aspose file tools*
The moose likes Spring and the fly likes Spring Active Directory Authentication Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Frameworks » Spring
Bookmark "Spring Active Directory Authentication" Watch "Spring Active Directory Authentication" New topic
Author

Spring Active Directory Authentication

James Daniel
Ranch Hand

Joined: Sep 24, 2004
Posts: 80
I have been trying (and trying) to get a Spring application to authenticate against an AD LDAP server. I keep getting "Bad credentials" exception. When I use the same username/password in a LDAP tool, it works without issue. I am using Spring Security 3.1.2 and there isn't much to configuration. Does anyone have any ideas? I just want to see it authenticate and work from there. I can't even get that to happen. Help..


<authentication-manager>
<authentication-provider ref="activeDirectoryAuthenticationProvider"/>
</authentication-manager>

<beans:bean id="activeDirectoryAuthenticationProvider" class="org.springframework.security.ldap.authentication.ad.ActiveDirectoryLdapAuthenticationProvider">
<beans:constructor-arg value="my.domain.com" />
<beans:constructor-arg value="ldap://my.domain:389" />
<beans:property name="convertSubErrorCodesToExceptions" value="true"/>
</beans:bean>
Bill Gorder
Bartender

Joined: Mar 07, 2010
Posts: 1676
    
    7

Please UseCodeTags.

You are probably going to need a little more information to figure out what is happening. I would set your logger levels for org.springframework.security to DEBUG and you should get a better picture of what exactly you are missing.


[How To Ask Questions][Read before you PM me]
Mike Solano
Greenhorn

Joined: Jul 22, 2013
Posts: 3
Hi James,

Did you ever discover what your issue was? I'm having the exact same problem with pretty much the same setup.

I know it's hitting AD because if I use a non-existent username, I get:

DEBUG org.springframework.security.ldap.authentication.ad.ActiveDirectoryLdapAuthenticationProvider - Processing authentication request for user: batman
DEBUG org.springframework.security.ldap.authentication.ad.ActiveDirectoryLdapAuthenticationProvider - Authentication for batman@domain.net failed:javax.naming.AuthenticationException: [LDAP: error code 49 - 80090308: LdapErr: DSID-0C0903AA, comment: AcceptSecurityContext error, data 525, v1772
INFO org.springframework.security.ldap.authentication.ad.ActiveDirectoryLdapAuthenticationProvider - Active Directory authentication failed: User was not found in directory
DEBUG org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter - Authentication request failed: org.springframework.security.authentication.BadCredentialsException: Bad credentials

If I use an incorrect password, I get:

DEBUG org.springframework.security.ldap.authentication.ad.ActiveDirectoryLdapAuthenticationProvider - Processing authentication request for user: msolano
DEBUG org.springframework.security.ldap.authentication.ad.ActiveDirectoryLdapAuthenticationProvider - Authentication for msolano@domain.net failed:javax.naming.AuthenticationException: [LDAP: error code 49 - 80090308: LdapErr: DSID-0C0903AA, comment: AcceptSecurityContext error, data 52e, v1772
INFO org.springframework.security.ldap.authentication.ad.ActiveDirectoryLdapAuthenticationProvider - Active Directory authentication failed: Supplied password was invalid
DEBUG org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter - Authentication request failed: org.springframework.security.authentication.BadCredentialsException: Bad credentials


However, with the correct username and password, I only get a message saying Ignoring PartialResultException (which I think is ok) and the BadCredentialsException.

DEBUG org.springframework.security.ldap.authentication.ad.ActiveDirectoryLdapAuthenticationProvider - Processing authentication request for user: msolano
DEBUG org.springframework.security.ldap.SpringSecurityLdapTemplate - Searching for entry under DN ', base = dc=domain,dc=net, filter = (&(objectClass=user)(userPrincipalName={0}))
INFO org.springframework.security.ldap.SpringSecurityLdapTemplate - Ignoring PartialResultException
DEBUG org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter - Authentication request failed: org.springframework.security.authentication.BadCredentialsException: Bad credentials

I appreciate any feedback you or anyone else may have. Thank you!

-Mike
Mike Solano
Greenhorn

Joined: Jul 22, 2013
Posts: 3
I believe the problem I'm seeing may be a bug in ActiveDirectoryLdapAuthenticationProvider. I found the following forum post on the spring forums:

http://forum.springsource.org/showthread.php?134991-Active-Directory-authentication-in-Spring-3-1

And I created a JIRA issue for it here since one didn't seem to exist:

https://jira.springsource.org/browse/SEC-2224
Bill Gorder
Bartender

Joined: Mar 07, 2010
Posts: 1676
    
    7

Welcome to the Ranch Mike and thanks for posting back with what you have found!
Mike Solano
Greenhorn

Joined: Jul 22, 2013
Posts: 3
Thanks Bill! Long time lurker, first time caller

I'll update again when/if I see any traction on the JIRA issue.
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: Spring Active Directory Authentication