Setting up LDAP with Shibboleth Idp 2.4.0
Farrukh Najmi
farrukh at wellfleetsoftware.com
Mon May 20 12:54:41 EDT 2013
Here is the relevant stack trace from logs/idp-process.log.
12:49:53.223 - DEBUG [edu.vt.middleware.ldap.jaas.LdapLoginModule:136] -
Authentication failed
javax.naming.AuthenticationException: Cannot authenticate dn, invalid dn
at
edu.vt.middleware.ldap.auth.AbstractAuthenticator.authenticateAndAuthorize(AbstractAuthenticator.jav
a:160) ~[vt-ldap-3.3.6.jar:na]
at
edu.vt.middleware.ldap.jaas.JaasAuthenticator.authenticate(JaasAuthenticator.java:74)
~[vt-ldap-3.3.
6.jar:na]
at
edu.vt.middleware.ldap.auth.Authenticator.authenticate(Authenticator.java:320)
~[vt-ldap-3.3.6.jar:n
a]
at
edu.vt.middleware.ldap.auth.Authenticator.authenticate(Authenticator.java:277)
~[vt-ldap-3.3.6.jar:n
a]
at
edu.vt.middleware.ldap.jaas.JaasAuthenticator.authenticate(JaasAuthenticator.java:60)
~[vt-ldap-3.3.
6.jar:na]
at
edu.vt.middleware.ldap.jaas.LdapLoginModule.login(LdapLoginModule.java:103)
~[vt-ldap-3.3.6.jar:na]
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
~[na:1.7.0_21]
at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
~[na:1.7.0_21]
at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
~[na:1.7.0_21]
at java.lang.reflect.Method.invoke(Method.java:601) ~[na:1.7.0_21]
at
javax.security.auth.login.LoginContext.invoke(LoginContext.java:784)
[na:1.7.0_21]
at
javax.security.auth.login.LoginContext.access$000(LoginContext.java:203)
[na:1.7.0_21]
at
javax.security.auth.login.LoginContext$4.run(LoginContext.java:698)
[na:1.7.0_21]
at
javax.security.auth.login.LoginContext$4.run(LoginContext.java:696)
[na:1.7.0_21]
FWIW, The same config works fine in my webapp using spring-security.
<bean id="contextSource"
class="org.springframework.security.ldap.DefaultSpringSecurityContextSource">
<constructor-arg
value="ldap://localhost:33389/dc=springframework,dc=org"/>
</bean>
<bean id="userSearch"
class="org.springframework.security.ldap.search.FilterBasedLdapUserSearch">
<constructor-arg index="0" value=""/>
<constructor-arg index="1" value="(uid={0})"/>
<constructor-arg index="2" ref="contextSource" />
</bean>
Any suggestions what else could I try?
On 05/20/2013 12:07 PM, Farrukh Najmi wrote:
>
> I have been unsuccessful thus far in setting up IdP 2.4.0 with my test
> ldap server (spring-security-ldap-sample).
>
> I have made the following config changes by adding config elements
> shown for each file below:
>
> *
>
> conf/login.config
>
>
> edu.vt.middleware.ldap.jaas.LdapLoginModule required
>
> ldapUrl="ldap://localhost:33389/dc=springframework,dc=org"
>
> baseDn=""
>
> ssl="false"
>
> userFilter="uid={0}";
>
> };
>
> *
>
>
> conf/handler.xml
>
>
> <!-- Username/password login handler -->
>
> <ph:LoginHandler xsi:type="ph:UsernamePassword"
>
> jaasConfigurationLocation="file:///home/najmi/shibboleth/shibboleth-identityprovider-2.4.0/installation/conf/login.config">
>
> <ph:AuthenticationMethod>urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</ph:AuthenticationMethod>
>
> </ph:LoginHandler>
>
>
> I then try and login at the idp/login.jsp page with well-known
> credentials. I get the error below.
>
>
> ERROR
>
> An error occurred while processing your request. Please contact your
> helpdesk or user ID office for assistance.
>
> *Error Message: Invalid IdP URL (HTTP 404)*
>
>
> Also, I notice that the login.jsp code "Log in to <idpui:serviceName/>"
>
> renders as "Log in to Unspecified Service Provider". I guess this is
> telling that my config for the ldap provider is not being read for
> some reason.
>
> I have done no customization of the login.jsp page beyond changing the
> logo.
> What could be wrong and how can I debug this better.
>
> TIA for your kind help.
>
--
Regards,
Farrukh Najmi
Web: http://www.wellfleetsoftware.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://shibboleth.net/pipermail/users/attachments/20130520/b3001753/attachment.html
More information about the users
mailing list