1 Reply Latest reply on Feb 8, 2016 11:44 PM by tushar.hadoop

    LDAP-Authentication failed - User does not have role 'Authenticated'

    gamba

      Hi,

       

      I'm using Jboss-Portal 2.7.2, with Jboss 4.2.3. I want to use LDAP authentication and configured my login-module

      the following way:

       

               <login-module code="org.jboss.security.auth.spi.LdapLoginModule" flag="required">
                  <module-option name="java.naming.factory.initial">com.sun.jndi.ldap.LdapCtxFactory</module-option>
                  <module-option name="java.naming.provider.url">ldap://ldap:389</module-option>
                  <module-option name="java.naming.security.authentication">simple</module-option>
                  <module-option name="principalDNPrefix">cn=</module-option>                    
                  <module-option name="principalDNSuffix">,ou=edv,ou=user,ou=ze,o=de</module-option>
                  <module-option name="rolesCtxDN">ou=gruppen,ou=ze,o=de</module-option>
                  <module-option name="uidAttributeID">member</module-option>
                  <module-option name="matchOnUserDN">true</module-option>
                  <module-option name="roleAttributeID">cn</module-option>
                  <module-option name="roleAttributeIsDN">false</module-option>
                  <module-option name="searchTimeLimit">5000</module-option>
                  <module-option name="searchScope">ONELEVEL_SCOPE</module-option>
                  <module-option name="allowEmptyPasswords">false</module-option> 
                  <module-option name="additionalRole">Authenticated</module-option>
                  <module-option name="unauthenticatedIdentity">guest</module-option>
                </login-module>
      

       

      After entering my login credentials I'm getting the following error. I think user is authenticated successfully but I'm not able to see

      any portal pages. Always the message

      HTTP Status 403 - Access to the requested resource has been denied

       

      occurs and the following log-message was written ...

       

      09:21:02,109 DEBUG [RealmBase]   Checking constraint  'SecurityConstraint[Authenticated]' against GET / --> true
      09:21:02,109  DEBUG [RealmBase]   Checking constraint 'SecurityConstraint[Secure]' against GET  / --> false
      09:21:02,109 DEBUG [RealmBase]   Checking constraint  'SecurityConstraint[Secure+Authenticated]' against GET / -->  false
      09:21:02,109 DEBUG [RealmBase]   Checking constraint  'SecurityConstraint[Authenticated]' against GET / --> true
      09:21:02,109  DEBUG [RealmBase]   Checking constraint 'SecurityConstraint[Secure]' against GET  / --> false
      09:21:02,109 DEBUG [RealmBase]   Checking constraint  'SecurityConstraint[Secure+Authenticated]' against GET / -->  false
      09:21:02,109 DEBUG [AuthenticatorBase]  Calling  hasUserDataPermission()
      09:21:02,109 DEBUG [RealmBase]   User data constraint  has no restrictions
      09:21:02,109 DEBUG [AuthenticatorBase]  Calling  authenticate()
      09:21:02,109 DEBUG [FormAuthenticator] Restore request from  session '51E164BEEF3926E7E728BA49D0A6FBFD'
      09:21:02,109 DEBUG  [AuthenticatorBase] Authenticated 'breuer' with type 'FORM'
      09:21:02,109  DEBUG [FormAuthenticator] Proceed to restored request
      09:21:02,109 DEBUG  [AuthenticatorBase]  Calling accessControl()
      09:21:02,109 DEBUG [RealmBase]  Username breuer does NOT have role Authenticated
      09:21:02,109 DEBUG  [AuthenticatorBase]  Failed accessControl() test

       

      I thought with configuring the

       

       <module-option name="additionalRole">Authenticated</module-option>

       

      in my login-module every user would get this role, but the log says that it did not happen ...

      What's wrong with the configuration?

       

      Thx,

      Holger