By: Peter Awad user 28 Mar 2018 at 11:31 p.m. CDT

5 Responses

I have been following the great videos for setting up the cache refresh and LDAP auth. Everything was going fine until I tried to login with a remote LDAP user. The one thing I did different was on the Manage LDAP Auth tab I used mail as my Primary Key in order to keep consistency with our other systems. When I try to login I get a simple message ``` An unexpected error has occured at 2018-03-29 12:21:00 AM ``` And the log file /opt/gluu/jetty/oxauth/logs/oxauth.log says authentication failed. ``` 2018-03-29 00:20:59,044 ERROR [qtp1020391880-12] [org.xdi.oxauth.auth.Authenticator] (Authenticator.java:224) - Failed to get session attributes 2018-03-29 00:20:59,044 INFO [qtp1020391880-12] [org.xdi.oxauth.auth.Authenticator] (Authenticator.java:164) - Authentication failed for 'pawad@inboxmaker.com' ``` I'm hoping someone can point me to where I can get a little more detail so I can figure out what it doesn't like.

CentOS 7.0

closed

By Mohib Zico staff 30 Mar 2018 at 8:45 a.m. CDT

Copy

I think we need more log from oxAuth... can you please specify oxAuth log level to DEBUG?

By Peter Awad user 30 Mar 2018 at 8:02 p.m. CDT

Copy

Here is the debug data. ``` 2018-03-30 20:29:30,582 DEBUG [qtp1020391880-12] [org.xdi.oxauth.service.ClientService] (ClientService.java:137) - Found 1 entries for client id = @!417D.DAEE.CEE0.97E8!0001!DC2F.1379!0008!EE18.7B82 2018-03-30 20:29:57,961 DEBUG [oxAuthScheduler_Worker-5] [org.xdi.service.timer.RequestJobListener] (RequestJobListener.java:52) - Bound request started 2018-03-30 20:29:57,962 DEBUG [oxAuthScheduler_Worker-5] [org.xdi.service.timer.TimerJob] (TimerJob.java:34) - Fire timer event [org.xdi.service.cdi.event.ConfigurationEvent] with qualifiers [@org.xdi.service.cdi.event.Scheduled()] 2018-03-30 20:29:57,962 DEBUG [oxAuthScheduler_Worker-5] [org.xdi.service.timer.RequestJobListener] (RequestJobListener.java:62) - Bound request ended 2018-03-30 20:29:57,975 DEBUG [oxAuthScheduler_Worker-1] [org.xdi.service.timer.RequestJobListener] (RequestJobListener.java:52) - Bound request started 2018-03-30 20:29:57,975 DEBUG [oxAuthScheduler_Worker-1] [org.xdi.service.timer.TimerJob] (TimerJob.java:34) - Fire timer event [org.xdi.service.cdi.event.LdapStatusEvent] with qualifiers [@org.xdi.service.cdi.event.Scheduled()] 2018-03-30 20:29:57,976 DEBUG [oxAuthScheduler_Worker-1] [org.xdi.service.timer.RequestJobListener] (RequestJobListener.java:62) - Bound request ended 2018-03-30 20:29:58,132 DEBUG [oxAuthScheduler_Worker-2] [org.xdi.service.timer.RequestJobListener] (RequestJobListener.java:52) - Bound request started 2018-03-30 20:29:58,133 DEBUG [oxAuthScheduler_Worker-2] [org.xdi.service.timer.TimerJob] (TimerJob.java:34) - Fire timer event [org.xdi.oxauth.service.cdi.event.AuthConfigurationEvent] with qualifiers [@org.xdi.service.cdi.event.Scheduled()] 2018-03-30 20:29:58,133 DEBUG [oxAuthScheduler_Worker-2] [org.xdi.service.timer.RequestJobListener] (RequestJobListener.java:62) - Bound request ended 2018-03-30 20:29:58,489 DEBUG [oxAuthScheduler_Worker-3] [org.xdi.service.timer.RequestJobListener] (RequestJobListener.java:52) - Bound request started 2018-03-30 20:29:58,489 DEBUG [oxAuthScheduler_Worker-3] [org.xdi.service.timer.TimerJob] (TimerJob.java:34) - Fire timer event [org.xdi.service.cdi.event.UpdateScriptEvent] with qualifiers [@org.xdi.service.cdi.event.Scheduled()] 2018-03-30 20:29:58,501 DEBUG [oxAuthScheduler_Worker-3] [org.xdi.service.timer.RequestJobListener] (RequestJobListener.java:62) - Bound request ended 2018-03-30 20:30:17,037 DEBUG [qtp1020391880-10] [org.xdi.oxauth.service.AuthenticationService] (AuthenticationService.java:117) - Authenticating user with LDAP: username: 'pawad@inboxmaker.com', credentials: '72125229' 2018-03-30 20:30:17,038 DEBUG [qtp1020391880-10] [org.xdi.oxauth.service.AuthenticationService] (AuthenticationService.java:241) - Attempting to find userDN by primary key: 'cn' and key value: 'pawad@inboxmaker.com', credentials: '72125229' 2018-03-30 20:30:17,038 DEBUG [qtp1020391880-10] [org.xdi.oxauth.service.AuthenticationService] (AuthenticationService.java:330) - Getting user information from LDAP: attributeName = 'cn', attributeValue = 'pawad@inboxmaker.com' 2018-03-30 20:30:17,038 DEBUG [qtp1020391880-10] [org.xdi.oxauth.service.AuthenticationService] (AuthenticationService.java:344) - Searching user by attributes: '[Attribute [name=cn, values=[pawad@inboxmaker.com]]]', baseDn: 'ou=Clients,ou=Master,dc=inboxauth,dc=com' 2018-03-30 20:30:17,042 DEBUG [qtp1020391880-10] [org.xdi.oxauth.service.AuthenticationService] (AuthenticationService.java:346) - Found '1' entries 2018-03-30 20:30:17,044 DEBUG [qtp1020391880-10] [org.xdi.oxauth.service.AuthenticationService] (AuthenticationService.java:263) - Attempting to authenticate userDN: cn=pawad@inboxmaker.com,ou=Users,o=Support,ou=Clients,ou=Master,dc=inboxauth,dc=com 2018-03-30 20:30:17,045 ERROR [qtp1020391880-10] [org.xdi.oxauth.service.AuthenticationService] (AuthenticationService.java:288) - Failed to authenticate dn: cn=pawad@inboxmaker.com,ou=Users,o=Support,ou=Clients,ou=Master,dc=inboxauth,dc=com 2018-03-30 20:30:17,045 DEBUG [qtp1020391880-10] [org.xdi.oxauth.auth.Authenticator] (Authenticator.java:265) - Authentication result for user 'pawad@inboxmaker.com'. auth_step: '1', result: 'false', credentials: '72125229' 2018-03-30 20:30:17,045 INFO [qtp1020391880-10] [org.xdi.oxauth.auth.Authenticator] (Authenticator.java:164) - Authentication failed for 'pawad@inboxmaker.com' 2018-03-30 20:30:17,049 DEBUG [qtp1020391880-10] [org.xdi.oxauth.service.ClientService] (ClientService.java:137) - Found 1 entries for client id = @!417D.DAEE.CEE0.97E8!0001!DC2F.1379!0008!EE18.7B82 ```

By Mohib Zico staff 01 Apr 2018 at 3:17 a.m. CDT

Copy

Can you please send three info: - User info of user `pawad@inboxmaker.com` from backend AD - User info of user `pawad@inboxmaker.com` from Gluu Server LDAP - Screenshots of your Cache Refresh config You can use ldapsearch for first two points to extract ldif.

By Peter Awad user 02 Apr 2018 at 11:28 a.m. CDT

Copy

It turns out the problem I was having was due to legacy architecture that I have to inherit. The user I was trying to login as is actually imported from AD to the LDAP of our old SSO. So there were no passwords for that user. Moving forward I need to setup a second Authentication Manager for AD when email address domain is emailmaker.com. If anyone has a link to a how-to would be great. I did stumble across something about a multiAuth script the other day. Will investigate that.

By Mohib Zico staff 04 Apr 2018 at 8:40 a.m. CDT

Copy

OK, please let us know how that goes.

You need to Login in order to post an answer

An unexpected error has occurred when logging into gluu with remote ad/ldap auth

By: Peter Awad user 28 Mar 2018 at 11:31 p.m. CDT

Answers

By Mohib Zico staff 30 Mar 2018 at 8:45 a.m. CDT

By Peter Awad user 30 Mar 2018 at 8:02 p.m. CDT

By Mohib Zico staff 01 Apr 2018 at 3:17 a.m. CDT

By Peter Awad user 02 Apr 2018 at 11:28 a.m. CDT

By Mohib Zico staff 04 Apr 2018 at 8:40 a.m. CDT

Post an answer