilterChain.java:149)

at org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilterChain.java:145)

at java.security.AccessController.doPrivileged(Native Method)

at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:144)

at it.eng.spagobi.commons.filters.ProfileFilter.doFilter(ProfileFilter.java:176)

at sun.reflect.GeneratedMethodAccessor349.invoke(Unknown Source)

at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)

at java.lang.reflect.Method.invoke(Method.java:498)

at org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:282)

at org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:279)

at java.security.AccessController.doPrivileged(Native Method)

at javax.security.auth.Subject.doAsPrivileged(Subject.java:549)

at org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:314)

at org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:253)

at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:191)

at org.apache.catalina.core.ApplicationFilterChain.access$000(ApplicationFilterChain.java:47)

at org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilterChain.java:149)

at org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilterChain.java:145)

at java.security.AccessController.doPrivileged(Native Method)

at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:144)

at it.eng.spagobi.commons.filters.SpagoBICoreCheckSessionFilter.doFilter(SpagoBICoreCheckSessionFilter.java:94)

at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)

at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)

at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)

at java.lang.reflect.Method.invoke(Method.java:498)

at org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:282)

at org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:279)

at java.security.AccessController.doPrivileged(Native Method)

at javax.security.auth.Subject.doAsPrivileged(Subject.java:549)

at org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:314)

at org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:253)

at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:191)

at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:144)

at it.eng.spagobi.utilities.filters.EncodingFilter.doFilter(EncodingFilter.java:54)

at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)

at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)

at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)

at java.lang.reflect.Method.invoke(Method.java:498)

at org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:282)

at org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:279)

at java.security.AccessController.doPrivileged(Native Method)

at javax.security.auth.Subject.doAsPrivileged(Subject.java:549)

at org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:314)

at org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:253)

at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:191)

at org.apache.catalina.core.ApplicationFilterChain.access$000(ApplicationFilterChain.java:47)

at org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilterChain.java:149)

at org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilterChain.java:145)

at java.security.AccessController.doPrivileged(Native Method)

at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:808)

at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1498)

at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49)

at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)

at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)

at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)

at java.lang.Thread.run(Thread.java:748)

[http-nio-8080-exec-5] 28 Apr 2022 12:01:07,153 ERROR it.eng.spagobi.security.InternalSecurityServiceSupplierImpl.checkAuthentication:99 - UserName not found into database

[http-nio-8080-exec-5] 28 Apr 2022 12:01:07,156 ERROR it.eng.spagobi.commons.services.LoginModule.service:173 - userName/pwd uncorrect

Please let me know if there any solution available.

THanks

Abu
by (320 points)
Getting same error. Here is ldap Property file:

INITIAL_CONTEXT_FACTORY   = com.sun.jndi.ldap.LdapCtxFactory

PROVIDER_URL              = ldap://was-tst-dc-01.test-cbi-epa.gov:389

SECURITY_AUTHENTICATION    = simple

DN_PREFIX                  = CN=

DN_POSTFIX                 = ,OU=ITRMD, OU=OPS, DC=test-cbi-epa, DC=gov

AUTHENTICATION_FILTER      = (&(enabled=true)(!(deprecated=false)))

USER_ROLES_ATTRIBUTE_NAME  = isMemberOf

USER_ROLES_ATTRIBUTE_FIELD = cn

SUPERADMIN_ATTRIBUTE       = ADMIN

ldap error log:

[http-nio-8080-exec-5] 28 Apr 2022 12:01:07,147 ERROR it.eng.spagobi.security.FullLdapSecurityServiceSupplier.

checkAuthentication:84 - LDAP authentication failed for user [Abu Muyeen].

Trying to authenticate user in metadata database

it.eng.spagobi.security.exceptions.LDAPAuthenticationFailed: Validation filter not satisfied for user [Abu Muyeen]

at it.eng.spagobi.security.FullLdapSecurityServiceSupplier.bindLdapUserWithCredentials(FullLdapSecurityServiceSupplier.java:137)

at it.eng.spagobi.security.FullLdapSecurityServiceSupplier.checkAuthentication(FullLdapSecurityServiceSupplier.java:78)

at it.eng.spagobi.services.security.service.SecurityServiceSupplierFactory$_SecurityServiceSupplierDecorator.checkAuthentication(SecurityServiceSupplierFactory.java:56)

at it.eng.spagobi.services.security.service.SecurityServiceSupplierFactory$TooMuchFailedLoginAttemtpsDecorator.checkAuthentication(SecurityServiceSupplierFactory.java:101)

at it.eng.spagobi.commons.services.LoginModule.service(LoginModule.java:171)

at java.security.AccessController.doPrivileged(Native Method)

at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)

at java.lang.reflect.Method.invoke(Method.java:498)

at org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:314)

at org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:253)

at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:191)

at org.apache.catalina.core.ApplicationFilterChain.access$000(ApplicationFilterChain.java:47)

at org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilterChain.java:149)

at org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilterChain.java:145)

at java.security.AccessController.doPrivileged(Native Method)

at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:144)

at it.eng.spagobi.commons.filters.ProfileFilter.doFilter(ProfileFilter.java:176)

at sun.reflect.GeneratedMethodAccessor349.invoke(Unknown Source)

at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)

at java.lang.reflect.Method.invoke(Method.java:498)

at org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:282)

at org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:279)

at java.security.AccessController.doPrivileged(Native Method)

at javax.security.auth.Subject.doAsPrivileged(Subject.java:549)

at org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:314)

at org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:253)

at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:191)

at org.apache.catalina.core.ApplicationFilterChain.access$000(ApplicationFilterChain.java:47)

at org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilterChain.java:149)

at org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilterChain.java:145)

at java.security.AccessController.doPrivileged(Native Method)

at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:144)

at it.eng.spagobi.commons.filters.SpagoBICoreCheckSessionFilter.doFilter(SpagoBICoreCheckSessionFilter.java:94)

at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)

at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)

at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)

at java.lang.reflect.Method.invoke(Method.java:498)

at org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:282)

at org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:279)

at java.security.AccessController.doPrivileged(Native Method)

at javax.security.auth.Subject.doAsPrivileged(Subject.java:549)

at org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:314)

at org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:253)

at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:191)

at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:144)

at it.eng.spagobi.utilities.filters.EncodingFilter.doFilter(EncodingFilter.java:54)

at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)

at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)

at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)

at java.lang.reflect.Method.invoke(Method.java:498)

at org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:282)

at org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:279)

at java.security.AccessController.doPrivileged(Native Method)

at javax.security.auth.Subject.doAsPrivileged(Subject.java:549)

at org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:314)

at org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:253)

at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:191)

at org.apache.catalina.core.ApplicationFilterChain.access$000(ApplicationFilterChain.java:47)

at org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilterChain.java:149)

at org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilterChain.java:145)

at java.security.AccessController.doPrivileged(Native Method)

at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:144)

at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:199)

at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:96)

at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:493)

at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:137)

at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:81)

at org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:660)

at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:87)

at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:343)

at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:798)

at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:66)

at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:808)

at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1498)

at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49)

at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)

at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)

at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)

at java.lang.Thread.run(Thread.java:748)

[http-nio-8080-exec-5] 28 Apr 2022 12:01:07,153 ERROR it.eng.spagobi.security.InternalSecurityServiceSupplierImpl.checkAuthentication:99 - UserName not found into database

[http-nio-8080-exec-5] 28 Apr 2022 12:01:07,156 ERROR it.eng.spagobi.commons.services.LoginModule.service:173 - userName/pwd uncorrect

Please let me know if there any solution available.

THanks

Abu
by (320 points)

Now the username is correct and it is working correctly, but authentication is still failing because the user is not satisfying the condition AUTHENTICATION_FILTER  = (&(enabled=true)(!(deprecated=false)))

Try to remove the filter condition from the configuration.

Bye,
Marco

by (9.3k points)

Marco:

This is NIng, I am Abu's coworker. First, we changed using the security connector from LdapSecurityServiceSupplier to FullLdapSecurityServiceSupplier.  Latest Error message provided from Abu is using the FullLdapSecurityServiceSupplier. My understanding is we do not need to use the algorithm DN_PREFIX + KnowlageID + DN_POSTFIX. Therefore no need to have the concatenation of this three entities matches with the DistinguishedName. Using the FullLdapSecurityServiceSupplier, we tried to set the DN_PREFIX = CN=, DN_PREFIX = Distinguishedname, DN_PREFIX = SAMAccountname, and DN_PREFIX = identity but still all of the tries got invalid user name and password. Is there anyway, we can see the profile object built by the FullLdapSecurityServiceSupplier connector?

by (100 points)

Hi Ning,

the last tentative was good enough. Just remove the filter condition AUTHENTICATION_FILTER  from the configuration and restart tomcat.

Bye,
Marco

by (9.3k points)

Here again, the error log

[http-nio-8080-exec-2] 03 May 2022 09:44:25,586 ERROR it.eng.spagobi.security.FullLdapSecurityServiceSupplier.

checkAuthentication:87 - Authentication failed for user [Abu Muyeen]

java.lang.NullPointerException

at it.eng.spagobi.security.FullLdapSecurityServiceSupplier.bindLdapUserWithCredentials(FullLdapSecurityServiceSupplier.java:143)

at it.eng.spagobi.security.FullLdapSecurityServiceSupplier.checkAuthentication(FullLdapSecurityServiceSupplier.java:78)

at it.eng.spagobi.services.security.service.SecurityServiceSupplierFactory$_SecurityServiceSupplierDecorator.checkAuthentication(SecurityServiceSupplierFactory.java:56)

at it.eng.spagobi.services.security.service.SecurityServiceSupplierFactory$TooMuchFailedLoginAttemtpsDecorator.checkAuthentication(SecurityServiceSupplierFactory.java:101)

at it.eng.spagobi.commons.services.LoginModule.service(LoginModule.java:171)

at it.eng.spago.dispatching.module.DefaultPage.invokeServiceBusiness(DefaultPage.java:352)

at java.security.AccessController.doPrivileged(Native Method)

at sun.reflect.GeneratedMethodAccessor344.invoke(Unknown Source)

at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)

at org.apache.catalina.core.ApplicationFilterChain.access$000(ApplicationFilterChain.java:47)

at org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilterChain.java:149)

at org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilterChain.java:145)

at java.security.AccessController.doPrivileged(Native Method)

at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:144)

at it.eng.spagobi.commons.filters.ProfileFilter.doFilter(ProfileFilter.java:176)

at sun.reflect.GeneratedMethodAccessor344.invoke(Unknown Source)

at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)

at java.lang.reflect.Method.invoke(Method.java:498)

at org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:282)

at org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:279)

at java.security.AccessController.doPrivileged(Native Method)

at javax.security.auth.Subject.doAsPrivileged(Subject.java:549)

at org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:314)

at org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:253)

at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:191)

at org.apache.catalina.core.ApplicationFilterChain.access$000(ApplicationFilterChain.java:47)

at org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilterChain.java:149)

at org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilterChain.java:145)

at java.security.AccessController.doPrivileged(Native Method)

at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:144)

at it.eng.spagobi.commons.filters.SpagoBICoreCheckSessionFilter.doFilter(SpagoBICoreCheckSessionFilter.java:94)

at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)

at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)

at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)

at org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:279)

at java.security.AccessController.doPrivileged(Native Method)

at javax.security.auth.Subject.doAsPrivileged(Subject.java:549)

at org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:314)

at org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:253)

at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:191)

at org.apache.catalina.core.ApplicationFilterChain.access$000(ApplicationFilterChain.java:47)

at org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilterChain.java:149)

at org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilterChain.java:145)

at java.security.AccessController.doPrivileged(Native Method)

at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:144)

at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:199)

at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:96)

at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:493)

at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:137)

at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:81)

at org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:660)

at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:87)

at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:343)

at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:798)

at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:66)

at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:808)

at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1498)

at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49)

at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)

at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)

at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)

at java.lang.Thread.run(Thread.java:748)

[http-nio-8080-exec-2] 03 May 2022 09:44:25,591 ERROR it.eng.spagobi.commons.services.LoginModule.service:173 - userName/pwd uncorrect

LDAP File:

INITIAL_CONTEXT_FACTORY   = com.sun.jndi.ldap.LdapCtxFactory

PROVIDER_URL              = ldap://was-tst-dc-01.test-cbi-epa.gov:389

SECURITY_AUTHENTICATION    = simple

DN_PREFIX                  = CN=

DN_POSTFIX                 = ,OU=ITRMD, OU=OPS, DC=test-cbi-epa, DC=gov

USER_ROLES_ATTRIBUTE_NAME  = isMemberOf

USER_ROLES_ATTRIBUTE_FIELD = cn

SUPERADMIN_ATTRIBUTE       = ADMIN

by (320 points)

Here again, the error log

[http-nio-8080-exec-2] 03 May 2022 09:44:25,586 ERROR it.eng.spagobi.security.FullLdapSecurityServiceSupplier.

checkAuthentication:87 - Authentication failed for user [Abu Muyeen]

java.lang.NullPointerException

at it.eng.spagobi.security.FullLdapSecurityServiceSupplier.bindLdapUserWithCredentials(FullLdapSecurityServiceSupplier.java:143)

at it.eng.spagobi.security.FullLdapSecurityServiceSupplier.checkAuthentication(FullLdapSecurityServiceSupplier.java:78)

at it.eng.spagobi.services.security.service.SecurityServiceSupplierFactory$_SecurityServiceSupplierDecorator.checkAuthentication(SecurityServiceSupplierFactory.java:56)

at it.eng.spagobi.services.security.service.SecurityServiceSupplierFactory$TooMuchFailedLoginAttemtpsDecorator.checkAuthentication(SecurityServiceSupplierFactory.java:101)

at it.eng.spagobi.commons.services.LoginModule.service(LoginModule.java:171)

at it.eng.spago.dispatching.module.DefaultPage.invokeServiceBusiness(DefaultPage.java:352)

at java.security.AccessController.doPrivileged(Native Method)

at sun.reflect.GeneratedMethodAccessor344.invoke(Unknown Source)

at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)

at org.apache.catalina.core.ApplicationFilterChain.access$000(ApplicationFilterChain.java:47)

at org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilterChain.java:149)

at org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilterChain.java:145)

at java.security.AccessController.doPrivileged(Native Method)

a

at sun.reflect.GeneratedMethodAccessor344.invoke(Unknown Source)

at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)

at java.lang.reflect.Method.invoke(Method.java:498)

at org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:282)

at org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:279)

at java.security.AccessController.doPrivileged(Native Method)

at javax.security.auth.Subject.doAsPrivileged(Subject.java:549)

at org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:314)

at org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:253)

at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:191)

at java.security.AccessController.doPrivileged(Native Method)

at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:144)

at it.eng.spagobi.commons.filters.SpagoBICoreCheckSessionFilter.doFilter(SpagoBICoreCheckSessionFilter.java:94)

at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)

at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)

at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)

at java.lang.reflect.Method.invoke(Method.java:498)

at org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:282)

at org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:279)

at java.security.AccessController.doPrivileged(Native Method)

at javax.security.auth.Subject.doAsPrivileged(Subject.java:549)

at org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:314)

at org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:253)

at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:191)

at org.apache.catalina.core.ApplicationFilterChain.access$000(ApplicationFilterChain.java:47)

at org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilterChain.java:149)

at org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilterChain.java:145)

at java.security.AccessController.doPrivileged(Native Method)

at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:144)

at it.eng.spagobi.utilities.filters.EncodingFilter.doFilter(EncodingFilter.java:54)

at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)

at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)

at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)

at java.lang.reflect.Method.invoke(Method.java:498)

at org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:282)

at org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:279)

at java.security.AccessController.doPrivileged(Native Method)

at javax.security.auth.Subject.doAsPrivileged(Subject.java:549)

at org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:314)

at org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:253)

at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:191)

at org.apache.catalina.core.ApplicationFilterChain.access$000(ApplicationFilterChain.java:47)

at org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilterChain.java:149)

at org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilterChain.java:145)

at java.security.AccessController.doPrivileged(Native Method)

at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:144)

at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:199)

at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:96)

at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:493)

at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:137)

at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:81)

at org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:660)

at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:87)

at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:343)

at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:798)

at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:66)

at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:808)

at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1498)

at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49)

at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)

at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)

at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)

at java.lang.Thread.run(Thread.java:748)

[http-nio-8080-exec-2] 03 May 2022 09:44:25,591 ERROR it.eng.spagobi.commons.services.LoginModule.service:173 - userName/pwd uncorrect

LDAP File:

INITIAL_CONTEXT_FACTORY   = com.sun.jndi.ldap.LdapCtxFactory

PROVIDER_URL              = ldap://was-tst-dc-01.test-cbi-epa.gov:389

SECURITY_AUTHENTICATION    = simple

DN_PREFIX                  = CN=

DN_POSTFIX                 = ,OU=ITRMD, OU=OPS, DC=test-cbi-epa, DC=gov

USER_ROLES_ATTRIBUTE_NAME  = isMemberOf

USER_ROLES_ATTRIBUTE_FIELD = cn

SUPERADMIN_ATTRIBUTE       = ADMIN

by (320 points)

Is there  a way or logfile, we can see the profile object built by the FullLdapSecurityServiceSupplier connector or the value which sent to the LDAP for authentication?

by (100 points)
edited by
Thanks for your response.
by (320 points)
edited by

Hi Abu,

I think you need a custom connector for your specific needs.

You can directly contribute to the source code by opening a pull request, or if you want the Knowage Labs to develop your idea you can contact the professional services 

Bye,
Marco

by (9.3k points)
Powered by Question2Answer
...