By: Francis Lowry user 12 Nov 2019 at 3:01 a.m. CST

15 Responses
Francis Lowry gravatar
New GLUU user - thank you guys for Gluu - wonderful work * Installed on single Centos 7 server * Configured Apache & Corretto with SSL cert * Enabled AD Cache Refresh successfully Unable to get basic multi auth working I have searched the public support tickets and have been unable to find any pertinent information for V4 Steps to reproduce post clean install above **Within GLUU Admin console** Configuration | Manage Customer Scripts | Custom Script called basic_multi_auth_conf should show as enabled i.e. white background After a refresh period - Custom Scripts | Person Authentication list Displays basic_multi_auth_conf with a red background and the Show Error inside it contains the following ``` java.lang.Exception: Using default external type class at org.gluu.service.custom.script.CustomScriptManager.createExternalType(CustomScriptManager.java:367) at org.gluu.service.custom.script.CustomScriptManager.reloadCustomScriptConfigurations(CustomScriptManager.java:268) at org.gluu.service.custom.script.CustomScriptManager.reloadImpl(CustomScriptManager.java:157) at org.gluu.service.custom.script.CustomScriptManager.reload(CustomScriptManager.java:144) at org.gluu.service.custom.script.CustomScriptManager.reloadTimerEvent(CustomScriptManager.java:120) at org.gluu.service.custom.script.CustomScriptManager$Proxy$_$$_WeldSubclass.reloadTimerEvent(Unknown Source) at sun.reflect.GeneratedMethodAccessor162.invoke(Unknown Source) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.lang.reflect.Method.invoke(Method.java:498) at org.jboss.weld.injection.StaticMethodInjectionPoint.invoke(StaticMethodInjectionPoint.java:95) at org.jboss.weld.injection.StaticMethodInjectionPoint.invoke(StaticMethodInjectionPoint.java:85) at org.jboss.weld.injection.MethodInvocationStrategy$SimpleMethodInvocationStrategy.invoke(MethodInvocationStrategy.java:168) at org.jboss.weld.event.ObserverMethodImpl.sendEvent(ObserverMethodImpl.java:330) at org.jboss.weld.event.ObserverMethodImpl.sendEvent(ObserverMethodImpl.java:308) at org.jboss.weld.event.ObserverMethodImpl.notify(ObserverMethodImpl.java:286) at javax.enterprise.inject.spi.ObserverMethod.notify(ObserverMethod.java:124) at org.jboss.weld.util.Observers.notify(Observers.java:166) at org.jboss.weld.event.ObserverNotifier.notifySyncObservers(ObserverNotifier.java:285) at org.jboss.weld.event.ObserverNotifier.notify(ObserverNotifier.java:273) at org.jboss.weld.event.ObserverNotifier.fireEvent(ObserverNotifier.java:177) at org.jboss.weld.event.ObserverNotifier.fireEvent(ObserverNotifier.java:159) at org.jboss.weld.manager.BeanManagerImpl.fireEvent(BeanManagerImpl.java:632) at org.jboss.weld.util.ForwardingBeanManager.fireEvent(ForwardingBeanManager.java:104) at org.gluu.service.timer.TimerJob.execute(TimerJob.java:39) at org.gluu.service.timer.JobExecutionDelegate.execute(JobExecutionDelegate.java:31) at org.quartz.core.JobRunShell.run(JobRunShell.java:202) at org.quartz.simpl.SimpleThreadPool$WorkerThread.run(SimpleThreadPool.java:573) ==================Further details============================ Using default external type class ``` Followed the instructions in github for [basic auth](https://github.com/GluuFederation/oxAuth/tree/master/Server/integrations/basic.multi_auth_conf) I could not follow steps 1 & 2 in the instructions as the URL's did not work and V4 uses Jetty not Tomcat 1. Stored the .json in /etc/certs 2. Confirmed unix file permissions and ownership were the same as other .json files (root:gluu) 3. Added the variable in the script config 4. Pasted the code in correctly Am I missing an environment variable / library? Is there a specific changed required to get this to work with V4? Is there any more detail I can provide to assist? Thanks Francis

By Mohit Mali staff 12 Nov 2019 at 3:08 a.m. CST

Mohit Mali gravatar
Hi Francis Lowry, Thank you for reaching out gluu support , I will assist you on this ticket. Can you provide me the link which you are following to setup the configuration. Thanks and Regards Mohit Mali

By Francis Lowry user 12 Nov 2019 at 3:18 a.m. CST

Francis Lowry gravatar
Hi Mohit, The link is after the exception https://github.com/GluuFederation/oxAuth/tree/master/Server/integrations/basic.multi_auth_conf

By Michael Schwartz staff 12 Nov 2019 at 2:52 p.m. CST

Michael Schwartz gravatar
Is there any error in the scripts log? This might have more details. It's possible this script needs to be updated for 4.0.

By Mohit Mali staff 13 Nov 2019 at 12:15 a.m. CST

Mohit Mali gravatar
Hi Francis Lowry, Can you provide me debug logs so we can assist you better on this. a) Login to oxTrust UI as admin or with an administrator account. b) Navigate to Configuration > JSON Configuration > OxAuth Configuration Tab c) Change logging level field to debug. follow this document https://gluu.org/docs/ce/operation/logs/ then sends the latest oxauth_script logs

By Francis Lowry user 14 Nov 2019 at 6:34 a.m. CST

Francis Lowry gravatar
Hi, Thank you for your very prompt response and apologies for being so slow in replying. With the additional logging I found a separate issue in that that the encode mechanism, and possibly the configuration for the ldap connection does not like passwords with an exclaimation mark in them "!" and certain following characters - I have not tested all combinations but the following should be enough to replicate ``` [root@tsso ~]# /opt/gluu/bin/encode.py New!D2781 -bash: !D2781: event not found [root@tsso ~]# /opt/gluu/bin/encode.py New_fred! d5ZFfPSijTLG5S1tAzYJwA== [root@tsso ~]# /opt/gluu/bin/encode.py New_fred!D -bash: !D: event not found [root@tsso ~]# /opt/gluu/bin/encode.py New_fred!a /opt/gluu/bin/encode.py New_fredapachectl restart Traceback (most recent call last): File "/opt/gluu/bin/encode.py", line 43, in <module> print unobscure(arg) File "/opt/gluu/bin/encode.py", line 23, in unobscure decrypted = cipher.decrypt(base64.b64decode(s), padmode=PAD_PKCS5) File "/usr/lib64/python2.7/base64.py", line 76, in b64decode raise TypeError(msg) TypeError: Incorrect padding ``` So this distracted me for a bit as I had used "!" in my main GLUU admin accounts password, and in the AD ldap looku account and I had to reset these to make sure I had a real problem with the multiauth bit **Back to the main issue** So, I simplified the test case and focussed on just logging back into the local host via LDAP (ignoring MS AD for now) Used /opt/gluu/bin/encode/py to encrypt the login password "Magnol1a!" got ``` [root@tsso ~]# /opt/gluu/bin/encode.py Magnol1a A5seSImciU23Yjr5SlDg2w== ``` configured the /etc/certs/multi_auth_conf.json file like this: ``` { "ldap_configuration": [ { "configId":"ad_1", "servers":["localhost:1636"], "bindDN":"cn=directory manager", "bindPassword":"A5seSImciU23Yjr5SlDg2w==", "useSSL":true, "maxConnections":10, "baseDNs":["ou=people,o=gluu"], "loginAttributes":["uid"], "localLoginAttributes":["uid"] } ] } ``` Bounced the whole environment (and wiped all the logs) /sbin/gluu-serverd stop /root/cleanGLUUlogs.sh /sbin/gluu-serverd start /sbin/gluu-serverd login Tailed the log /opt/gluu/jetty/oxauth/logs/oxauth_script.log i.e. ldap ***49*** login failure ``` [root@tsso ~]# tail -f /opt/gluu/jetty/oxauth/logs/oxauth_script.log 2019-11-14 12:26:45,137 INFO [ForkJoinPool.commonPool-worker-1] [org.gluu.service.PythonService$PythonLoggerOutputStream] (PythonService.java:240) - Basic (multi auth conf). Initialization 2019-11-14 12:26:45,800 ERROR [ForkJoinPool.commonPool-worker-1] [org.gluu.service.custom.script.CustomScriptManager] (CustomScriptManager.java:406) - Failed to initialize custom script: 'org.gluu.persist.exception.operation.ConfigurationException: Failed to create LDAP connection pool! Result code: '49'' ``` configured the /etc/certs/multi_auth_conf.json file like this: i.e. no encrypted password ``` { "ldap_configuration": [ { "configId":"ad_1", "servers":["localhost:1636"], "bindDN":"cn=directory manager", "bindPassword":"Magnol1a!", "useSSL":true, "maxConnections":10, "baseDNs":["ou=people,o=gluu"], "loginAttributes":["uid"], "localLoginAttributes":["uid"] } ] } ``` Bounced the whole environment (and wiped all the logs again) /sbin/gluu-serverd stop /root/cleanGLUUlogs.sh /sbin/gluu-serverd start /sbin/gluu-serverd login Tailed the log /opt/gluu/jetty/oxauth/logs/oxauth_script.log - not getting a login failure, but a config error ``` Last login: Thu Nov 14 12:26:54 2019 from localhost Welcome to the Gluu Server! [root@tsso ~]# tail -f /opt/gluu/jetty/oxauth/logs/oxauth_script.log 2019-11-14 12:28:48,011 INFO [ForkJoinPool.commonPool-worker-1] [org.gluu.service.PythonService$PythonLoggerOutputStream] (PythonService.java:240) - Basic (multi auth conf). Initialization 2019-11-14 12:28:48,246 ERROR [ForkJoinPool.commonPool-worker-1] [org.gluu.service.custom.script.CustomScriptManager] (CustomScriptManager.java:406) - Failed to initialize custom script: 'Traceback (most recent call last): File "basic_multi_auth_conf.py", line 44, in init File "basic_multi_auth_conf.py", line 231, in createLdapExtendedEntryManagers KeyError: 'ldapConfiguration' ' ``` As i mentioned originally, I am not sure I have set up the HTTPS ssl piece correctly as I used the cacerts file in corretto (could not locate the ones in the docs) Thanks Francis

By Yuriy Movchan staff 19 Nov 2019 at 9:42 a.m. CST

Yuriy Movchan gravatar
Hi, I've fixed compatibility issue with 4.0 Can you try this [script](https://github.com/GluuFederation/oxAuth/blob/version_4.0.1/Server/integrations/basic.multi_auth_conf/BasicMultiAuthConfExternalAuthenticator.py)?

By Francis Lowry user 19 Nov 2019 at 11:14 a.m. CST

Francis Lowry gravatar
Hi, Looks like a bit of progress, thank you. With the passwords in the multi_auth_conf.json in *clear text*, both the local and the AD ldap connectors initialise correctly. They fail with an LDAP 90 error if they are encrypted. ``` 2019-11-19 16:44:31,152 DEBUG [oxAuthScheduler_Worker-2] [org.gluu.service.custom.script.CustomScriptManager] (CustomScriptManager.java:418) - Executing python 'destroy' custom script method 2019-11-19 16:44:31,153 INFO [oxAuthScheduler_Worker-2] [org.gluu.service.PythonService$PythonLoggerOutputStream] (PythonService.java:240) - Basic (multi auth conf). Destroy 2019-11-19 16:44:31,157 INFO [oxAuthScheduler_Worker-2] [org.gluu.service.PythonService$PythonLoggerOutputStream] (PythonService.java:240) - Basic (multi auth conf). Destroyed: ad_1. Result: True 2019-11-19 16:44:31,157 INFO [oxAuthScheduler_Worker-2] [org.gluu.service.PythonService$PythonLoggerOutputStream] (PythonService.java:240) - Basic (multi auth conf). Destroyed successfully 2019-11-19 16:45:01,399 INFO [oxAuthScheduler_Worker-1] [org.gluu.service.PythonService$PythonLoggerOutputStream] (PythonService.java:240) - Basic (multi auth conf). Initialization 2019-11-19 16:45:01,512 INFO [oxAuthScheduler_Worker-1] [org.gluu.service.PythonService$PythonLoggerOutputStream] (PythonService.java:240) - Basic (multi auth conf). Initialized successfully ``` with this config: ``` { "ldap_configuration": [ { "configId":"ad_1", "servers":["localhost:1636"], "bindDN":"cn=directory manager", "bindPassword":"Magnol1a!", "useSSL":true, "maxConnections":10, "baseDNs":["ou=people,o=gluu"], "loginAttributes":["uid"], "localLoginAttributes":["uid"] }, { "configId":"ad_2", "servers":["uk-hq-addc-01:389"], "bindDN":"CN=testFrancis Lowry,OU=UK-USER-SSC_SOFT,OU=UK-SSC_SOFT,OU=UK-SS-DEV,OU=UK-SS,OU=UK-BU,OU=UK,OU=Regions,OU=RomaxTech,DC=RomaxTechnology,DC=com", "bindPassword":"Magnol1a", "useSSL":false, "maxConnections":10, "baseDNs":["DC=romaxtechnology,DC=com"], "loginAttributes":["mail"], "localLoginAttributes":["mail"] } ] } ``` I can login directly to GLUU with any GLUU local account successfully, however I am unable to log in with an AD account. I have configured the AD account to use the mail attribute for the login. this does get mapped to an internal GLUU cached user correctly, however the authentication fails with the error below: In our AD logs, I can see the "testfrancis lowry" AD account successfully authenticating, but nothing else. ``` 2019-11-19 16:36:31,153 DEBUG [oxAuthScheduler_Worker-4] [org.gluu.service.custom.script.CustomScriptManager] (CustomScriptManager.java:418) - Executing python 'destroy' custom script method 2019-11-19 16:36:31,417 INFO [oxAuthScheduler_Worker-4] [org.gluu.service.PythonService$PythonLoggerOutputStream] (PythonService.java:240) - Basic (multi auth conf). Initialization 2019-11-19 16:36:31,439 INFO [oxAuthScheduler_Worker-4] [org.gluu.service.PythonService$PythonLoggerOutputStream] (PythonService.java:240) - Basic (multi auth conf). Initialized successfully 2019-11-19 16:37:31,995 DEBUG [qtp1359044626-12] [org.gluu.oxauth.service.external.ExternalAuthenticationService] (ExternalAuthenticationService.java:277) - Executing python 'getPageForStep' authenticator method 2019-11-19 16:37:32,048 DEBUG [qtp1359044626-19] [org.gluu.oxauth.service.external.ExternalAuthenticationService] (ExternalAuthenticationService.java:384) - Validating acr_values: 'simple_password_auth' 2019-11-19 16:37:32,048 DEBUG [qtp1359044626-19] [org.gluu.oxauth.service.external.ExternalAuthenticationService] (ExternalAuthenticationService.java:151) - Executing python 'isValidAuthenticationMethod' authenticator method 2019-11-19 16:37:32,049 DEBUG [qtp1359044626-19] [org.gluu.oxauth.service.external.ExternalAuthenticationService] (ExternalAuthenticationService.java:249) - Executing python 'prepareForStep' authenticator method 2019-11-19 16:37:32,049 DEBUG [qtp1359044626-19] [org.gluu.oxauth.service.external.ExternalAuthenticationService] (ExternalAuthenticationService.java:263) - Executing python 'getExtraParametersForStep' authenticator method 2019-11-19 16:37:50,746 DEBUG [qtp1359044626-14] [org.gluu.oxauth.service.external.ExternalAuthenticationService] (ExternalAuthenticationService.java:193) - Executing python 'authenticate' authenticator method 2019-11-19 16:37:50,752 ERROR [qtp1359044626-14] [org.gluu.oxauth.service.external.ExternalAuthenticationService] (ExternalAuthenticationService.java:198) - Failed to authenticate DN: inum=0000!3B0B.500B,ou=people,o=gluu org.gluu.persist.exception.AuthenticationException: Failed to authenticate DN: inum=0000!3B0B.500B,ou=people,o=gluu at org.gluu.persist.ldap.impl.LdapEntryManager.authenticate(LdapEntryManager.java:741) ~[oxcore-persistence-ldap-4.0.Final.jar:?] at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) ~[?:1.8.0_222] at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) ~[?:1.8.0_222] at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) ~[?:1.8.0_222] at java.lang.reflect.Method.invoke(Method.java:498) ~[?:1.8.0_222] at org.jboss.weld.bean.proxy.AbstractBeanInstance.invoke(AbstractBeanInstance.java:38) ~[weld-core-impl-3.1.1.Final.jar:3.1.1.Final] at org.jboss.weld.bean.proxy.ProxyMethodHandler.invoke(ProxyMethodHandler.java:106) ~[weld-core-impl-3.1.1.Final.jar:3.1.1.Final] at org.gluu.persist.EntityManager$PersistenceEntryManager$1948486608$Proxy$_$$_WeldClientProxy.authenticate(Unknown Source) ~[weld-core-impl-3.1.1.Final.jar:?] at org.gluu.oxauth.service.AuthenticationService.localAuthenticate(AuthenticationService.java:171) ~[classes/:?] at org.gluu.oxauth.service.AuthenticationService.authenticate(AuthenticationService.java:121) ~[classes/:?] at org.gluu.oxauth.service.external.internal.InternalDefaultPersonAuthenticationType.authenticate(InternalDefaultPersonAuthenticationType.java:38) ~[classes/:?] at org.gluu.oxauth.service.external.ExternalAuthenticationService.executeExternalAuthenticate(ExternalAuthenticationService.java:196) [classes/:?] at org.gluu.oxauth.service.external.ExternalAuthenticationService$Proxy$_$$_WeldClientProxy.executeExternalAuthenticate(Unknown Source) [classes/:?] at org.gluu.oxauth.auth.Authenticator.userAuthenticationInteractive(Authenticator.java:320) [classes/:?] at org.gluu.oxauth.auth.Authenticator.authenticateImpl(Authenticator.java:203) [classes/:?] at org.gluu.oxauth.auth.Authenticator.authenticate(Authenticator.java:132) [classes/:?] at sun.reflect.GeneratedMethodAccessor412.invoke(Unknown Source) ~[?:?] at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) ~[?:1.8.0_222] at java.lang.reflect.Method.invoke(Method.java:498) ~[?:1.8.0_222] at org.apache.el.parser.AstValue.invoke(AstValue.java:247) [org.mortbay.jasper.apache-el-8.5.40.jar:8.5.40] at org.apache.el.MethodExpressionImpl.invoke(MethodExpressionImpl.java:267) [org.mortbay.jasper.apache-el-8.5.40.jar:8.5.40] at org.jboss.weld.module.web.util.el.ForwardingMethodExpression.invoke(ForwardingMethodExpression.java:40) [weld-web-3.1.1.Final.jar:3.1.1.Final] at org.jboss.weld.module.web.el.WeldMethodExpression.invoke(WeldMethodExpression.java:50) [weld-web-3.1.1.Final.jar:3.1.1.Final] at com.sun.faces.facelets.el.TagMethodExpression.invoke(TagMethodExpression.java:105) [javax.faces-2.2.16.jar:2.2.16] at javax.faces.component.MethodBindingMethodExpressionAdapter.invoke(MethodBindingMethodExpressionAdapter.java:87) [javax.faces-2.2.16.jar:2.2.16] at com.sun.faces.application.ActionListenerImpl.processAction(ActionListenerImpl.java:102) [javax.faces-2.2.16.jar:2.2.16] at javax.faces.component.UICommand.broadcast(UICommand.java:315) [javax.faces-2.2.16.jar:2.2.16] at javax.faces.component.UIViewRoot.broadcastEvents(UIViewRoot.java:790) [javax.faces-2.2.16.jar:2.2.16] at javax.faces.component.UIViewRoot.processApplication(UIViewRoot.java:1282) [javax.faces-2.2.16.jar:2.2.16] at com.sun.faces.lifecycle.InvokeApplicationPhase.execute(InvokeApplicationPhase.java:81) [javax.faces-2.2.16.jar:2.2.16] at com.sun.faces.lifecycle.Phase.doPhase(Phase.java:101) [javax.faces-2.2.16.jar:2.2.16] at com.sun.faces.lifecycle.LifecycleImpl.execute(LifecycleImpl.java:198) [javax.faces-2.2.16.jar:2.2.16] at javax.faces.webapp.FacesServlet.service(FacesServlet.java:658) [javax.faces-2.2.16.jar:2.2.16] at org.eclipse.jetty.servlet.ServletHolder.handle(ServletHolder.java:876) [jetty-servlet-9.4.19.v20190610.jar:9.4.19.v20190610] at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1623) [jetty-servlet-9.4.19.v20190610.jar:9.4.19.v20190610] at org.eclipse.jetty.websocket.server.WebSocketUpgradeFilter.doFilter(WebSocketUpgradeFilter.java:214) [websocket-server-9.4.19.v20190610.jar:9.4.19.v20190610] at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1610) [jetty-servlet-9.4.19.v20190610.jar:9.4.19.v20190610] at org.gluu.oxauth.audit.debug.ServletLoggingFilter.doFilter(ServletLoggingFilter.java:67) [classes/:?] at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1602) [jetty-servlet-9.4.19.v20190610.jar:9.4.19.v20190610] at org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:540) [jetty-servlet-9.4.19.v20190610.jar:9.4.19.v20190610] at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:146) [jetty-server-9.4.19.v20190610.jar:9.4.19.v20190610] at org.eclipse.jetty.security.SecurityHandler.handle(SecurityHandler.java:548) [jetty-security-9.4.19.v20190610.jar:9.4.19.v20190610] at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:132) [jetty-server-9.4.19.v20190610.jar:9.4.19.v20190610] at org.eclipse.jetty.server.handler.ScopedHandler.nextHandle(ScopedHandler.java:257) [jetty-server-9.4.19.v20190610.jar:9.4.19.v20190610] at org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:1711) [jetty-server-9.4.19.v20190610.jar:9.4.19.v20190610] at org.eclipse.jetty.server.handler.ScopedHandler.nextHandle(ScopedHandler.java:255) [jetty-server-9.4.19.v20190610.jar:9.4.19.v20190610] at org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1347) [jetty-server-9.4.19.v20190610.jar:9.4.19.v20190610] at org.eclipse.jetty.server.handler.ScopedHandler.nextScope(ScopedHandler.java:203) [jetty-server-9.4.19.v20190610.jar:9.4.19.v20190610] at org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:480) [jetty-servlet-9.4.19.v20190610.jar:9.4.19.v20190610] at org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:1678) [jetty-server-9.4.19.v20190610.jar:9.4.19.v20190610] at org.eclipse.jetty.server.handler.ScopedHandler.nextScope(ScopedHandler.java:201) [jetty-server-9.4.19.v20190610.jar:9.4.19.v20190610] at org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1249) [jetty-server-9.4.19.v20190610.jar:9.4.19.v20190610] at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:144) [jetty-server-9.4.19.v20190610.jar:9.4.19.v20190610] at org.eclipse.jetty.server.handler.ContextHandlerCollection.handle(ContextHandlerCollection.java:220) [jetty-server-9.4.19.v20190610.jar:9.4.19.v20190610] at org.eclipse.jetty.server.handler.HandlerCollection.handle(HandlerCollection.java:152) [jetty-server-9.4.19.v20190610.jar:9.4.19.v20190610] at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:132) [jetty-server-9.4.19.v20190610.jar:9.4.19.v20190610] at org.eclipse.jetty.server.Server.handle(Server.java:505) [jetty-server-9.4.19.v20190610.jar:9.4.19.v20190610] at org.eclipse.jetty.server.HttpChannel.handle(HttpChannel.java:370) [jetty-server-9.4.19.v20190610.jar:9.4.19.v20190610] at org.eclipse.jetty.server.HttpConnection.onFillable(HttpConnection.java:267) [jetty-server-9.4.19.v20190610.jar:9.4.19.v20190610] at org.eclipse.jetty.io.AbstractConnection$ReadCallback.succeeded(AbstractConnection.java:305) [jetty-io-9.4.19.v20190610.jar:9.4.19.v20190610] at org.eclipse.jetty.io.FillInterest.fillable(FillInterest.java:103) [jetty-io-9.4.19.v20190610.jar:9.4.19.v20190610] at org.eclipse.jetty.io.ChannelEndPoint$2.run(ChannelEndPoint.java:117) [jetty-io-9.4.19.v20190610.jar:9.4.19.v20190610] at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.runTask(EatWhatYouKill.java:333) [jetty-util-9.4.19.v20190610.jar:9.4.19.v20190610] at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.doProduce(EatWhatYouKill.java:310) [jetty-util-9.4.19.v20190610.jar:9.4.19.v20190610] at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.tryProduce(EatWhatYouKill.java:168) [jetty-util-9.4.19.v20190610.jar:9.4.19.v20190610] at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.run(EatWhatYouKill.java:126) [jetty-util-9.4.19.v20190610.jar:9.4.19.v20190610] at org.eclipse.jetty.util.thread.ReservedThreadExecutor$ReservedThread.run(ReservedThreadExecutor.java:366) [jetty-util-9.4.19.v20190610.jar:9.4.19.v20190610] at org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:781) [jetty-util-9.4.19.v20190610.jar:9.4.19.v20190610] at org.eclipse.jetty.util.thread.QueuedThreadPool$Runner.run(QueuedThreadPool.java:917) [jetty-util-9.4.19.v20190610.jar:9.4.19.v20190610] at java.lang.Thread.run(Thread.java:748) [?:1.8.0_222] Caused by: org.gluu.persist.exception.operation.ConnectionException: Failed to authenticate dn at org.gluu.persist.ldap.operation.impl.LdapOperationsServiceImpl.authenticate(LdapOperationsServiceImpl.java:214) ~[oxcore-persistence-ldap-4.0.Final.jar:?] at org.gluu.persist.ldap.impl.LdapEntryManager.authenticate(LdapEntryManager.java:739) ~[oxcore-persistence-ldap-4.0.Final.jar:?] ... 69 more Caused by: com.unboundid.ldap.sdk.LDAPBindException: invalid credentials at com.unboundid.ldap.sdk.LDAPConnection.bind(LDAPConnection.java:2273) ~[unboundid-ldapsdk-4.0.7.jar:4.0.7] at com.unboundid.ldap.sdk.LDAPConnection.bind(LDAPConnection.java:2228) ~[unboundid-ldapsdk-4.0.7.jar:4.0.7] at org.gluu.persist.ldap.operation.impl.LdapOperationsServiceImpl.authenticateBindConnectionPoolImpl(LdapOperationsServiceImpl.java:285) ~[oxcore-persistence-ldap-4.0.Final.jar:?] at org.gluu.persist.ldap.operation.impl.LdapOperationsServiceImpl.authenticateImpl(LdapOperationsServiceImpl.java:242) ~[oxcore-persistence-ldap-4.0.Final.jar:?] at org.gluu.persist.ldap.operation.impl.LdapOperationsServiceImpl.authenticate(LdapOperationsServiceImpl.java:212) ~[oxcore-persistence-ldap-4.0.Final.jar:?] at org.gluu.persist.ldap.impl.LdapEntryManager.authenticate(LdapEntryManager.java:739) ~[oxcore-persistence-ldap-4.0.Final.jar:?] ... 69 more 2019-11-19 16:37:50,753 ERROR [qtp1359044626-14] [org.gluu.service.custom.script.CustomScriptManager] (CustomScriptManager.java:439) - Failed to store script 'null' error java.lang.NullPointerException: null at org.gluu.service.custom.script.CustomScriptManager.saveScriptErrorImpl(CustomScriptManager.java:446) ~[oxcore-service-4.0.Final.jar:?] at org.gluu.service.custom.script.CustomScriptManager$Proxy$_$$_WeldSubclass.saveScriptErrorImpl(Unknown Source) ~[oxcore-service-4.0.Final.jar:?] at org.gluu.service.custom.script.CustomScriptManager.saveScriptError(CustomScriptManager.java:437) [oxcore-service-4.0.Final.jar:?] at org.gluu.service.custom.script.CustomScriptManager$Proxy$_$$_WeldSubclass.saveScriptError(Unknown Source) [oxcore-service-4.0.Final.jar:?] at org.gluu.service.custom.script.CustomScriptManager.saveScriptError(CustomScriptManager.java:432) [oxcore-service-4.0.Final.jar:?] at org.gluu.service.custom.script.CustomScriptManager$Proxy$_$$_WeldSubclass.saveScriptError(Unknown Source) [oxcore-service-4.0.Final.jar:?] at org.gluu.service.custom.script.CustomScriptManager$Proxy$_$$_WeldClientProxy.saveScriptError(Unknown Source) [oxcore-service-4.0.Final.jar:?] at org.gluu.service.custom.script.ExternalScriptService.saveScriptError(ExternalScriptService.java:109) [oxcore-service-4.0.Final.jar:?] at org.gluu.oxauth.service.external.ExternalAuthenticationService.executeExternalAuthenticate(ExternalAuthenticationService.java:199) [classes/:?] at org.gluu.oxauth.service.external.ExternalAuthenticationService$Proxy$_$$_WeldClientProxy.executeExternalAuthenticate(Unknown Source) [classes/:?] at org.gluu.oxauth.auth.Authenticator.userAuthenticationInteractive(Authenticator.java:320) [classes/:?] at org.gluu.oxauth.auth.Authenticator.authenticateImpl(Authenticator.java:203) [classes/:?] at org.gluu.oxauth.auth.Authenticator.authenticate(Authenticator.java:132) [classes/:?] at sun.reflect.GeneratedMethodAccessor412.invoke(Unknown Source) ~[?:?] at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) ~[?:1.8.0_222] at java.lang.reflect.Method.invoke(Method.java:498) ~[?:1.8.0_222] at org.apache.el.parser.AstValue.invoke(AstValue.java:247) [org.mortbay.jasper.apache-el-8.5.40.jar:8.5.40] at org.apache.el.MethodExpressionImpl.invoke(MethodExpressionImpl.java:267) [org.mortbay.jasper.apache-el-8.5.40.jar:8.5.40] at org.jboss.weld.module.web.util.el.ForwardingMethodExpression.invoke(ForwardingMethodExpression.java:40) [weld-web-3.1.1.Final.jar:3.1.1.Final] at org.jboss.weld.module.web.el.WeldMethodExpression.invoke(WeldMethodExpression.java:50) [weld-web-3.1.1.Final.jar:3.1.1.Final] at com.sun.faces.facelets.el.TagMethodExpression.invoke(TagMethodExpression.java:105) [javax.faces-2.2.16.jar:2.2.16] at javax.faces.component.MethodBindingMethodExpressionAdapter.invoke(MethodBindingMethodExpressionAdapter.java:87) [javax.faces-2.2.16.jar:2.2.16] at com.sun.faces.application.ActionListenerImpl.processAction(ActionListenerImpl.java:102) [javax.faces-2.2.16.jar:2.2.16] at javax.faces.component.UICommand.broadcast(UICommand.java:315) [javax.faces-2.2.16.jar:2.2.16] at javax.faces.component.UIViewRoot.broadcastEvents(UIViewRoot.java:790) [javax.faces-2.2.16.jar:2.2.16] at javax.faces.component.UIViewRoot.processApplication(UIViewRoot.java:1282) [javax.faces-2.2.16.jar:2.2.16] at com.sun.faces.lifecycle.InvokeApplicationPhase.execute(InvokeApplicationPhase.java:81) [javax.faces-2.2.16.jar:2.2.16] at com.sun.faces.lifecycle.Phase.doPhase(Phase.java:101) [javax.faces-2.2.16.jar:2.2.16] at com.sun.faces.lifecycle.LifecycleImpl.execute(LifecycleImpl.java:198) [javax.faces-2.2.16.jar:2.2.16] at javax.faces.webapp.FacesServlet.service(FacesServlet.java:658) [javax.faces-2.2.16.jar:2.2.16] at org.eclipse.jetty.servlet.ServletHolder.handle(ServletHolder.java:876) [jetty-servlet-9.4.19.v20190610.jar:9.4.19.v20190610] at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1623) [jetty-servlet-9.4.19.v20190610.jar:9.4.19.v20190610] at org.eclipse.jetty.websocket.server.WebSocketUpgradeFilter.doFilter(WebSocketUpgradeFilter.java:214) [websocket-server-9.4.19.v20190610.jar:9.4.19.v20190610] at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1610) [jetty-servlet-9.4.19.v20190610.jar:9.4.19.v20190610] at org.gluu.oxauth.audit.debug.ServletLoggingFilter.doFilter(ServletLoggingFilter.java:67) [classes/:?] at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1602) [jetty-servlet-9.4.19.v20190610.jar:9.4.19.v20190610] at org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:540) [jetty-servlet-9.4.19.v20190610.jar:9.4.19.v20190610] at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:146) [jetty-server-9.4.19.v20190610.jar:9.4.19.v20190610] at org.eclipse.jetty.security.SecurityHandler.handle(SecurityHandler.java:548) [jetty-security-9.4.19.v20190610.jar:9.4.19.v20190610] at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:132) [jetty-server-9.4.19.v20190610.jar:9.4.19.v20190610] at org.eclipse.jetty.server.handler.ScopedHandler.nextHandle(ScopedHandler.java:257) [jetty-server-9.4.19.v20190610.jar:9.4.19.v20190610] at org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:1711) [jetty-server-9.4.19.v20190610.jar:9.4.19.v20190610] at org.eclipse.jetty.server.handler.ScopedHandler.nextHandle(ScopedHandler.java:255) [jetty-server-9.4.19.v20190610.jar:9.4.19.v20190610] at org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1347) [jetty-server-9.4.19.v20190610.jar:9.4.19.v20190610] at org.eclipse.jetty.server.handler.ScopedHandler.nextScope(ScopedHandler.java:203) [jetty-server-9.4.19.v20190610.jar:9.4.19.v20190610] at org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:480) [jetty-servlet-9.4.19.v20190610.jar:9.4.19.v20190610] at org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:1678) [jetty-server-9.4.19.v20190610.jar:9.4.19.v20190610] at org.eclipse.jetty.server.handler.ScopedHandler.nextScope(ScopedHandler.java:201) [jetty-server-9.4.19.v20190610.jar:9.4.19.v20190610] at org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1249) [jetty-server-9.4.19.v20190610.jar:9.4.19.v20190610] at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:144) [jetty-server-9.4.19.v20190610.jar:9.4.19.v20190610] at org.eclipse.jetty.server.handler.ContextHandlerCollection.handle(ContextHandlerCollection.java:220) [jetty-server-9.4.19.v20190610.jar:9.4.19.v20190610] at org.eclipse.jetty.server.handler.HandlerCollection.handle(HandlerCollection.java:152) [jetty-server-9.4.19.v20190610.jar:9.4.19.v20190610] at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:132) [jetty-server-9.4.19.v20190610.jar:9.4.19.v20190610] at org.eclipse.jetty.server.Server.handle(Server.java:505) [jetty-server-9.4.19.v20190610.jar:9.4.19.v20190610] at org.eclipse.jetty.server.HttpChannel.handle(HttpChannel.java:370) [jetty-server-9.4.19.v20190610.jar:9.4.19.v20190610] at org.eclipse.jetty.server.HttpConnection.onFillable(HttpConnection.java:267) [jetty-server-9.4.19.v20190610.jar:9.4.19.v20190610] at org.eclipse.jetty.io.AbstractConnection$ReadCallback.succeeded(AbstractConnection.java:305) [jetty-io-9.4.19.v20190610.jar:9.4.19.v20190610] at org.eclipse.jetty.io.FillInterest.fillable(FillInterest.java:103) [jetty-io-9.4.19.v20190610.jar:9.4.19.v20190610] at org.eclipse.jetty.io.ChannelEndPoint$2.run(ChannelEndPoint.java:117) [jetty-io-9.4.19.v20190610.jar:9.4.19.v20190610] at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.runTask(EatWhatYouKill.java:333) [jetty-util-9.4.19.v20190610.jar:9.4.19.v20190610] at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.doProduce(EatWhatYouKill.java:310) [jetty-util-9.4.19.v20190610.jar:9.4.19.v20190610] at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.tryProduce(EatWhatYouKill.java:168) [jetty-util-9.4.19.v20190610.jar:9.4.19.v20190610] at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.run(EatWhatYouKill.java:126) [jetty-util-9.4.19.v20190610.jar:9.4.19.v20190610] at org.eclipse.jetty.util.thread.ReservedThreadExecutor$ReservedThread.run(ReservedThreadExecutor.java:366) [jetty-util-9.4.19.v20190610.jar:9.4.19.v20190610] at org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:781) [jetty-util-9.4.19.v20190610.jar:9.4.19.v20190610] at org.eclipse.jetty.util.thread.QueuedThreadPool$Runner.run(QueuedThreadPool.java:917) [jetty-util-9.4.19.v20190610.jar:9.4.19.v20190610] at java.lang.Thread.run(Thread.java:748) [?:1.8.0_222] 2019-11-19 16:37:50,754 DEBUG [qtp1359044626-14] [org.gluu.oxauth.service.external.ExternalAuthenticationService] (ExternalAuthenticationService.java:291) - Executing python 'getApiVersion' authenticator method ```

By Francis Lowry user 20 Nov 2019 at 2:48 a.m. CST

Francis Lowry gravatar
Hi, I am happy to do a remote session if that would help & I am happy to restart with a clean install if necessary. Regards Francis

By Yuriy Movchan staff 20 Nov 2019 at 3:37 a.m. CST

Yuriy Movchan gravatar
Hi, Can you remove testing `ad_1` configuration from `/etc/certs/multi_auth_conf.json`? CR doesn't copy `userPassowrd` attribute from AD server. Hence we need to specify only AD servers in configuration file. Regards, Yuriy

By Francis Lowry user 20 Nov 2019 at 3:50 a.m. CST

Francis Lowry gravatar
Yes, Did that, restarted, same error on trying to authenticate an AD account. DN: inum=0000!3B0B.500B,ou=people,o=gluu does map to the same login account I have tried switching the loginattributes, and localloginattributes to use samaccountname, then userprincipalname, same error snip ``` Caused by: org.gluu.persist.exception.operation.ConnectionException: Failed to authenticate dn at org.gluu.persist.ldap.operation.impl.LdapOperationsServiceImpl.authenticate(LdapOperationsServiceImpl.java:214) ~[oxcore-persistence-ldap-4.0.Final.jar:?] at org.gluu.persist.ldap.impl.LdapEntryManager.authenticate(LdapEntryManager.java:739) ~[oxcore-persistence-ldap-4.0.Final.jar:?] ... 70 more Caused by: com.unboundid.ldap.sdk.LDAPBindException: invalid credentials ``` Full stack trace ``` 2019-11-20 09:45:42,684 DEBUG [qtp1359044626-14] [org.gluu.oxauth.service.external.ExternalAuthenticationService] (ExternalAuthenticationService.java:193) - Executing python 'authenticate' authenticator method 2019-11-20 09:45:42,693 ERROR [qtp1359044626-14] [org.gluu.oxauth.service.external.ExternalAuthenticationService] (ExternalAuthenticationService.java:198) - Failed to authenticate DN: inum=0000!3B0B.500B,ou=people,o=gluu org.gluu.persist.exception.AuthenticationException: Failed to authenticate DN: inum=0000!3B0B.500B,ou=people,o=gluu at org.gluu.persist.ldap.impl.LdapEntryManager.authenticate(LdapEntryManager.java:741) ~[oxcore-persistence-ldap-4.0.Final.jar:?] at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) ~[?:1.8.0_222] at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) ~[?:1.8.0_222] at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) ~[?:1.8.0_222] at java.lang.reflect.Method.invoke(Method.java:498) ~[?:1.8.0_222] at org.jboss.weld.bean.proxy.AbstractBeanInstance.invoke(AbstractBeanInstance.java:38) ~[weld-core-impl-3.1.1.Final.jar:3.1.1.Final] at org.jboss.weld.bean.proxy.ProxyMethodHandler.invoke(ProxyMethodHandler.java:106) ~[weld-core-impl-3.1.1.Final.jar:3.1.1.Final] at org.gluu.persist.EntityManager$PersistenceEntryManager$1948486608$Proxy$_$$_WeldClientProxy.authenticate(Unknown Source) ~[weld-core-impl-3.1.1.Final.jar:?] at org.gluu.oxauth.service.AuthenticationService.localAuthenticate(AuthenticationService.java:171) ~[classes/:?] at org.gluu.oxauth.service.AuthenticationService.authenticate(AuthenticationService.java:121) ~[classes/:?] at org.gluu.oxauth.service.external.internal.InternalDefaultPersonAuthenticationType.authenticate(InternalDefaultPersonAuthenticationType.java:38) ~[classes/:?] at org.gluu.oxauth.service.external.ExternalAuthenticationService.executeExternalAuthenticate(ExternalAuthenticationService.java:196) [classes/:?] at org.gluu.oxauth.service.external.ExternalAuthenticationService$Proxy$_$$_WeldClientProxy.executeExternalAuthenticate(Unknown Source) [classes/:?] at org.gluu.oxauth.auth.Authenticator.userAuthenticationInteractive(Authenticator.java:320) [classes/:?] at org.gluu.oxauth.auth.Authenticator.authenticateImpl(Authenticator.java:203) [classes/:?] at org.gluu.oxauth.auth.Authenticator.authenticate(Authenticator.java:132) [classes/:?] at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) ~[?:1.8.0_222] at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) ~[?:1.8.0_222] at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) ~[?:1.8.0_222] at java.lang.reflect.Method.invoke(Method.java:498) ~[?:1.8.0_222] at org.apache.el.parser.AstValue.invoke(AstValue.java:247) [org.mortbay.jasper.apache-el-8.5.40.jar:8.5.40] at org.apache.el.MethodExpressionImpl.invoke(MethodExpressionImpl.java:267) [org.mortbay.jasper.apache-el-8.5.40.jar:8.5.40] at org.jboss.weld.module.web.util.el.ForwardingMethodExpression.invoke(ForwardingMethodExpression.java:40) [weld-web-3.1.1.Final.jar:3.1.1.Final] at org.jboss.weld.module.web.el.WeldMethodExpression.invoke(WeldMethodExpression.java:50) [weld-web-3.1.1.Final.jar:3.1.1.Final] at com.sun.faces.facelets.el.TagMethodExpression.invoke(TagMethodExpression.java:105) [javax.faces-2.2.16.jar:2.2.16] at javax.faces.component.MethodBindingMethodExpressionAdapter.invoke(MethodBindingMethodExpressionAdapter.java:87) [javax.faces-2.2.16.jar:2.2.16] at com.sun.faces.application.ActionListenerImpl.processAction(ActionListenerImpl.java:102) [javax.faces-2.2.16.jar:2.2.16] at javax.faces.component.UICommand.broadcast(UICommand.java:315) [javax.faces-2.2.16.jar:2.2.16] at javax.faces.component.UIViewRoot.broadcastEvents(UIViewRoot.java:790) [javax.faces-2.2.16.jar:2.2.16] at javax.faces.component.UIViewRoot.processApplication(UIViewRoot.java:1282) [javax.faces-2.2.16.jar:2.2.16] at com.sun.faces.lifecycle.InvokeApplicationPhase.execute(InvokeApplicationPhase.java:81) [javax.faces-2.2.16.jar:2.2.16] at com.sun.faces.lifecycle.Phase.doPhase(Phase.java:101) [javax.faces-2.2.16.jar:2.2.16] at com.sun.faces.lifecycle.LifecycleImpl.execute(LifecycleImpl.java:198) [javax.faces-2.2.16.jar:2.2.16] at javax.faces.webapp.FacesServlet.service(FacesServlet.java:658) [javax.faces-2.2.16.jar:2.2.16] at org.eclipse.jetty.servlet.ServletHolder.handle(ServletHolder.java:876) [jetty-servlet-9.4.19.v20190610.jar:9.4.19.v20190610] at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1623) [jetty-servlet-9.4.19.v20190610.jar:9.4.19.v20190610] at org.eclipse.jetty.websocket.server.WebSocketUpgradeFilter.doFilter(WebSocketUpgradeFilter.java:214) [websocket-server-9.4.19.v20190610.jar:9.4.19.v20190610] at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1610) [jetty-servlet-9.4.19.v20190610.jar:9.4.19.v20190610] at org.gluu.oxauth.audit.debug.ServletLoggingFilter.doFilter(ServletLoggingFilter.java:67) [classes/:?] at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1602) [jetty-servlet-9.4.19.v20190610.jar:9.4.19.v20190610] at org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:540) [jetty-servlet-9.4.19.v20190610.jar:9.4.19.v20190610] at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:146) [jetty-server-9.4.19.v20190610.jar:9.4.19.v20190610] at org.eclipse.jetty.security.SecurityHandler.handle(SecurityHandler.java:548) [jetty-security-9.4.19.v20190610.jar:9.4.19.v20190610] at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:132) [jetty-server-9.4.19.v20190610.jar:9.4.19.v20190610] at org.eclipse.jetty.server.handler.ScopedHandler.nextHandle(ScopedHandler.java:257) [jetty-server-9.4.19.v20190610.jar:9.4.19.v20190610] at org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:1711) [jetty-server-9.4.19.v20190610.jar:9.4.19.v20190610] at org.eclipse.jetty.server.handler.ScopedHandler.nextHandle(ScopedHandler.java:255) [jetty-server-9.4.19.v20190610.jar:9.4.19.v20190610] at org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1347) [jetty-server-9.4.19.v20190610.jar:9.4.19.v20190610] at org.eclipse.jetty.server.handler.ScopedHandler.nextScope(ScopedHandler.java:203) [jetty-server-9.4.19.v20190610.jar:9.4.19.v20190610] at org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:480) [jetty-servlet-9.4.19.v20190610.jar:9.4.19.v20190610] at org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:1678) [jetty-server-9.4.19.v20190610.jar:9.4.19.v20190610] at org.eclipse.jetty.server.handler.ScopedHandler.nextScope(ScopedHandler.java:201) [jetty-server-9.4.19.v20190610.jar:9.4.19.v20190610] at org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1249) [jetty-server-9.4.19.v20190610.jar:9.4.19.v20190610] at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:144) [jetty-server-9.4.19.v20190610.jar:9.4.19.v20190610] at org.eclipse.jetty.server.handler.ContextHandlerCollection.handle(ContextHandlerCollection.java:220) [jetty-server-9.4.19.v20190610.jar:9.4.19.v20190610] at org.eclipse.jetty.server.handler.HandlerCollection.handle(HandlerCollection.java:152) [jetty-server-9.4.19.v20190610.jar:9.4.19.v20190610] at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:132) [jetty-server-9.4.19.v20190610.jar:9.4.19.v20190610] at org.eclipse.jetty.server.Server.handle(Server.java:505) [jetty-server-9.4.19.v20190610.jar:9.4.19.v20190610] at org.eclipse.jetty.server.HttpChannel.handle(HttpChannel.java:370) [jetty-server-9.4.19.v20190610.jar:9.4.19.v20190610] at org.eclipse.jetty.server.HttpConnection.onFillable(HttpConnection.java:267) [jetty-server-9.4.19.v20190610.jar:9.4.19.v20190610] at org.eclipse.jetty.io.AbstractConnection$ReadCallback.succeeded(AbstractConnection.java:305) [jetty-io-9.4.19.v20190610.jar:9.4.19.v20190610] at org.eclipse.jetty.io.FillInterest.fillable(FillInterest.java:103) [jetty-io-9.4.19.v20190610.jar:9.4.19.v20190610] at org.eclipse.jetty.io.ChannelEndPoint$2.run(ChannelEndPoint.java:117) [jetty-io-9.4.19.v20190610.jar:9.4.19.v20190610] at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.runTask(EatWhatYouKill.java:333) [jetty-util-9.4.19.v20190610.jar:9.4.19.v20190610] at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.doProduce(EatWhatYouKill.java:310) [jetty-util-9.4.19.v20190610.jar:9.4.19.v20190610] at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.tryProduce(EatWhatYouKill.java:168) [jetty-util-9.4.19.v20190610.jar:9.4.19.v20190610] at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.run(EatWhatYouKill.java:126) [jetty-util-9.4.19.v20190610.jar:9.4.19.v20190610] at org.eclipse.jetty.util.thread.ReservedThreadExecutor$ReservedThread.run(ReservedThreadExecutor.java:366) [jetty-util-9.4.19.v20190610.jar:9.4.19.v20190610] at org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:781) [jetty-util-9.4.19.v20190610.jar:9.4.19.v20190610] at org.eclipse.jetty.util.thread.QueuedThreadPool$Runner.run(QueuedThreadPool.java:917) [jetty-util-9.4.19.v20190610.jar:9.4.19.v20190610] at java.lang.Thread.run(Thread.java:748) [?:1.8.0_222] Caused by: org.gluu.persist.exception.operation.ConnectionException: Failed to authenticate dn at org.gluu.persist.ldap.operation.impl.LdapOperationsServiceImpl.authenticate(LdapOperationsServiceImpl.java:214) ~[oxcore-persistence-ldap-4.0.Final.jar:?] at org.gluu.persist.ldap.impl.LdapEntryManager.authenticate(LdapEntryManager.java:739) ~[oxcore-persistence-ldap-4.0.Final.jar:?] ... 70 more Caused by: com.unboundid.ldap.sdk.LDAPBindException: invalid credentials at com.unboundid.ldap.sdk.LDAPConnection.bind(LDAPConnection.java:2273) ~[unboundid-ldapsdk-4.0.7.jar:4.0.7] at com.unboundid.ldap.sdk.LDAPConnection.bind(LDAPConnection.java:2228) ~[unboundid-ldapsdk-4.0.7.jar:4.0.7] at org.gluu.persist.ldap.operation.impl.LdapOperationsServiceImpl.authenticateBindConnectionPoolImpl(LdapOperationsServiceImpl.java:285) ~[oxcore-persistence-ldap-4.0.Final.jar:?] at org.gluu.persist.ldap.operation.impl.LdapOperationsServiceImpl.authenticateImpl(LdapOperationsServiceImpl.java:242) ~[oxcore-persistence-ldap-4.0.Final.jar:?] at org.gluu.persist.ldap.operation.impl.LdapOperationsServiceImpl.authenticate(LdapOperationsServiceImpl.java:212) ~[oxcore-persistence-ldap-4.0.Final.jar:?] at org.gluu.persist.ldap.impl.LdapEntryManager.authenticate(LdapEntryManager.java:739) ~[oxcore-persistence-ldap-4.0.Final.jar:?] ... 70 more 2019-11-20 09:45:42,695 ERROR [qtp1359044626-14] [org.gluu.service.custom.script.CustomScriptManager] (CustomScriptManager.java:439) - Failed to store script 'null' error java.lang.NullPointerException: null at org.gluu.service.custom.script.CustomScriptManager.saveScriptErrorImpl(CustomScriptManager.java:446) ~[oxcore-service-4.0.Final.jar:?] at org.gluu.service.custom.script.CustomScriptManager$Proxy$_$$_WeldSubclass.saveScriptErrorImpl(Unknown Source) ~[oxcore-service-4.0.Final.jar:?] at org.gluu.service.custom.script.CustomScriptManager.saveScriptError(CustomScriptManager.java:437) [oxcore-service-4.0.Final.jar:?] at org.gluu.service.custom.script.CustomScriptManager$Proxy$_$$_WeldSubclass.saveScriptError(Unknown Source) [oxcore-service-4.0.Final.jar:?] at org.gluu.service.custom.script.CustomScriptManager.saveScriptError(CustomScriptManager.java:432) [oxcore-service-4.0.Final.jar:?] at org.gluu.service.custom.script.CustomScriptManager$Proxy$_$$_WeldSubclass.saveScriptError(Unknown Source) [oxcore-service-4.0.Final.jar:?] at org.gluu.service.custom.script.CustomScriptManager$Proxy$_$$_WeldClientProxy.saveScriptError(Unknown Source) [oxcore-service-4.0.Final.jar:?] at org.gluu.service.custom.script.ExternalScriptService.saveScriptError(ExternalScriptService.java:109) [oxcore-service-4.0.Final.jar:?] at org.gluu.oxauth.service.external.ExternalAuthenticationService.executeExternalAuthenticate(ExternalAuthenticationService.java:199) [classes/:?] at org.gluu.oxauth.service.external.ExternalAuthenticationService$Proxy$_$$_WeldClientProxy.executeExternalAuthenticate(Unknown Source) [classes/:?] at org.gluu.oxauth.auth.Authenticator.userAuthenticationInteractive(Authenticator.java:320) [classes/:?] at org.gluu.oxauth.auth.Authenticator.authenticateImpl(Authenticator.java:203) [classes/:?] at org.gluu.oxauth.auth.Authenticator.authenticate(Authenticator.java:132) [classes/:?] at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) ~[?:1.8.0_222] at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) ~[?:1.8.0_222] at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) ~[?:1.8.0_222] at java.lang.reflect.Method.invoke(Method.java:498) ~[?:1.8.0_222] at org.apache.el.parser.AstValue.invoke(AstValue.java:247) [org.mortbay.jasper.apache-el-8.5.40.jar:8.5.40] at org.apache.el.MethodExpressionImpl.invoke(MethodExpressionImpl.java:267) [org.mortbay.jasper.apache-el-8.5.40.jar:8.5.40] at org.jboss.weld.module.web.util.el.ForwardingMethodExpression.invoke(ForwardingMethodExpression.java:40) [weld-web-3.1.1.Final.jar:3.1.1.Final] at org.jboss.weld.module.web.el.WeldMethodExpression.invoke(WeldMethodExpression.java:50) [weld-web-3.1.1.Final.jar:3.1.1.Final] at com.sun.faces.facelets.el.TagMethodExpression.invoke(TagMethodExpression.java:105) [javax.faces-2.2.16.jar:2.2.16] at javax.faces.component.MethodBindingMethodExpressionAdapter.invoke(MethodBindingMethodExpressionAdapter.java:87) [javax.faces-2.2.16.jar:2.2.16] at com.sun.faces.application.ActionListenerImpl.processAction(ActionListenerImpl.java:102) [javax.faces-2.2.16.jar:2.2.16] at javax.faces.component.UICommand.broadcast(UICommand.java:315) [javax.faces-2.2.16.jar:2.2.16] at javax.faces.component.UIViewRoot.broadcastEvents(UIViewRoot.java:790) [javax.faces-2.2.16.jar:2.2.16] at javax.faces.component.UIViewRoot.processApplication(UIViewRoot.java:1282) [javax.faces-2.2.16.jar:2.2.16] at com.sun.faces.lifecycle.InvokeApplicationPhase.execute(InvokeApplicationPhase.java:81) [javax.faces-2.2.16.jar:2.2.16] at com.sun.faces.lifecycle.Phase.doPhase(Phase.java:101) [javax.faces-2.2.16.jar:2.2.16] at com.sun.faces.lifecycle.LifecycleImpl.execute(LifecycleImpl.java:198) [javax.faces-2.2.16.jar:2.2.16] at javax.faces.webapp.FacesServlet.service(FacesServlet.java:658) [javax.faces-2.2.16.jar:2.2.16] at org.eclipse.jetty.servlet.ServletHolder.handle(ServletHolder.java:876) [jetty-servlet-9.4.19.v20190610.jar:9.4.19.v20190610] at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1623) [jetty-servlet-9.4.19.v20190610.jar:9.4.19.v20190610] at org.eclipse.jetty.websocket.server.WebSocketUpgradeFilter.doFilter(WebSocketUpgradeFilter.java:214) [websocket-server-9.4.19.v20190610.jar:9.4.19.v20190610] at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1610) [jetty-servlet-9.4.19.v20190610.jar:9.4.19.v20190610] at org.gluu.oxauth.audit.debug.ServletLoggingFilter.doFilter(ServletLoggingFilter.java:67) [classes/:?] at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1602) [jetty-servlet-9.4.19.v20190610.jar:9.4.19.v20190610] at org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:540) [jetty-servlet-9.4.19.v20190610.jar:9.4.19.v20190610] at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:146) [jetty-server-9.4.19.v20190610.jar:9.4.19.v20190610] at org.eclipse.jetty.security.SecurityHandler.handle(SecurityHandler.java:548) [jetty-security-9.4.19.v20190610.jar:9.4.19.v20190610] at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:132) [jetty-server-9.4.19.v20190610.jar:9.4.19.v20190610] at org.eclipse.jetty.server.handler.ScopedHandler.nextHandle(ScopedHandler.java:257) [jetty-server-9.4.19.v20190610.jar:9.4.19.v20190610] at org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:1711) [jetty-server-9.4.19.v20190610.jar:9.4.19.v20190610] at org.eclipse.jetty.server.handler.ScopedHandler.nextHandle(ScopedHandler.java:255) [jetty-server-9.4.19.v20190610.jar:9.4.19.v20190610] at org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1347) [jetty-server-9.4.19.v20190610.jar:9.4.19.v20190610] at org.eclipse.jetty.server.handler.ScopedHandler.nextScope(ScopedHandler.java:203) [jetty-server-9.4.19.v20190610.jar:9.4.19.v20190610] at org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:480) [jetty-servlet-9.4.19.v20190610.jar:9.4.19.v20190610] at org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:1678) [jetty-server-9.4.19.v20190610.jar:9.4.19.v20190610] at org.eclipse.jetty.server.handler.ScopedHandler.nextScope(ScopedHandler.java:201) [jetty-server-9.4.19.v20190610.jar:9.4.19.v20190610] at org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1249) [jetty-server-9.4.19.v20190610.jar:9.4.19.v20190610] at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:144) [jetty-server-9.4.19.v20190610.jar:9.4.19.v20190610] at org.eclipse.jetty.server.handler.ContextHandlerCollection.handle(ContextHandlerCollection.java:220) [jetty-server-9.4.19.v20190610.jar:9.4.19.v20190610] at org.eclipse.jetty.server.handler.HandlerCollection.handle(HandlerCollection.java:152) [jetty-server-9.4.19.v20190610.jar:9.4.19.v20190610] at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:132) [jetty-server-9.4.19.v20190610.jar:9.4.19.v20190610] at org.eclipse.jetty.server.Server.handle(Server.java:505) [jetty-server-9.4.19.v20190610.jar:9.4.19.v20190610] at org.eclipse.jetty.server.HttpChannel.handle(HttpChannel.java:370) [jetty-server-9.4.19.v20190610.jar:9.4.19.v20190610] at org.eclipse.jetty.server.HttpConnection.onFillable(HttpConnection.java:267) [jetty-server-9.4.19.v20190610.jar:9.4.19.v20190610] at org.eclipse.jetty.io.AbstractConnection$ReadCallback.succeeded(AbstractConnection.java:305) [jetty-io-9.4.19.v20190610.jar:9.4.19.v20190610] at org.eclipse.jetty.io.FillInterest.fillable(FillInterest.java:103) [jetty-io-9.4.19.v20190610.jar:9.4.19.v20190610] at org.eclipse.jetty.io.ChannelEndPoint$2.run(ChannelEndPoint.java:117) [jetty-io-9.4.19.v20190610.jar:9.4.19.v20190610] at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.runTask(EatWhatYouKill.java:333) [jetty-util-9.4.19.v20190610.jar:9.4.19.v20190610] at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.doProduce(EatWhatYouKill.java:310) [jetty-util-9.4.19.v20190610.jar:9.4.19.v20190610] at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.tryProduce(EatWhatYouKill.java:168) [jetty-util-9.4.19.v20190610.jar:9.4.19.v20190610] at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.run(EatWhatYouKill.java:126) [jetty-util-9.4.19.v20190610.jar:9.4.19.v20190610] at org.eclipse.jetty.util.thread.ReservedThreadExecutor$ReservedThread.run(ReservedThreadExecutor.java:366) [jetty-util-9.4.19.v20190610.jar:9.4.19.v20190610] at org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:781) [jetty-util-9.4.19.v20190610.jar:9.4.19.v20190610] at org.eclipse.jetty.util.thread.QueuedThreadPool$Runner.run(QueuedThreadPool.java:917) [jetty-util-9.4.19.v20190610.jar:9.4.19.v20190610] at java.lang.Thread.run(Thread.java:748) [?:1.8.0_222] 2019-11-20 09:45:42,695 DEBUG [qtp1359044626-14] [org.gluu.oxauth.service.external.ExternalAuthenticationService] (ExternalAuthenticationService.java:291) - Executing python 'getApiVersion' authenticator method ```

By Yuriy Movchan staff 20 Nov 2019 at 4:08 a.m. CST

Yuriy Movchan gravatar
The persons DNs should be inside `"baseDNs":["DC=romaxtechnology,DC=com"],` tree. Can you share oxauth_sript.log I will check it log records

By Francis Lowry user 20 Nov 2019 at 6:21 a.m. CST

Francis Lowry gravatar
Hi, Am not 100% sure I understand your statement. the baseDN DC=romaxtechnology,DC=com is the top of our AD Tree. I specifically used the top for testing and will change once I have everything working. Please find the full ox_script attached.

By Yuriy Movchan staff 20 Nov 2019 at 9:42 a.m. CST

Yuriy Movchan gravatar
I asked about baseDN because in log there is: ``` org.gluu.persist.exception.AuthenticationException: Failed to authenticate DN: inum=0000!3B0B.500B,ou=people,o=gluu at org.gluu.persist.ldap.impl.LdapEntryManager.authenticate(LdapEntryManager.java:741) ~[oxcore-persistence-ldap-4.0.Final.jar:?] ``` In this line we send bind request to validate password. It looks like oxAuth sends this request to local LDAP server. Hence use password validation is fail because there is no userPassword in lcoal DB. oxAuth in your case should send bind to AD server. I asked our support engineer Mohit to try to reproduce your environment locally. Regards, Yuriy

By Mohit Mali staff 25 Nov 2019 at 5:28 a.m. CST

Mohit Mali gravatar
hi Francis Lowry, I have tested your issue over local enviorment , the script is working fine for me , i can login with mail attribute. I have tested the envrionment with apache directory server. configuration ```{ "ldap_configuration": [ { "configId":"ad_1", "servers":["192.168.0.110:10389"], "bindDN":"uid=admin,ou=system", "bindPassword":"secret", "useSSL":false, "maxConnections":3, "baseDNs":["dc=gluu"], "loginAttributes":["uid"], "localLoginAttributes":["uid"] }, { "configId":"ad_2", "servers":["192.168.0.106:10389"], "bindDN":"uid=admin,ou=system", "bindPassword":"secret", "useSSL":false, "maxConnections":3, "baseDNs":["dc=gluu"], "loginAttributes":["mail"], "localLoginAttributes":["mail"] } ] } ``` over first server i am only able to login with uid but on second server i can only login with mail. Please let me know if you still stuck on this issue. Thanks and Regards Mohit Mali

By Francis Lowry user 27 Nov 2019 at 3:25 a.m. CST

Francis Lowry gravatar
Hi, Not quite the same test as this is against ApacheLDAP, and not MS Active Directory and also not useSSL:true. I will repeat my configuration against an OpenLDAP directory and see if I can get it working and then reply