LDAP/AD authentication failing for users with comma in CN.
greco Dec 9, 2011 3:54 PMI'm currently connecting to an Active Directory for user authentication. When I authenticate against a user with a simple CN, no spaces or commas, the authentication is successful and the groups are retrieved accordingly. If I attempt to connect to a user that has a comma or a space in their CN I get the following error:
09:16:35,544 ERROR [org.jboss.security.authentication.JBossCachedAuthenticationManager] (http--127.0.0.1-8080-1) Login failure: javax.security.auth.login.FailedLoginException: Password Incorrect/Password Required
at org.jboss.security.auth.spi.UsernamePasswordLoginModule.login(UsernamePasswordLoginModule.java:252) [picketbox-4.0.1.jar:4.0.1]
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) [:1.7.0]
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57) [:1.7.0]
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) [:1.7.0]
at java.lang.reflect.Method.invoke(Method.java:601) [:1.7.0]
at javax.security.auth.login.LoginContext.invoke(LoginContext.java:784) [:1.7.0]
at javax.security.auth.login.LoginContext.access$000(LoginContext.java:203) [:1.7.0]
at javax.security.auth.login.LoginContext$4.run(LoginContext.java:698) [:1.7.0]
at javax.security.auth.login.LoginContext$4.run(LoginContext.java:696) [:1.7.0]
at java.security.AccessController.doPrivileged(Native Method) [:1.7.0]
at javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:695) [:1.7.0]
at javax.security.auth.login.LoginContext.login(LoginContext.java:594) [:1.7.0]
at org.jboss.security.authentication.JBossCachedAuthenticationManager.defaultLogin(JBossCachedAuthenticationManager.java:411) [picketbox-infinispan-4.0.1.jar:4.0.1]
at org.jboss.security.authentication.JBossCachedAuthenticationManager.authenticate(JBossCachedAuthenticationManager.java:345) [picketbox-infinispan-4.0.1.jar:4.0.1]
at org.jboss.security.authentication.JBossCachedAuthenticationManager.isValid(JBossCachedAuthenticationManager.java:154) [picketbox-infinispan-4.0.1.jar:4.0.1]
at org.jboss.as.web.security.JBossWebRealm.authenticate(JBossWebRealm.java:127) [jboss-as-web-7.0.2.Final.jar:7.0.2.Final]
at org.apache.catalina.authenticator.FormAuthenticator.authenticate(FormAuthenticator.java:280) [jbossweb-7.0.1.Final.jar:7.0.2.Final]
at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:372) [jbossweb-7.0.1.Final.jar:7.0.2.Final]
at org.jboss.as.web.NamingValve.invoke(NamingValve.java:57) [jboss-as-web-7.0.2.Final.jar:7.0.2.Final]
at org.jboss.as.jpa.interceptor.WebNonTxEmCloserValve.invoke(WebNonTxEmCloserValve.java:49) [jboss-as-jpa-7.0.2.Final.jar:7.0.2.Final]
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:154) [jbossweb-7.0.1.Final.jar:7.0.2.Final]
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102) [jbossweb-7.0.1.Final.jar:7.0.2.Final]
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109) [jbossweb-7.0.1.Final.jar:7.0.2.Final]
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:362) [jbossweb-7.0.1.Final.jar:7.0.2.Final]
at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:877) [jbossweb-7.0.1.Final.jar:7.0.2.Final]
at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:667) [jbossweb-7.0.1.Final.jar:7.0.2.Final]
at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:952) [jbossweb-7.0.1.Final.jar:7.0.2.Final]
at java.lang.Thread.run(Thread.java:722) [:1.7.0]
This same issue was also present on Glassfish (platform I am coming from) re:http://java.net/jira/browse/GLASSFISH-4769.
Has anyone else encountered this issue before and if so what was the solution? Is there a fix planned for this? We are using the JBOSS AS 7.0.2 certified web profile version.
Thanks.