Spring Boot Microsoft AD Authentication












0















I know little about Spring Boot and even less about Active Directory.



I need to Authenticate against Microsoft Active Directory using Spring Boot and JWT. I have working JWT with user from memory but i am having trouble authenticating against user from Microsoft AD.



Microsoft AD setup:




  • Active Directory is running on Windows Server 2012r2 (192.168.1.166).


  • AD users.


  • AD user property.


Spring Boot app is running on: 192.168.1.31:8082

Spring Boot config:



import com.mts.oh.config.cors.SimpleCORSFilter;

import org.springframework.beans.factory.annotation.Autowired;

import org.springframework.context.annotation.Bean;

import org.springframework.context.annotation.Configuration;

import org.springframework.http.HttpMethod;

import org.springframework.security.authentication.AuthenticationManager;

import org.springframework.security.authentication.AuthenticationProvider;

import org.springframework.security.authentication.ProviderManager;

import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;

import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;

import org.springframework.security.config.annotation.web.builders.HttpSecurity;

import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;

import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;

import org.springframework.security.ldap.authentication.ad.ActiveDirectoryLdapAuthenticationProvider;

import org.springframework.security.web.access.channel.ChannelProcessingFilter;

import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;



import java.util.Arrays;



@Configuration

@EnableWebSecurity

@EnableGlobalMethodSecurity(securedEnabled = true, prePostEnabled = true)

public class WebSecurityConfig extends WebSecurityConfigurerAdapter {



    @Autowired

    private SimpleCORSFilter myCorsFilter;



    @Autowired

    private JwtAuthenticationEntryPoint unauthorizedHandler;



    @Override

    protected void configure(HttpSecurity http) throws Exception {

        http.addFilterBefore(myCorsFilter, ChannelProcessingFilter.class).

                csrf().disable().

                exceptionHandling().authenticationEntryPoint(unauthorizedHandler).

                and().

                authorizeRequests().

                antMatchers(HttpMethod.POST, "/api/login").permitAll().

                anyRequest().authenticated().

                and().

                addFilterBefore(new LoginInterceptor("/api/login", authenticationManager()), UsernamePasswordAuthenticationFilter.class).

                addFilterBefore(new JwtInterceptor(), UsernamePasswordAuthenticationFilter.class);

    }



    @Override

    protected void configure(AuthenticationManagerBuilder authManagerBuilder) throws Exception {

        authManagerBuilder.authenticationProvider(activeDirectoryLdapAuthenticationProvider()).userDetailsService(userDetailsService());

    }



    @Bean

    public AuthenticationManager authenticationManager() {

        return new ProviderManager(Arrays.asList(activeDirectoryLdapAuthenticationProvider()));

    }



    @Bean

    public AuthenticationProvider activeDirectoryLdapAuthenticationProvider() {

        ActiveDirectoryLdapAuthenticationProvider provider = new ActiveDirectoryLdapAuthenticationProvider("bmad.com",

            "ldap://192.168.1.166:389/DC=bmad,DC=com");

    provider.setSearchFilter("OU=devs,OU=employees");

    provider.setConvertSubErrorCodesToExceptions(true);

    provider.setUseAuthenticationRequestCredentials(true);



        return provider;

    }

}


Login endpoint is: /api/login.
Postman request:





  • Login Request Body

  • Login Request Headers


Stack Trace:



> rg.springframework.security.authentication.BadCredentialsException:

> Bad credentials

>       at org.springframework.security.ldap.authentication.ad.ActiveDirectoryLdapAuthenticationProvider.badCredentials(ActiveDirectoryLdapAuthenticationProvider.java:295)

>       at org.springframework.security.ldap.authentication.ad.ActiveDirectoryLdapAuthenticationProvider.badCredentials(ActiveDirectoryLdapAuthenticationProvider.java:300)

>       at org.springframework.security.ldap.authentication.ad.ActiveDirectoryLdapAuthenticationProvider.raiseExceptionForErrorCode(ActiveDirectoryLdapAuthenticationProvider.java:267)

>       at org.springframework.security.ldap.authentication.ad.ActiveDirectoryLdapAuthenticationProvider.handleBindException(ActiveDirectoryLdapAuthenticationProvider.java:233)

>       at org.springframework.security.ldap.authentication.ad.ActiveDirectoryLdapAuthenticationProvider.bindAsUser(ActiveDirectoryLdapAuthenticationProvider.java:208)

>       at org.springframework.security.ldap.authentication.ad.ActiveDirectoryLdapAuthenticationProvider.doAuthentication(ActiveDirectoryLdapAuthenticationProvider.java:144)

>       at org.springframework.security.ldap.authentication.AbstractLdapAuthenticationProvider.authenticate(AbstractLdapAuthenticationProvider.java:85)

>       at org.springframework.security.authentication.ProviderManager.authenticate(ProviderManager.java:174)

>       at com.mts.oh.config.security.LoginInterceptor.attemptAuthentication(LoginInterceptor.java:28)

>       at org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:212)

>       at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331)

>       at org.springframework.security.web.authentication.logout.LogoutFilter.doFilter(LogoutFilter.java:116)

>       at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331)

>       at org.springframework.security.web.header.HeaderWriterFilter.doFilterInternal(HeaderWriterFilter.java:64)

>       at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)

>       at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331)

>       at org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:105)

>       at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331)

>       at org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter.doFilterInternal(WebAsyncManagerIntegrationFilter.java:56)

>       at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)

>       at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331)

>       at com.mts.oh.config.cors.SimpleCORSFilter.doFilter(SimpleCORSFilter.java:32)

>       at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331)

>       at org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:214)

>       at org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:177)

>       at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:346)

>       at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:262)

>       at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)

>       at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)

>       at org.springframework.web.filter.RequestContextFilter.doFilterInternal(RequestContextFilter.java:99)

>       at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)

>       at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)

>       at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)

>       at org.springframework.web.filter.HttpPutFormContentFilter.doFilterInternal(HttpPutFormContentFilter.java:108)

>       at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)

>       at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)

>       at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)

>       at org.springframework.web.filter.HiddenHttpMethodFilter.doFilterInternal(HiddenHttpMethodFilter.java:81)

>       at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)

>       at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)

>       at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)

>       at org.springframework.web.filter.CharacterEncodingFilter.doFilterInternal(CharacterEncodingFilter.java:197)

>       at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)

>       at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)

>       at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)

>       at com.mts.oh.config.cors.SimpleCORSFilter.doFilter(SimpleCORSFilter.java:32)

>       at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)

>       at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)

>       at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:198)

>       at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:96)

>       at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:478)

>       at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:140)

>       at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:80)

>       at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:87)

>       at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:342)

>       at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:799)

>       at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:66)

>       at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:868)

>       at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1457)

>       at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49)

>       at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)

>       at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)

>       at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)

>       at java.lang.Thread.run(Thread.java:748)

>     Caused by: org.springframework.security.ldap.authentication.ad.ActiveDirectoryAuthenticationException:

> [LDAP: error code 49 - 80090308: LdapErr: DSID-0C0903C5, comment:

> AcceptSecurityContext error, data 773, v2580 ]

>       at org.springframework.security.ldap.authentication.ad.ActiveDirectoryLdapAuthenticationProvider.raiseExceptionForErrorCode(ActiveDirectoryLdapAuthenticationProvider.java:250)

>       ... 61 common frames omitted

>     Caused by: javax.naming.AuthenticationException: [LDAP: error code 49 - 80090308: LdapErr: DSID-0C0903C5, comment: AcceptSecurityContext

> error, data 773, v2580 ]

>       at com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:3154)

>       at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:3100)

>       at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2886)

>       at com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2800)

>       at com.sun.jndi.ldap.LdapCtx.<init>(LdapCtx.java:319)

>       at com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(LdapCtxFactory.java:192)

>       at com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(LdapCtxFactory.java:210)

>       at com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(LdapCtxFactory.java:153)

>       at com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(LdapCtxFactory.java:83)

>       at javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:684)

>       at javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:313)

>       at javax.naming.InitialContext.init(InitialContext.java:244)

>       at javax.naming.ldap.InitialLdapContext.<init>(InitialLdapContext.java:154)

>       at org.springframework.security.ldap.authentication.ad.ActiveDirectoryLdapAuthenticationProvider$ContextFactory.createContext(ActiveDirectoryLdapAuthenticationProvider.java:402)

>       at org.springframework.security.ldap.authentication.ad.ActiveDirectoryLdapAuthenticationProvider.bindAsUser(ActiveDirectoryLdapAuthenticationProvider.java:203)

>       ... 59 common frames omitted


I have tried different combinations of username and password but none of them work:




  • John Doe / ****

  • johnupn / ****

  • johnupn@bmad.com / ****

  • bmadjohnupn / ****


I have picked up Spring Boot configuration from:
https://medium.com/@dmarko484/spring-boot-active-directory-authentication-5ea04969f220

and
https://www.ziaconsulting.com/developer-help/spring-security-active-directory/

but these do not work for me.






java spring-boot spring-security active-directory







share|improve this question



























    0















    I know little about Spring Boot and even less about Active Directory.



    I need to Authenticate against Microsoft Active Directory using Spring Boot and JWT. I have working JWT with user from memory but i am having trouble authenticating against user from Microsoft AD.



    Microsoft AD setup:




    • Active Directory is running on Windows Server 2012r2 (192.168.1.166).


    • AD users.


    • AD user property.


    Spring Boot app is running on: 192.168.1.31:8082

    Spring Boot config:



    import com.mts.oh.config.cors.SimpleCORSFilter;
    
import org.springframework.beans.factory.annotation.Autowired;
    
import org.springframework.context.annotation.Bean;
    
import org.springframework.context.annotation.Configuration;
    
import org.springframework.http.HttpMethod;
    
import org.springframework.security.authentication.AuthenticationManager;
    
import org.springframework.security.authentication.AuthenticationProvider;
    
import org.springframework.security.authentication.ProviderManager;
    
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
    
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
    
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
    
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
    
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
    
import org.springframework.security.ldap.authentication.ad.ActiveDirectoryLdapAuthenticationProvider;
    
import org.springframework.security.web.access.channel.ChannelProcessingFilter;
    
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
    

    
import java.util.Arrays;
    

    
@Configuration
    
@EnableWebSecurity
    
@EnableGlobalMethodSecurity(securedEnabled = true, prePostEnabled = true)
    
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
    

    
    @Autowired
    
    private SimpleCORSFilter myCorsFilter;
    

    
    @Autowired
    
    private JwtAuthenticationEntryPoint unauthorizedHandler;
    

    
    @Override
    
    protected void configure(HttpSecurity http) throws Exception {
    
        http.addFilterBefore(myCorsFilter, ChannelProcessingFilter.class).
    
                csrf().disable().
    
                exceptionHandling().authenticationEntryPoint(unauthorizedHandler).
    
                and().
    
                authorizeRequests().
    
                antMatchers(HttpMethod.POST, "/api/login").permitAll().
    
                anyRequest().authenticated().
    
                and().
    
                addFilterBefore(new LoginInterceptor("/api/login", authenticationManager()), UsernamePasswordAuthenticationFilter.class).
    
                addFilterBefore(new JwtInterceptor(), UsernamePasswordAuthenticationFilter.class);
    
    }
    

    
    @Override
    
    protected void configure(AuthenticationManagerBuilder authManagerBuilder) throws Exception {
    
        authManagerBuilder.authenticationProvider(activeDirectoryLdapAuthenticationProvider()).userDetailsService(userDetailsService());
    
    }
    

    
    @Bean
    
    public AuthenticationManager authenticationManager() {
    
        return new ProviderManager(Arrays.asList(activeDirectoryLdapAuthenticationProvider()));
    
    }
    

    
    @Bean
    
    public AuthenticationProvider activeDirectoryLdapAuthenticationProvider() {
    
        ActiveDirectoryLdapAuthenticationProvider provider = new ActiveDirectoryLdapAuthenticationProvider("bmad.com",
    
            "ldap://192.168.1.166:389/DC=bmad,DC=com");
    
    provider.setSearchFilter("OU=devs,OU=employees");
    
    provider.setConvertSubErrorCodesToExceptions(true);
    
    provider.setUseAuthenticationRequestCredentials(true);
    

    
        return provider;
    
    }
    
}


    Login endpoint is: /api/login.
    Postman request:





    • Login Request Body

    • Login Request Headers


    Stack Trace:



    > rg.springframework.security.authentication.BadCredentialsException:
    
> Bad credentials
    
>       at org.springframework.security.ldap.authentication.ad.ActiveDirectoryLdapAuthenticationProvider.badCredentials(ActiveDirectoryLdapAuthenticationProvider.java:295)
    
>       at org.springframework.security.ldap.authentication.ad.ActiveDirectoryLdapAuthenticationProvider.badCredentials(ActiveDirectoryLdapAuthenticationProvider.java:300)
    
>       at org.springframework.security.ldap.authentication.ad.ActiveDirectoryLdapAuthenticationProvider.raiseExceptionForErrorCode(ActiveDirectoryLdapAuthenticationProvider.java:267)
    
>       at org.springframework.security.ldap.authentication.ad.ActiveDirectoryLdapAuthenticationProvider.handleBindException(ActiveDirectoryLdapAuthenticationProvider.java:233)
    
>       at org.springframework.security.ldap.authentication.ad.ActiveDirectoryLdapAuthenticationProvider.bindAsUser(ActiveDirectoryLdapAuthenticationProvider.java:208)
    
>       at org.springframework.security.ldap.authentication.ad.ActiveDirectoryLdapAuthenticationProvider.doAuthentication(ActiveDirectoryLdapAuthenticationProvider.java:144)
    
>       at org.springframework.security.ldap.authentication.AbstractLdapAuthenticationProvider.authenticate(AbstractLdapAuthenticationProvider.java:85)
    
>       at org.springframework.security.authentication.ProviderManager.authenticate(ProviderManager.java:174)
    
>       at com.mts.oh.config.security.LoginInterceptor.attemptAuthentication(LoginInterceptor.java:28)
    
>       at org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:212)
    
>       at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331)
    
>       at org.springframework.security.web.authentication.logout.LogoutFilter.doFilter(LogoutFilter.java:116)
    
>       at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331)
    
>       at org.springframework.security.web.header.HeaderWriterFilter.doFilterInternal(HeaderWriterFilter.java:64)
    
>       at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
    
>       at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331)
    
>       at org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:105)
    
>       at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331)
    
>       at org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter.doFilterInternal(WebAsyncManagerIntegrationFilter.java:56)
    
>       at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
    
>       at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331)
    
>       at com.mts.oh.config.cors.SimpleCORSFilter.doFilter(SimpleCORSFilter.java:32)
    
>       at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331)
    
>       at org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:214)
    
>       at org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:177)
    
>       at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:346)
    
>       at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:262)
    
>       at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
    
>       at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
    
>       at org.springframework.web.filter.RequestContextFilter.doFilterInternal(RequestContextFilter.java:99)
    
>       at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
    
>       at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
    
>       at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
    
>       at org.springframework.web.filter.HttpPutFormContentFilter.doFilterInternal(HttpPutFormContentFilter.java:108)
    
>       at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
    
>       at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
    
>       at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
    
>       at org.springframework.web.filter.HiddenHttpMethodFilter.doFilterInternal(HiddenHttpMethodFilter.java:81)
    
>       at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
    
>       at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
    
>       at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
    
>       at org.springframework.web.filter.CharacterEncodingFilter.doFilterInternal(CharacterEncodingFilter.java:197)
    
>       at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
    
>       at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
    
>       at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
    
>       at com.mts.oh.config.cors.SimpleCORSFilter.doFilter(SimpleCORSFilter.java:32)
    
>       at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
    
>       at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
    
>       at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:198)
    
>       at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:96)
    
>       at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:478)
    
>       at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:140)
    
>       at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:80)
    
>       at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:87)
    
>       at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:342)
    
>       at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:799)
    
>       at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:66)
    
>       at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:868)
    
>       at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1457)
    
>       at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49)
    
>       at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
    
>       at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
    
>       at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
    
>       at java.lang.Thread.run(Thread.java:748)
    
>     Caused by: org.springframework.security.ldap.authentication.ad.ActiveDirectoryAuthenticationException:
    
> [LDAP: error code 49 - 80090308: LdapErr: DSID-0C0903C5, comment:
    
> AcceptSecurityContext error, data 773, v2580 ]
    
>       at org.springframework.security.ldap.authentication.ad.ActiveDirectoryLdapAuthenticationProvider.raiseExceptionForErrorCode(ActiveDirectoryLdapAuthenticationProvider.java:250)
    
>       ... 61 common frames omitted
    
>     Caused by: javax.naming.AuthenticationException: [LDAP: error code 49 - 80090308: LdapErr: DSID-0C0903C5, comment: AcceptSecurityContext
    
> error, data 773, v2580 ]
    
>       at com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:3154)
    
>       at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:3100)
    
>       at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2886)
    
>       at com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2800)
    
>       at com.sun.jndi.ldap.LdapCtx.<init>(LdapCtx.java:319)
    
>       at com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(LdapCtxFactory.java:192)
    
>       at com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(LdapCtxFactory.java:210)
    
>       at com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(LdapCtxFactory.java:153)
    
>       at com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(LdapCtxFactory.java:83)
    
>       at javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:684)
    
>       at javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:313)
    
>       at javax.naming.InitialContext.init(InitialContext.java:244)
    
>       at javax.naming.ldap.InitialLdapContext.<init>(InitialLdapContext.java:154)
    
>       at org.springframework.security.ldap.authentication.ad.ActiveDirectoryLdapAuthenticationProvider$ContextFactory.createContext(ActiveDirectoryLdapAuthenticationProvider.java:402)
    
>       at org.springframework.security.ldap.authentication.ad.ActiveDirectoryLdapAuthenticationProvider.bindAsUser(ActiveDirectoryLdapAuthenticationProvider.java:203)
    
>       ... 59 common frames omitted


    I have tried different combinations of username and password but none of them work:




    • John Doe / ****

    • johnupn / ****

    • johnupn@bmad.com / ****

    • bmadjohnupn / ****


    I have picked up Spring Boot configuration from:
    https://medium.com/@dmarko484/spring-boot-active-directory-authentication-5ea04969f220

    and
    https://www.ziaconsulting.com/developer-help/spring-security-active-directory/

    but these do not work for me.






    java spring-boot spring-security active-directory







    share|improve this question

























      0












      0








      0








      I know little about Spring Boot and even less about Active Directory.



      I need to Authenticate against Microsoft Active Directory using Spring Boot and JWT. I have working JWT with user from memory but i am having trouble authenticating against user from Microsoft AD.



      Microsoft AD setup:




      • Active Directory is running on Windows Server 2012r2 (192.168.1.166).


      • AD users.


      • AD user property.


      Spring Boot app is running on: 192.168.1.31:8082

      Spring Boot config:



      import com.mts.oh.config.cors.SimpleCORSFilter;
      
import org.springframework.beans.factory.annotation.Autowired;
      
import org.springframework.context.annotation.Bean;
      
import org.springframework.context.annotation.Configuration;
      
import org.springframework.http.HttpMethod;
      
import org.springframework.security.authentication.AuthenticationManager;
      
import org.springframework.security.authentication.AuthenticationProvider;
      
import org.springframework.security.authentication.ProviderManager;
      
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
      
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
      
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
      
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
      
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
      
import org.springframework.security.ldap.authentication.ad.ActiveDirectoryLdapAuthenticationProvider;
      
import org.springframework.security.web.access.channel.ChannelProcessingFilter;
      
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
      

      
import java.util.Arrays;
      

      
@Configuration
      
@EnableWebSecurity
      
@EnableGlobalMethodSecurity(securedEnabled = true, prePostEnabled = true)
      
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
      

      
    @Autowired
      
    private SimpleCORSFilter myCorsFilter;
      

      
    @Autowired
      
    private JwtAuthenticationEntryPoint unauthorizedHandler;
      

      
    @Override
      
    protected void configure(HttpSecurity http) throws Exception {
      
        http.addFilterBefore(myCorsFilter, ChannelProcessingFilter.class).
      
                csrf().disable().
      
                exceptionHandling().authenticationEntryPoint(unauthorizedHandler).
      
                and().
      
                authorizeRequests().
      
                antMatchers(HttpMethod.POST, "/api/login").permitAll().
      
                anyRequest().authenticated().
      
                and().
      
                addFilterBefore(new LoginInterceptor("/api/login", authenticationManager()), UsernamePasswordAuthenticationFilter.class).
      
                addFilterBefore(new JwtInterceptor(), UsernamePasswordAuthenticationFilter.class);
      
    }
      

      
    @Override
      
    protected void configure(AuthenticationManagerBuilder authManagerBuilder) throws Exception {
      
        authManagerBuilder.authenticationProvider(activeDirectoryLdapAuthenticationProvider()).userDetailsService(userDetailsService());
      
    }
      

      
    @Bean
      
    public AuthenticationManager authenticationManager() {
      
        return new ProviderManager(Arrays.asList(activeDirectoryLdapAuthenticationProvider()));
      
    }
      

      
    @Bean
      
    public AuthenticationProvider activeDirectoryLdapAuthenticationProvider() {
      
        ActiveDirectoryLdapAuthenticationProvider provider = new ActiveDirectoryLdapAuthenticationProvider("bmad.com",
      
            "ldap://192.168.1.166:389/DC=bmad,DC=com");
      
    provider.setSearchFilter("OU=devs,OU=employees");
      
    provider.setConvertSubErrorCodesToExceptions(true);
      
    provider.setUseAuthenticationRequestCredentials(true);
      

      
        return provider;
      
    }
      
}


      Login endpoint is: /api/login.
      Postman request:





      • Login Request Body

      • Login Request Headers


      Stack Trace:



      > rg.springframework.security.authentication.BadCredentialsException:
      
> Bad credentials
      
>       at org.springframework.security.ldap.authentication.ad.ActiveDirectoryLdapAuthenticationProvider.badCredentials(ActiveDirectoryLdapAuthenticationProvider.java:295)
      
>       at org.springframework.security.ldap.authentication.ad.ActiveDirectoryLdapAuthenticationProvider.badCredentials(ActiveDirectoryLdapAuthenticationProvider.java:300)
      
>       at org.springframework.security.ldap.authentication.ad.ActiveDirectoryLdapAuthenticationProvider.raiseExceptionForErrorCode(ActiveDirectoryLdapAuthenticationProvider.java:267)
      
>       at org.springframework.security.ldap.authentication.ad.ActiveDirectoryLdapAuthenticationProvider.handleBindException(ActiveDirectoryLdapAuthenticationProvider.java:233)
      
>       at org.springframework.security.ldap.authentication.ad.ActiveDirectoryLdapAuthenticationProvider.bindAsUser(ActiveDirectoryLdapAuthenticationProvider.java:208)
      
>       at org.springframework.security.ldap.authentication.ad.ActiveDirectoryLdapAuthenticationProvider.doAuthentication(ActiveDirectoryLdapAuthenticationProvider.java:144)
      
>       at org.springframework.security.ldap.authentication.AbstractLdapAuthenticationProvider.authenticate(AbstractLdapAuthenticationProvider.java:85)
      
>       at org.springframework.security.authentication.ProviderManager.authenticate(ProviderManager.java:174)
      
>       at com.mts.oh.config.security.LoginInterceptor.attemptAuthentication(LoginInterceptor.java:28)
      
>       at org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:212)
      
>       at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331)
      
>       at org.springframework.security.web.authentication.logout.LogoutFilter.doFilter(LogoutFilter.java:116)
      
>       at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331)
      
>       at org.springframework.security.web.header.HeaderWriterFilter.doFilterInternal(HeaderWriterFilter.java:64)
      
>       at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
      
>       at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331)
      
>       at org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:105)
      
>       at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331)
      
>       at org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter.doFilterInternal(WebAsyncManagerIntegrationFilter.java:56)
      
>       at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
      
>       at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331)
      
>       at com.mts.oh.config.cors.SimpleCORSFilter.doFilter(SimpleCORSFilter.java:32)
      
>       at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331)
      
>       at org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:214)
      
>       at org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:177)
      
>       at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:346)
      
>       at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:262)
      
>       at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
      
>       at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
      
>       at org.springframework.web.filter.RequestContextFilter.doFilterInternal(RequestContextFilter.java:99)
      
>       at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
      
>       at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
      
>       at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
      
>       at org.springframework.web.filter.HttpPutFormContentFilter.doFilterInternal(HttpPutFormContentFilter.java:108)
      
>       at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
      
>       at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
      
>       at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
      
>       at org.springframework.web.filter.HiddenHttpMethodFilter.doFilterInternal(HiddenHttpMethodFilter.java:81)
      
>       at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
      
>       at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
      
>       at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
      
>       at org.springframework.web.filter.CharacterEncodingFilter.doFilterInternal(CharacterEncodingFilter.java:197)
      
>       at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
      
>       at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
      
>       at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
      
>       at com.mts.oh.config.cors.SimpleCORSFilter.doFilter(SimpleCORSFilter.java:32)
      
>       at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
      
>       at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
      
>       at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:198)
      
>       at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:96)
      
>       at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:478)
      
>       at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:140)
      
>       at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:80)
      
>       at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:87)
      
>       at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:342)
      
>       at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:799)
      
>       at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:66)
      
>       at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:868)
      
>       at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1457)
      
>       at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49)
      
>       at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
      
>       at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
      
>       at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
      
>       at java.lang.Thread.run(Thread.java:748)
      
>     Caused by: org.springframework.security.ldap.authentication.ad.ActiveDirectoryAuthenticationException:
      
> [LDAP: error code 49 - 80090308: LdapErr: DSID-0C0903C5, comment:
      
> AcceptSecurityContext error, data 773, v2580 ]
      
>       at org.springframework.security.ldap.authentication.ad.ActiveDirectoryLdapAuthenticationProvider.raiseExceptionForErrorCode(ActiveDirectoryLdapAuthenticationProvider.java:250)
      
>       ... 61 common frames omitted
      
>     Caused by: javax.naming.AuthenticationException: [LDAP: error code 49 - 80090308: LdapErr: DSID-0C0903C5, comment: AcceptSecurityContext
      
> error, data 773, v2580 ]
      
>       at com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:3154)
      
>       at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:3100)
      
>       at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2886)
      
>       at com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2800)
      
>       at com.sun.jndi.ldap.LdapCtx.<init>(LdapCtx.java:319)
      
>       at com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(LdapCtxFactory.java:192)
      
>       at com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(LdapCtxFactory.java:210)
      
>       at com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(LdapCtxFactory.java:153)
      
>       at com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(LdapCtxFactory.java:83)
      
>       at javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:684)
      
>       at javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:313)
      
>       at javax.naming.InitialContext.init(InitialContext.java:244)
      
>       at javax.naming.ldap.InitialLdapContext.<init>(InitialLdapContext.java:154)
      
>       at org.springframework.security.ldap.authentication.ad.ActiveDirectoryLdapAuthenticationProvider$ContextFactory.createContext(ActiveDirectoryLdapAuthenticationProvider.java:402)
      
>       at org.springframework.security.ldap.authentication.ad.ActiveDirectoryLdapAuthenticationProvider.bindAsUser(ActiveDirectoryLdapAuthenticationProvider.java:203)
      
>       ... 59 common frames omitted


      I have tried different combinations of username and password but none of them work:




      • John Doe / ****

      • johnupn / ****

      • johnupn@bmad.com / ****

      • bmadjohnupn / ****


      I have picked up Spring Boot configuration from:
      https://medium.com/@dmarko484/spring-boot-active-directory-authentication-5ea04969f220

      and
      https://www.ziaconsulting.com/developer-help/spring-security-active-directory/

      but these do not work for me.






      java spring-boot spring-security active-directory







      share|improve this question














      I know little about Spring Boot and even less about Active Directory.



      I need to Authenticate against Microsoft Active Directory using Spring Boot and JWT. I have working JWT with user from memory but i am having trouble authenticating against user from Microsoft AD.



      Microsoft AD setup:




      • Active Directory is running on Windows Server 2012r2 (192.168.1.166).


      • AD users.


      • AD user property.


      Spring Boot app is running on: 192.168.1.31:8082

      Spring Boot config:



      import com.mts.oh.config.cors.SimpleCORSFilter;
      
import org.springframework.beans.factory.annotation.Autowired;
      
import org.springframework.context.annotation.Bean;
      
import org.springframework.context.annotation.Configuration;
      
import org.springframework.http.HttpMethod;
      
import org.springframework.security.authentication.AuthenticationManager;
      
import org.springframework.security.authentication.AuthenticationProvider;
      
import org.springframework.security.authentication.ProviderManager;
      
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
      
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
      
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
      
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
      
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
      
import org.springframework.security.ldap.authentication.ad.ActiveDirectoryLdapAuthenticationProvider;
      
import org.springframework.security.web.access.channel.ChannelProcessingFilter;
      
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
      

      
import java.util.Arrays;
      

      
@Configuration
      
@EnableWebSecurity
      
@EnableGlobalMethodSecurity(securedEnabled = true, prePostEnabled = true)
      
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
      

      
    @Autowired
      
    private SimpleCORSFilter myCorsFilter;
      

      
    @Autowired
      
    private JwtAuthenticationEntryPoint unauthorizedHandler;
      

      
    @Override
      
    protected void configure(HttpSecurity http) throws Exception {
      
        http.addFilterBefore(myCorsFilter, ChannelProcessingFilter.class).
      
                csrf().disable().
      
                exceptionHandling().authenticationEntryPoint(unauthorizedHandler).
      
                and().
      
                authorizeRequests().
      
                antMatchers(HttpMethod.POST, "/api/login").permitAll().
      
                anyRequest().authenticated().
      
                and().
      
                addFilterBefore(new LoginInterceptor("/api/login", authenticationManager()), UsernamePasswordAuthenticationFilter.class).
      
                addFilterBefore(new JwtInterceptor(), UsernamePasswordAuthenticationFilter.class);
      
    }
      

      
    @Override
      
    protected void configure(AuthenticationManagerBuilder authManagerBuilder) throws Exception {
      
        authManagerBuilder.authenticationProvider(activeDirectoryLdapAuthenticationProvider()).userDetailsService(userDetailsService());
      
    }
      

      
    @Bean
      
    public AuthenticationManager authenticationManager() {
      
        return new ProviderManager(Arrays.asList(activeDirectoryLdapAuthenticationProvider()));
      
    }
      

      
    @Bean
      
    public AuthenticationProvider activeDirectoryLdapAuthenticationProvider() {
      
        ActiveDirectoryLdapAuthenticationProvider provider = new ActiveDirectoryLdapAuthenticationProvider("bmad.com",
      
            "ldap://192.168.1.166:389/DC=bmad,DC=com");
      
    provider.setSearchFilter("OU=devs,OU=employees");
      
    provider.setConvertSubErrorCodesToExceptions(true);
      
    provider.setUseAuthenticationRequestCredentials(true);
      

      
        return provider;
      
    }
      
}


      Login endpoint is: /api/login.
      Postman request:





      • Login Request Body

      • Login Request Headers


      Stack Trace:



      > rg.springframework.security.authentication.BadCredentialsException:
      
> Bad credentials
      
>       at org.springframework.security.ldap.authentication.ad.ActiveDirectoryLdapAuthenticationProvider.badCredentials(ActiveDirectoryLdapAuthenticationProvider.java:295)
      
>       at org.springframework.security.ldap.authentication.ad.ActiveDirectoryLdapAuthenticationProvider.badCredentials(ActiveDirectoryLdapAuthenticationProvider.java:300)
      
>       at org.springframework.security.ldap.authentication.ad.ActiveDirectoryLdapAuthenticationProvider.raiseExceptionForErrorCode(ActiveDirectoryLdapAuthenticationProvider.java:267)
      
>       at org.springframework.security.ldap.authentication.ad.ActiveDirectoryLdapAuthenticationProvider.handleBindException(ActiveDirectoryLdapAuthenticationProvider.java:233)
      
>       at org.springframework.security.ldap.authentication.ad.ActiveDirectoryLdapAuthenticationProvider.bindAsUser(ActiveDirectoryLdapAuthenticationProvider.java:208)
      
>       at org.springframework.security.ldap.authentication.ad.ActiveDirectoryLdapAuthenticationProvider.doAuthentication(ActiveDirectoryLdapAuthenticationProvider.java:144)
      
>       at org.springframework.security.ldap.authentication.AbstractLdapAuthenticationProvider.authenticate(AbstractLdapAuthenticationProvider.java:85)
      
>       at org.springframework.security.authentication.ProviderManager.authenticate(ProviderManager.java:174)
      
>       at com.mts.oh.config.security.LoginInterceptor.attemptAuthentication(LoginInterceptor.java:28)
      
>       at org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:212)
      
>       at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331)
      
>       at org.springframework.security.web.authentication.logout.LogoutFilter.doFilter(LogoutFilter.java:116)
      
>       at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331)
      
>       at org.springframework.security.web.header.HeaderWriterFilter.doFilterInternal(HeaderWriterFilter.java:64)
      
>       at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
      
>       at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331)
      
>       at org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:105)
      
>       at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331)
      
>       at org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter.doFilterInternal(WebAsyncManagerIntegrationFilter.java:56)
      
>       at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
      
>       at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331)
      
>       at com.mts.oh.config.cors.SimpleCORSFilter.doFilter(SimpleCORSFilter.java:32)
      
>       at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331)
      
>       at org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:214)
      
>       at org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:177)
      
>       at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:346)
      
>       at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:262)
      
>       at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
      
>       at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
      
>       at org.springframework.web.filter.RequestContextFilter.doFilterInternal(RequestContextFilter.java:99)
      
>       at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
      
>       at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
      
>       at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
      
>       at org.springframework.web.filter.HttpPutFormContentFilter.doFilterInternal(HttpPutFormContentFilter.java:108)
      
>       at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
      
>       at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
      
>       at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
      
>       at org.springframework.web.filter.HiddenHttpMethodFilter.doFilterInternal(HiddenHttpMethodFilter.java:81)
      
>       at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
      
>       at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
      
>       at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
      
>       at org.springframework.web.filter.CharacterEncodingFilter.doFilterInternal(CharacterEncodingFilter.java:197)
      
>       at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
      
>       at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
      
>       at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
      
>       at com.mts.oh.config.cors.SimpleCORSFilter.doFilter(SimpleCORSFilter.java:32)
      
>       at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
      
>       at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
      
>       at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:198)
      
>       at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:96)
      
>       at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:478)
      
>       at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:140)
      
>       at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:80)
      
>       at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:87)
      
>       at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:342)
      
>       at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:799)
      
>       at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:66)
      
>       at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:868)
      
>       at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1457)
      
>       at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49)
      
>       at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
      
>       at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
      
>       at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
      
>       at java.lang.Thread.run(Thread.java:748)
      
>     Caused by: org.springframework.security.ldap.authentication.ad.ActiveDirectoryAuthenticationException:
      
> [LDAP: error code 49 - 80090308: LdapErr: DSID-0C0903C5, comment:
      
> AcceptSecurityContext error, data 773, v2580 ]
      
>       at org.springframework.security.ldap.authentication.ad.ActiveDirectoryLdapAuthenticationProvider.raiseExceptionForErrorCode(ActiveDirectoryLdapAuthenticationProvider.java:250)
      
>       ... 61 common frames omitted
      
>     Caused by: javax.naming.AuthenticationException: [LDAP: error code 49 - 80090308: LdapErr: DSID-0C0903C5, comment: AcceptSecurityContext
      
> error, data 773, v2580 ]
      
>       at com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:3154)
      
>       at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:3100)
      
>       at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2886)
      
>       at com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2800)
      
>       at com.sun.jndi.ldap.LdapCtx.<init>(LdapCtx.java:319)
      
>       at com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(LdapCtxFactory.java:192)
      
>       at com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(LdapCtxFactory.java:210)
      
>       at com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(LdapCtxFactory.java:153)
      
>       at com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(LdapCtxFactory.java:83)
      
>       at javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:684)
      
>       at javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:313)
      
>       at javax.naming.InitialContext.init(InitialContext.java:244)
      
>       at javax.naming.ldap.InitialLdapContext.<init>(InitialLdapContext.java:154)
      
>       at org.springframework.security.ldap.authentication.ad.ActiveDirectoryLdapAuthenticationProvider$ContextFactory.createContext(ActiveDirectoryLdapAuthenticationProvider.java:402)
      
>       at org.springframework.security.ldap.authentication.ad.ActiveDirectoryLdapAuthenticationProvider.bindAsUser(ActiveDirectoryLdapAuthenticationProvider.java:203)
      
>       ... 59 common frames omitted


      I have tried different combinations of username and password but none of them work:




      • John Doe / ****

      • johnupn / ****

      • johnupn@bmad.com / ****

      • bmadjohnupn / ****


      I have picked up Spring Boot configuration from:
      https://medium.com/@dmarko484/spring-boot-active-directory-authentication-5ea04969f220

      and
      https://www.ziaconsulting.com/developer-help/spring-security-active-directory/

      but these do not work for me.






      java spring-boot spring-security active-directory




      java spring-boot spring-security active-directory






      share|improve this question













      share|improve this question











      share|improve this question




      share|improve this question










      asked Nov 20 '18 at 9:34









      msforenter090msforenter090

      64




      64
























          1 Answer
          1






          active

          oldest

          votes


















          0














          From a computer logged into the domain, a user can find the values for their account using whoami. Below shows the commands to get a user's sAMAccountName, userPrincipalName, and fully qualified distinguished name respectively. Active Directory uses all three of these as the username when authenticating via LDAP. 



          c:>whoami
          
mydomainlisa
          

          
c:>whoami /upn
          
lisa@mydomain.ccTLD
          

          
c:>whoami /fqdn
          
CN=Smith, Lisa,OU=GPOTest,OU=IT,OU=Company,DC=mydomain,DC=ccTLD





          share|improve this answer























            Your Answer






            StackExchange.ifUsing("editor", function () {
            StackExchange.using("externalEditor", function () {
            StackExchange.using("snippets", function () {
            StackExchange.snippets.init();
            });
            });
            }, "code-snippets");

            StackExchange.ready(function() {
            var channelOptions = {
            tags: "".split(" "),
            id: "1"
            };
            initTagRenderer("".split(" "), "".split(" "), channelOptions);

            StackExchange.using("externalEditor", function() {
            // Have to fire editor after snippets, if snippets enabled
            if (StackExchange.settings.snippets.snippetsEnabled) {
            StackExchange.using("snippets", function() {
            createEditor();
            });
            }
            else {
            createEditor();
            }
            });

            function createEditor() {
            StackExchange.prepareEditor({
            heartbeatType: 'answer',
            autoActivateHeartbeat: false,
            convertImagesToLinks: true,
            noModals: true,
            showLowRepImageUploadWarning: true,
            reputationToPostImages: 10,
            bindNavPrevention: true,
            postfix: "",
            imageUploader: {
            brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
            contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
            allowUrls: true
            },
            onDemand: true,
            discardSelector: ".discard-answer"
            ,immediatelyShowMarkdownHelp:true
            });


            }
            });














            draft saved

            draft discarded


















            StackExchange.ready(
            function () {
            StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53389999%2fspring-boot-microsoft-ad-authentication%23new-answer', 'question_page');
            }
            );

            Post as a guest















            Required, but never shown

























            1 Answer
            1






            active

            oldest

            votes








            1 Answer
            1






            active

            oldest

            votes









            active

            oldest

            votes






            active

            oldest

            votes









            0














            From a computer logged into the domain, a user can find the values for their account using whoami. Below shows the commands to get a user's sAMAccountName, userPrincipalName, and fully qualified distinguished name respectively. Active Directory uses all three of these as the username when authenticating via LDAP. 



            c:>whoami
            
mydomainlisa
            

            
c:>whoami /upn
            
lisa@mydomain.ccTLD
            

            
c:>whoami /fqdn
            
CN=Smith, Lisa,OU=GPOTest,OU=IT,OU=Company,DC=mydomain,DC=ccTLD





            share|improve this answer




























              0














              From a computer logged into the domain, a user can find the values for their account using whoami. Below shows the commands to get a user's sAMAccountName, userPrincipalName, and fully qualified distinguished name respectively. Active Directory uses all three of these as the username when authenticating via LDAP. 



              c:>whoami
              
mydomainlisa
              

              
c:>whoami /upn
              
lisa@mydomain.ccTLD
              

              
c:>whoami /fqdn
              
CN=Smith, Lisa,OU=GPOTest,OU=IT,OU=Company,DC=mydomain,DC=ccTLD





              share|improve this answer


























                0












                0








                0







                From a computer logged into the domain, a user can find the values for their account using whoami. Below shows the commands to get a user's sAMAccountName, userPrincipalName, and fully qualified distinguished name respectively. Active Directory uses all three of these as the username when authenticating via LDAP. 



                c:>whoami
                
mydomainlisa
                

                
c:>whoami /upn
                
lisa@mydomain.ccTLD
                

                
c:>whoami /fqdn
                
CN=Smith, Lisa,OU=GPOTest,OU=IT,OU=Company,DC=mydomain,DC=ccTLD





                share|improve this answer













                From a computer logged into the domain, a user can find the values for their account using whoami. Below shows the commands to get a user's sAMAccountName, userPrincipalName, and fully qualified distinguished name respectively. Active Directory uses all three of these as the username when authenticating via LDAP. 



                c:>whoami
                
mydomainlisa
                

                
c:>whoami /upn
                
lisa@mydomain.ccTLD
                

                
c:>whoami /fqdn
                
CN=Smith, Lisa,OU=GPOTest,OU=IT,OU=Company,DC=mydomain,DC=ccTLD






                share|improve this answer












                share|improve this answer



                share|improve this answer










                answered Dec 4 '18 at 16:14









                LisaJLisaJ

                770313




                770313
































                    draft saved

                    draft discarded




















































                    Thanks for contributing an answer to Stack Overflow!


                    • Please be sure to answer the question. Provide details and share your research!

                    But avoid



                    • Asking for help, clarification, or responding to other answers.

                    • Making statements based on opinion; back them up with references or personal experience.


                    To learn more, see our tips on writing great answers.




                    draft saved


                    draft discarded














                    StackExchange.ready(
                    function () {
                    StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53389999%2fspring-boot-microsoft-ad-authentication%23new-answer', 'question_page');
                    }
                    );

                    Post as a guest















                    Required, but never shown





















































                    Required, but never shown














                    Required, but never shown












                    Required, but never shown







                    Required, but never shown

































                    Required, but never shown














                    Required, but never shown












                    Required, but never shown







                    Required, but never shown







                    -

                    Popular posts from this blog

                    Biblatex bibliography style without URLs when DOI exists (in Overleaf with Zotero bibliography)

                    Image
                    2 2 I have a Zotero bibliography in Overleaf. I use biblatex . usepackage[backend=biber,citestyle=authoryear]{biblatex} addbibresource{zoteroALH.bib} Bibliography entries look like: @book{de_saint-gervais_uniformization_2016, title = {Uniformization of {Riemann} {Surfaces}}, isbn = {978-3-03719-145-3}, url = {https://www.ems-ph.org/books/book.php?proj_nr=198&srch=series%7Chem}, urldate = {2019-02-03}, author = {de Saint-Gervais, Paul Henri}, year = {2016}, doi = {10.4171/145} } In the bibliography down the paper the reference shows like this: There is the DOI, great, but also the URL which is unnecessary when the DOI is there. How can I remove the URL when the DOI is present? biblatex bibliographies overleaf zote
                    Read more

                    ComboBox Display Member on multiple fields

                    Image
                    2 I'm trying to set the .DisplayMember property of a ComboBox in C#, but I want to bind it to multiple columns in the .DataSouce . My SQL looks like this: SELECT PersNbr, PersFirstName, PersMiddleName, PersLastName FROM Pers WHERE PersNbr = :persNbr; I'm saving this query in a DataTable so each column selected has it's own column in the Datatable . I want to make the .DisplayMember a combination of PersFirstName + PersMiddleName + PersLastName so their full name appears like this: comboBox.DisplayMemeber = "PersFirstName" + "PersMiddleName" + "PersLastName" I know I can just to this on the query: SELECT PersNbr, (PersFirstName || PersMiddleName || PersLastName) PersName and then just do this: comboBox.DisplayMember = "PersName"; but I
                    Read more

                    Is it possible to collect Nectar points via Trainline?

                    Image
                    2 Since I am not eligible for any Railcard, the only available discount/bonus scheme is Nectar Card for me. GWR, SWR, LNER and Virgin Trains allow to collect Nectar points and I have already linked a card to my GWR account. A friend suggested me to use Trainline App, because it can search for bus tickets either. I had a look at the application, but could not see any option for Nectar. Is there a way to collect Nectar points when I buy tickets via Trainline? uk trains loyalty-programs trainline share | improve this question asked Dec 2 '18 at 15:50 ahmedus 3,224 5 19 49
                    Read more