Spring Boot Microsoft AD Authentication












0















I know little about Spring Boot and even less about Active Directory.



I need to Authenticate against Microsoft Active Directory using Spring Boot and JWT. I have working JWT with user from memory but i am having trouble authenticating against user from Microsoft AD.



Microsoft AD setup:




  • Active Directory is running on Windows Server 2012r2 (192.168.1.166).


  • AD users.


  • AD user property.


Spring Boot app is running on: 192.168.1.31:8082

Spring Boot config:



import com.mts.oh.config.cors.SimpleCORSFilter;

import org.springframework.beans.factory.annotation.Autowired;

import org.springframework.context.annotation.Bean;

import org.springframework.context.annotation.Configuration;

import org.springframework.http.HttpMethod;

import org.springframework.security.authentication.AuthenticationManager;

import org.springframework.security.authentication.AuthenticationProvider;

import org.springframework.security.authentication.ProviderManager;

import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;

import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;

import org.springframework.security.config.annotation.web.builders.HttpSecurity;

import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;

import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;

import org.springframework.security.ldap.authentication.ad.ActiveDirectoryLdapAuthenticationProvider;

import org.springframework.security.web.access.channel.ChannelProcessingFilter;

import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;



import java.util.Arrays;



@Configuration

@EnableWebSecurity

@EnableGlobalMethodSecurity(securedEnabled = true, prePostEnabled = true)

public class WebSecurityConfig extends WebSecurityConfigurerAdapter {



    @Autowired

    private SimpleCORSFilter myCorsFilter;



    @Autowired

    private JwtAuthenticationEntryPoint unauthorizedHandler;



    @Override

    protected void configure(HttpSecurity http) throws Exception {

        http.addFilterBefore(myCorsFilter, ChannelProcessingFilter.class).

                csrf().disable().

                exceptionHandling().authenticationEntryPoint(unauthorizedHandler).

                and().

                authorizeRequests().

                antMatchers(HttpMethod.POST, "/api/login").permitAll().

                anyRequest().authenticated().

                and().

                addFilterBefore(new LoginInterceptor("/api/login", authenticationManager()), UsernamePasswordAuthenticationFilter.class).

                addFilterBefore(new JwtInterceptor(), UsernamePasswordAuthenticationFilter.class);

    }



    @Override

    protected void configure(AuthenticationManagerBuilder authManagerBuilder) throws Exception {

        authManagerBuilder.authenticationProvider(activeDirectoryLdapAuthenticationProvider()).userDetailsService(userDetailsService());

    }



    @Bean

    public AuthenticationManager authenticationManager() {

        return new ProviderManager(Arrays.asList(activeDirectoryLdapAuthenticationProvider()));

    }



    @Bean

    public AuthenticationProvider activeDirectoryLdapAuthenticationProvider() {

        ActiveDirectoryLdapAuthenticationProvider provider = new ActiveDirectoryLdapAuthenticationProvider("bmad.com",

            "ldap://192.168.1.166:389/DC=bmad,DC=com");

    provider.setSearchFilter("OU=devs,OU=employees");

    provider.setConvertSubErrorCodesToExceptions(true);

    provider.setUseAuthenticationRequestCredentials(true);



        return provider;

    }

}


Login endpoint is: /api/login.
Postman request:





  • Login Request Body

  • Login Request Headers


Stack Trace:



> rg.springframework.security.authentication.BadCredentialsException:

> Bad credentials

>       at org.springframework.security.ldap.authentication.ad.ActiveDirectoryLdapAuthenticationProvider.badCredentials(ActiveDirectoryLdapAuthenticationProvider.java:295)

>       at org.springframework.security.ldap.authentication.ad.ActiveDirectoryLdapAuthenticationProvider.badCredentials(ActiveDirectoryLdapAuthenticationProvider.java:300)

>       at org.springframework.security.ldap.authentication.ad.ActiveDirectoryLdapAuthenticationProvider.raiseExceptionForErrorCode(ActiveDirectoryLdapAuthenticationProvider.java:267)

>       at org.springframework.security.ldap.authentication.ad.ActiveDirectoryLdapAuthenticationProvider.handleBindException(ActiveDirectoryLdapAuthenticationProvider.java:233)

>       at org.springframework.security.ldap.authentication.ad.ActiveDirectoryLdapAuthenticationProvider.bindAsUser(ActiveDirectoryLdapAuthenticationProvider.java:208)

>       at org.springframework.security.ldap.authentication.ad.ActiveDirectoryLdapAuthenticationProvider.doAuthentication(ActiveDirectoryLdapAuthenticationProvider.java:144)

>       at org.springframework.security.ldap.authentication.AbstractLdapAuthenticationProvider.authenticate(AbstractLdapAuthenticationProvider.java:85)

>       at org.springframework.security.authentication.ProviderManager.authenticate(ProviderManager.java:174)

>       at com.mts.oh.config.security.LoginInterceptor.attemptAuthentication(LoginInterceptor.java:28)

>       at org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:212)

>       at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331)

>       at org.springframework.security.web.authentication.logout.LogoutFilter.doFilter(LogoutFilter.java:116)

>       at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331)

>       at org.springframework.security.web.header.HeaderWriterFilter.doFilterInternal(HeaderWriterFilter.java:64)

>       at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)

>       at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331)

>       at org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:105)

>       at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331)

>       at org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter.doFilterInternal(WebAsyncManagerIntegrationFilter.java:56)

>       at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)

>       at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331)

>       at com.mts.oh.config.cors.SimpleCORSFilter.doFilter(SimpleCORSFilter.java:32)

>       at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331)

>       at org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:214)

>       at org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:177)

>       at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:346)

>       at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:262)

>       at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)

>       at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)

>       at org.springframework.web.filter.RequestContextFilter.doFilterInternal(RequestContextFilter.java:99)

>       at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)

>       at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)

>       at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)

>       at org.springframework.web.filter.HttpPutFormContentFilter.doFilterInternal(HttpPutFormContentFilter.java:108)

>       at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)

>       at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)

>       at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)

>       at org.springframework.web.filter.HiddenHttpMethodFilter.doFilterInternal(HiddenHttpMethodFilter.java:81)

>       at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)

>       at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)

>       at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)

>       at org.springframework.web.filter.CharacterEncodingFilter.doFilterInternal(CharacterEncodingFilter.java:197)

>       at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)

>       at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)

>       at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)

>       at com.mts.oh.config.cors.SimpleCORSFilter.doFilter(SimpleCORSFilter.java:32)

>       at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)

>       at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)

>       at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:198)

>       at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:96)

>       at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:478)

>       at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:140)

>       at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:80)

>       at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:87)

>       at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:342)

>       at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:799)

>       at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:66)

>       at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:868)

>       at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1457)

>       at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49)

>       at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)

>       at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)

>       at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)

>       at java.lang.Thread.run(Thread.java:748)

>     Caused by: org.springframework.security.ldap.authentication.ad.ActiveDirectoryAuthenticationException:

> [LDAP: error code 49 - 80090308: LdapErr: DSID-0C0903C5, comment:

> AcceptSecurityContext error, data 773, v2580 ]

>       at org.springframework.security.ldap.authentication.ad.ActiveDirectoryLdapAuthenticationProvider.raiseExceptionForErrorCode(ActiveDirectoryLdapAuthenticationProvider.java:250)

>       ... 61 common frames omitted

>     Caused by: javax.naming.AuthenticationException: [LDAP: error code 49 - 80090308: LdapErr: DSID-0C0903C5, comment: AcceptSecurityContext

> error, data 773, v2580 ]

>       at com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:3154)

>       at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:3100)

>       at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2886)

>       at com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2800)

>       at com.sun.jndi.ldap.LdapCtx.<init>(LdapCtx.java:319)

>       at com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(LdapCtxFactory.java:192)

>       at com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(LdapCtxFactory.java:210)

>       at com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(LdapCtxFactory.java:153)

>       at com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(LdapCtxFactory.java:83)

>       at javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:684)

>       at javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:313)

>       at javax.naming.InitialContext.init(InitialContext.java:244)

>       at javax.naming.ldap.InitialLdapContext.<init>(InitialLdapContext.java:154)

>       at org.springframework.security.ldap.authentication.ad.ActiveDirectoryLdapAuthenticationProvider$ContextFactory.createContext(ActiveDirectoryLdapAuthenticationProvider.java:402)

>       at org.springframework.security.ldap.authentication.ad.ActiveDirectoryLdapAuthenticationProvider.bindAsUser(ActiveDirectoryLdapAuthenticationProvider.java:203)

>       ... 59 common frames omitted


I have tried different combinations of username and password but none of them work:




  • John Doe / ****

  • johnupn / ****

  • johnupn@bmad.com / ****

  • bmadjohnupn / ****


I have picked up Spring Boot configuration from:
https://medium.com/@dmarko484/spring-boot-active-directory-authentication-5ea04969f220

and
https://www.ziaconsulting.com/developer-help/spring-security-active-directory/

but these do not work for me.






java spring-boot spring-security active-directory







share|improve this question



























    0















    I know little about Spring Boot and even less about Active Directory.



    I need to Authenticate against Microsoft Active Directory using Spring Boot and JWT. I have working JWT with user from memory but i am having trouble authenticating against user from Microsoft AD.



    Microsoft AD setup:




    • Active Directory is running on Windows Server 2012r2 (192.168.1.166).


    • AD users.


    • AD user property.


    Spring Boot app is running on: 192.168.1.31:8082

    Spring Boot config:



    import com.mts.oh.config.cors.SimpleCORSFilter;
    
import org.springframework.beans.factory.annotation.Autowired;
    
import org.springframework.context.annotation.Bean;
    
import org.springframework.context.annotation.Configuration;
    
import org.springframework.http.HttpMethod;
    
import org.springframework.security.authentication.AuthenticationManager;
    
import org.springframework.security.authentication.AuthenticationProvider;
    
import org.springframework.security.authentication.ProviderManager;
    
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
    
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
    
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
    
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
    
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
    
import org.springframework.security.ldap.authentication.ad.ActiveDirectoryLdapAuthenticationProvider;
    
import org.springframework.security.web.access.channel.ChannelProcessingFilter;
    
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
    

    
import java.util.Arrays;
    

    
@Configuration
    
@EnableWebSecurity
    
@EnableGlobalMethodSecurity(securedEnabled = true, prePostEnabled = true)
    
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
    

    
    @Autowired
    
    private SimpleCORSFilter myCorsFilter;
    

    
    @Autowired
    
    private JwtAuthenticationEntryPoint unauthorizedHandler;
    

    
    @Override
    
    protected void configure(HttpSecurity http) throws Exception {
    
        http.addFilterBefore(myCorsFilter, ChannelProcessingFilter.class).
    
                csrf().disable().
    
                exceptionHandling().authenticationEntryPoint(unauthorizedHandler).
    
                and().
    
                authorizeRequests().
    
                antMatchers(HttpMethod.POST, "/api/login").permitAll().
    
                anyRequest().authenticated().
    
                and().
    
                addFilterBefore(new LoginInterceptor("/api/login", authenticationManager()), UsernamePasswordAuthenticationFilter.class).
    
                addFilterBefore(new JwtInterceptor(), UsernamePasswordAuthenticationFilter.class);
    
    }
    

    
    @Override
    
    protected void configure(AuthenticationManagerBuilder authManagerBuilder) throws Exception {
    
        authManagerBuilder.authenticationProvider(activeDirectoryLdapAuthenticationProvider()).userDetailsService(userDetailsService());
    
    }
    

    
    @Bean
    
    public AuthenticationManager authenticationManager() {
    
        return new ProviderManager(Arrays.asList(activeDirectoryLdapAuthenticationProvider()));
    
    }
    

    
    @Bean
    
    public AuthenticationProvider activeDirectoryLdapAuthenticationProvider() {
    
        ActiveDirectoryLdapAuthenticationProvider provider = new ActiveDirectoryLdapAuthenticationProvider("bmad.com",
    
            "ldap://192.168.1.166:389/DC=bmad,DC=com");
    
    provider.setSearchFilter("OU=devs,OU=employees");
    
    provider.setConvertSubErrorCodesToExceptions(true);
    
    provider.setUseAuthenticationRequestCredentials(true);
    

    
        return provider;
    
    }
    
}


    Login endpoint is: /api/login.
    Postman request:





    • Login Request Body

    • Login Request Headers


    Stack Trace:



    > rg.springframework.security.authentication.BadCredentialsException:
    
> Bad credentials
    
>       at org.springframework.security.ldap.authentication.ad.ActiveDirectoryLdapAuthenticationProvider.badCredentials(ActiveDirectoryLdapAuthenticationProvider.java:295)
    
>       at org.springframework.security.ldap.authentication.ad.ActiveDirectoryLdapAuthenticationProvider.badCredentials(ActiveDirectoryLdapAuthenticationProvider.java:300)
    
>       at org.springframework.security.ldap.authentication.ad.ActiveDirectoryLdapAuthenticationProvider.raiseExceptionForErrorCode(ActiveDirectoryLdapAuthenticationProvider.java:267)
    
>       at org.springframework.security.ldap.authentication.ad.ActiveDirectoryLdapAuthenticationProvider.handleBindException(ActiveDirectoryLdapAuthenticationProvider.java:233)
    
>       at org.springframework.security.ldap.authentication.ad.ActiveDirectoryLdapAuthenticationProvider.bindAsUser(ActiveDirectoryLdapAuthenticationProvider.java:208)
    
>       at org.springframework.security.ldap.authentication.ad.ActiveDirectoryLdapAuthenticationProvider.doAuthentication(ActiveDirectoryLdapAuthenticationProvider.java:144)
    
>       at org.springframework.security.ldap.authentication.AbstractLdapAuthenticationProvider.authenticate(AbstractLdapAuthenticationProvider.java:85)
    
>       at org.springframework.security.authentication.ProviderManager.authenticate(ProviderManager.java:174)
    
>       at com.mts.oh.config.security.LoginInterceptor.attemptAuthentication(LoginInterceptor.java:28)
    
>       at org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:212)
    
>       at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331)
    
>       at org.springframework.security.web.authentication.logout.LogoutFilter.doFilter(LogoutFilter.java:116)
    
>       at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331)
    
>       at org.springframework.security.web.header.HeaderWriterFilter.doFilterInternal(HeaderWriterFilter.java:64)
    
>       at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
    
>       at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331)
    
>       at org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:105)
    
>       at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331)
    
>       at org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter.doFilterInternal(WebAsyncManagerIntegrationFilter.java:56)
    
>       at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
    
>       at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331)
    
>       at com.mts.oh.config.cors.SimpleCORSFilter.doFilter(SimpleCORSFilter.java:32)
    
>       at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331)
    
>       at org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:214)
    
>       at org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:177)
    
>       at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:346)
    
>       at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:262)
    
>       at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
    
>       at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
    
>       at org.springframework.web.filter.RequestContextFilter.doFilterInternal(RequestContextFilter.java:99)
    
>       at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
    
>       at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
    
>       at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
    
>       at org.springframework.web.filter.HttpPutFormContentFilter.doFilterInternal(HttpPutFormContentFilter.java:108)
    
>       at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
    
>       at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
    
>       at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
    
>       at org.springframework.web.filter.HiddenHttpMethodFilter.doFilterInternal(HiddenHttpMethodFilter.java:81)
    
>       at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
    
>       at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
    
>       at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
    
>       at org.springframework.web.filter.CharacterEncodingFilter.doFilterInternal(CharacterEncodingFilter.java:197)
    
>       at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
    
>       at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
    
>       at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
    
>       at com.mts.oh.config.cors.SimpleCORSFilter.doFilter(SimpleCORSFilter.java:32)
    
>       at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
    
>       at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
    
>       at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:198)
    
>       at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:96)
    
>       at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:478)
    
>       at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:140)
    
>       at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:80)
    
>       at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:87)
    
>       at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:342)
    
>       at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:799)
    
>       at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:66)
    
>       at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:868)
    
>       at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1457)
    
>       at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49)
    
>       at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
    
>       at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
    
>       at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
    
>       at java.lang.Thread.run(Thread.java:748)
    
>     Caused by: org.springframework.security.ldap.authentication.ad.ActiveDirectoryAuthenticationException:
    
> [LDAP: error code 49 - 80090308: LdapErr: DSID-0C0903C5, comment:
    
> AcceptSecurityContext error, data 773, v2580 ]
    
>       at org.springframework.security.ldap.authentication.ad.ActiveDirectoryLdapAuthenticationProvider.raiseExceptionForErrorCode(ActiveDirectoryLdapAuthenticationProvider.java:250)
    
>       ... 61 common frames omitted
    
>     Caused by: javax.naming.AuthenticationException: [LDAP: error code 49 - 80090308: LdapErr: DSID-0C0903C5, comment: AcceptSecurityContext
    
> error, data 773, v2580 ]
    
>       at com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:3154)
    
>       at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:3100)
    
>       at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2886)
    
>       at com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2800)
    
>       at com.sun.jndi.ldap.LdapCtx.<init>(LdapCtx.java:319)
    
>       at com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(LdapCtxFactory.java:192)
    
>       at com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(LdapCtxFactory.java:210)
    
>       at com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(LdapCtxFactory.java:153)
    
>       at com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(LdapCtxFactory.java:83)
    
>       at javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:684)
    
>       at javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:313)
    
>       at javax.naming.InitialContext.init(InitialContext.java:244)
    
>       at javax.naming.ldap.InitialLdapContext.<init>(InitialLdapContext.java:154)
    
>       at org.springframework.security.ldap.authentication.ad.ActiveDirectoryLdapAuthenticationProvider$ContextFactory.createContext(ActiveDirectoryLdapAuthenticationProvider.java:402)
    
>       at org.springframework.security.ldap.authentication.ad.ActiveDirectoryLdapAuthenticationProvider.bindAsUser(ActiveDirectoryLdapAuthenticationProvider.java:203)
    
>       ... 59 common frames omitted


    I have tried different combinations of username and password but none of them work:




    • John Doe / ****

    • johnupn / ****

    • johnupn@bmad.com / ****

    • bmadjohnupn / ****


    I have picked up Spring Boot configuration from:
    https://medium.com/@dmarko484/spring-boot-active-directory-authentication-5ea04969f220

    and
    https://www.ziaconsulting.com/developer-help/spring-security-active-directory/

    but these do not work for me.






    java spring-boot spring-security active-directory







    share|improve this question

























      0












      0








      0








      I know little about Spring Boot and even less about Active Directory.



      I need to Authenticate against Microsoft Active Directory using Spring Boot and JWT. I have working JWT with user from memory but i am having trouble authenticating against user from Microsoft AD.



      Microsoft AD setup:




      • Active Directory is running on Windows Server 2012r2 (192.168.1.166).


      • AD users.


      • AD user property.


      Spring Boot app is running on: 192.168.1.31:8082

      Spring Boot config:



      import com.mts.oh.config.cors.SimpleCORSFilter;
      
import org.springframework.beans.factory.annotation.Autowired;
      
import org.springframework.context.annotation.Bean;
      
import org.springframework.context.annotation.Configuration;
      
import org.springframework.http.HttpMethod;
      
import org.springframework.security.authentication.AuthenticationManager;
      
import org.springframework.security.authentication.AuthenticationProvider;
      
import org.springframework.security.authentication.ProviderManager;
      
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
      
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
      
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
      
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
      
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
      
import org.springframework.security.ldap.authentication.ad.ActiveDirectoryLdapAuthenticationProvider;
      
import org.springframework.security.web.access.channel.ChannelProcessingFilter;
      
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
      

      
import java.util.Arrays;
      

      
@Configuration
      
@EnableWebSecurity
      
@EnableGlobalMethodSecurity(securedEnabled = true, prePostEnabled = true)
      
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
      

      
    @Autowired
      
    private SimpleCORSFilter myCorsFilter;
      

      
    @Autowired
      
    private JwtAuthenticationEntryPoint unauthorizedHandler;
      

      
    @Override
      
    protected void configure(HttpSecurity http) throws Exception {
      
        http.addFilterBefore(myCorsFilter, ChannelProcessingFilter.class).
      
                csrf().disable().
      
                exceptionHandling().authenticationEntryPoint(unauthorizedHandler).
      
                and().
      
                authorizeRequests().
      
                antMatchers(HttpMethod.POST, "/api/login").permitAll().
      
                anyRequest().authenticated().
      
                and().
      
                addFilterBefore(new LoginInterceptor("/api/login", authenticationManager()), UsernamePasswordAuthenticationFilter.class).
      
                addFilterBefore(new JwtInterceptor(), UsernamePasswordAuthenticationFilter.class);
      
    }
      

      
    @Override
      
    protected void configure(AuthenticationManagerBuilder authManagerBuilder) throws Exception {
      
        authManagerBuilder.authenticationProvider(activeDirectoryLdapAuthenticationProvider()).userDetailsService(userDetailsService());
      
    }
      

      
    @Bean
      
    public AuthenticationManager authenticationManager() {
      
        return new ProviderManager(Arrays.asList(activeDirectoryLdapAuthenticationProvider()));
      
    }
      

      
    @Bean
      
    public AuthenticationProvider activeDirectoryLdapAuthenticationProvider() {
      
        ActiveDirectoryLdapAuthenticationProvider provider = new ActiveDirectoryLdapAuthenticationProvider("bmad.com",
      
            "ldap://192.168.1.166:389/DC=bmad,DC=com");
      
    provider.setSearchFilter("OU=devs,OU=employees");
      
    provider.setConvertSubErrorCodesToExceptions(true);
      
    provider.setUseAuthenticationRequestCredentials(true);
      

      
        return provider;
      
    }
      
}


      Login endpoint is: /api/login.
      Postman request:





      • Login Request Body

      • Login Request Headers


      Stack Trace:



      > rg.springframework.security.authentication.BadCredentialsException:
      
> Bad credentials
      
>       at org.springframework.security.ldap.authentication.ad.ActiveDirectoryLdapAuthenticationProvider.badCredentials(ActiveDirectoryLdapAuthenticationProvider.java:295)
      
>       at org.springframework.security.ldap.authentication.ad.ActiveDirectoryLdapAuthenticationProvider.badCredentials(ActiveDirectoryLdapAuthenticationProvider.java:300)
      
>       at org.springframework.security.ldap.authentication.ad.ActiveDirectoryLdapAuthenticationProvider.raiseExceptionForErrorCode(ActiveDirectoryLdapAuthenticationProvider.java:267)
      
>       at org.springframework.security.ldap.authentication.ad.ActiveDirectoryLdapAuthenticationProvider.handleBindException(ActiveDirectoryLdapAuthenticationProvider.java:233)
      
>       at org.springframework.security.ldap.authentication.ad.ActiveDirectoryLdapAuthenticationProvider.bindAsUser(ActiveDirectoryLdapAuthenticationProvider.java:208)
      
>       at org.springframework.security.ldap.authentication.ad.ActiveDirectoryLdapAuthenticationProvider.doAuthentication(ActiveDirectoryLdapAuthenticationProvider.java:144)
      
>       at org.springframework.security.ldap.authentication.AbstractLdapAuthenticationProvider.authenticate(AbstractLdapAuthenticationProvider.java:85)
      
>       at org.springframework.security.authentication.ProviderManager.authenticate(ProviderManager.java:174)
      
>       at com.mts.oh.config.security.LoginInterceptor.attemptAuthentication(LoginInterceptor.java:28)
      
>       at org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:212)
      
>       at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331)
      
>       at org.springframework.security.web.authentication.logout.LogoutFilter.doFilter(LogoutFilter.java:116)
      
>       at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331)
      
>       at org.springframework.security.web.header.HeaderWriterFilter.doFilterInternal(HeaderWriterFilter.java:64)
      
>       at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
      
>       at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331)
      
>       at org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:105)
      
>       at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331)
      
>       at org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter.doFilterInternal(WebAsyncManagerIntegrationFilter.java:56)
      
>       at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
      
>       at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331)
      
>       at com.mts.oh.config.cors.SimpleCORSFilter.doFilter(SimpleCORSFilter.java:32)
      
>       at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331)
      
>       at org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:214)
      
>       at org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:177)
      
>       at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:346)
      
>       at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:262)
      
>       at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
      
>       at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
      
>       at org.springframework.web.filter.RequestContextFilter.doFilterInternal(RequestContextFilter.java:99)
      
>       at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
      
>       at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
      
>       at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
      
>       at org.springframework.web.filter.HttpPutFormContentFilter.doFilterInternal(HttpPutFormContentFilter.java:108)
      
>       at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
      
>       at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
      
>       at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
      
>       at org.springframework.web.filter.HiddenHttpMethodFilter.doFilterInternal(HiddenHttpMethodFilter.java:81)
      
>       at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
      
>       at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
      
>       at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
      
>       at org.springframework.web.filter.CharacterEncodingFilter.doFilterInternal(CharacterEncodingFilter.java:197)
      
>       at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
      
>       at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
      
>       at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
      
>       at com.mts.oh.config.cors.SimpleCORSFilter.doFilter(SimpleCORSFilter.java:32)
      
>       at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
      
>       at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
      
>       at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:198)
      
>       at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:96)
      
>       at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:478)
      
>       at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:140)
      
>       at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:80)
      
>       at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:87)
      
>       at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:342)
      
>       at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:799)
      
>       at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:66)
      
>       at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:868)
      
>       at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1457)
      
>       at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49)
      
>       at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
      
>       at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
      
>       at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
      
>       at java.lang.Thread.run(Thread.java:748)
      
>     Caused by: org.springframework.security.ldap.authentication.ad.ActiveDirectoryAuthenticationException:
      
> [LDAP: error code 49 - 80090308: LdapErr: DSID-0C0903C5, comment:
      
> AcceptSecurityContext error, data 773, v2580 ]
      
>       at org.springframework.security.ldap.authentication.ad.ActiveDirectoryLdapAuthenticationProvider.raiseExceptionForErrorCode(ActiveDirectoryLdapAuthenticationProvider.java:250)
      
>       ... 61 common frames omitted
      
>     Caused by: javax.naming.AuthenticationException: [LDAP: error code 49 - 80090308: LdapErr: DSID-0C0903C5, comment: AcceptSecurityContext
      
> error, data 773, v2580 ]
      
>       at com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:3154)
      
>       at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:3100)
      
>       at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2886)
      
>       at com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2800)
      
>       at com.sun.jndi.ldap.LdapCtx.<init>(LdapCtx.java:319)
      
>       at com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(LdapCtxFactory.java:192)
      
>       at com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(LdapCtxFactory.java:210)
      
>       at com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(LdapCtxFactory.java:153)
      
>       at com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(LdapCtxFactory.java:83)
      
>       at javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:684)
      
>       at javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:313)
      
>       at javax.naming.InitialContext.init(InitialContext.java:244)
      
>       at javax.naming.ldap.InitialLdapContext.<init>(InitialLdapContext.java:154)
      
>       at org.springframework.security.ldap.authentication.ad.ActiveDirectoryLdapAuthenticationProvider$ContextFactory.createContext(ActiveDirectoryLdapAuthenticationProvider.java:402)
      
>       at org.springframework.security.ldap.authentication.ad.ActiveDirectoryLdapAuthenticationProvider.bindAsUser(ActiveDirectoryLdapAuthenticationProvider.java:203)
      
>       ... 59 common frames omitted


      I have tried different combinations of username and password but none of them work:




      • John Doe / ****

      • johnupn / ****

      • johnupn@bmad.com / ****

      • bmadjohnupn / ****


      I have picked up Spring Boot configuration from:
      https://medium.com/@dmarko484/spring-boot-active-directory-authentication-5ea04969f220

      and
      https://www.ziaconsulting.com/developer-help/spring-security-active-directory/

      but these do not work for me.






      java spring-boot spring-security active-directory







      share|improve this question














      I know little about Spring Boot and even less about Active Directory.



      I need to Authenticate against Microsoft Active Directory using Spring Boot and JWT. I have working JWT with user from memory but i am having trouble authenticating against user from Microsoft AD.



      Microsoft AD setup:




      • Active Directory is running on Windows Server 2012r2 (192.168.1.166).


      • AD users.


      • AD user property.


      Spring Boot app is running on: 192.168.1.31:8082

      Spring Boot config:



      import com.mts.oh.config.cors.SimpleCORSFilter;
      
import org.springframework.beans.factory.annotation.Autowired;
      
import org.springframework.context.annotation.Bean;
      
import org.springframework.context.annotation.Configuration;
      
import org.springframework.http.HttpMethod;
      
import org.springframework.security.authentication.AuthenticationManager;
      
import org.springframework.security.authentication.AuthenticationProvider;
      
import org.springframework.security.authentication.ProviderManager;
      
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
      
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
      
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
      
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
      
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
      
import org.springframework.security.ldap.authentication.ad.ActiveDirectoryLdapAuthenticationProvider;
      
import org.springframework.security.web.access.channel.ChannelProcessingFilter;
      
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
      

      
import java.util.Arrays;
      

      
@Configuration
      
@EnableWebSecurity
      
@EnableGlobalMethodSecurity(securedEnabled = true, prePostEnabled = true)
      
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
      

      
    @Autowired
      
    private SimpleCORSFilter myCorsFilter;
      

      
    @Autowired
      
    private JwtAuthenticationEntryPoint unauthorizedHandler;
      

      
    @Override
      
    protected void configure(HttpSecurity http) throws Exception {
      
        http.addFilterBefore(myCorsFilter, ChannelProcessingFilter.class).
      
                csrf().disable().
      
                exceptionHandling().authenticationEntryPoint(unauthorizedHandler).
      
                and().
      
                authorizeRequests().
      
                antMatchers(HttpMethod.POST, "/api/login").permitAll().
      
                anyRequest().authenticated().
      
                and().
      
                addFilterBefore(new LoginInterceptor("/api/login", authenticationManager()), UsernamePasswordAuthenticationFilter.class).
      
                addFilterBefore(new JwtInterceptor(), UsernamePasswordAuthenticationFilter.class);
      
    }
      

      
    @Override
      
    protected void configure(AuthenticationManagerBuilder authManagerBuilder) throws Exception {
      
        authManagerBuilder.authenticationProvider(activeDirectoryLdapAuthenticationProvider()).userDetailsService(userDetailsService());
      
    }
      

      
    @Bean
      
    public AuthenticationManager authenticationManager() {
      
        return new ProviderManager(Arrays.asList(activeDirectoryLdapAuthenticationProvider()));
      
    }
      

      
    @Bean
      
    public AuthenticationProvider activeDirectoryLdapAuthenticationProvider() {
      
        ActiveDirectoryLdapAuthenticationProvider provider = new ActiveDirectoryLdapAuthenticationProvider("bmad.com",
      
            "ldap://192.168.1.166:389/DC=bmad,DC=com");
      
    provider.setSearchFilter("OU=devs,OU=employees");
      
    provider.setConvertSubErrorCodesToExceptions(true);
      
    provider.setUseAuthenticationRequestCredentials(true);
      

      
        return provider;
      
    }
      
}


      Login endpoint is: /api/login.
      Postman request:





      • Login Request Body

      • Login Request Headers


      Stack Trace:



      > rg.springframework.security.authentication.BadCredentialsException:
      
> Bad credentials
      
>       at org.springframework.security.ldap.authentication.ad.ActiveDirectoryLdapAuthenticationProvider.badCredentials(ActiveDirectoryLdapAuthenticationProvider.java:295)
      
>       at org.springframework.security.ldap.authentication.ad.ActiveDirectoryLdapAuthenticationProvider.badCredentials(ActiveDirectoryLdapAuthenticationProvider.java:300)
      
>       at org.springframework.security.ldap.authentication.ad.ActiveDirectoryLdapAuthenticationProvider.raiseExceptionForErrorCode(ActiveDirectoryLdapAuthenticationProvider.java:267)
      
>       at org.springframework.security.ldap.authentication.ad.ActiveDirectoryLdapAuthenticationProvider.handleBindException(ActiveDirectoryLdapAuthenticationProvider.java:233)
      
>       at org.springframework.security.ldap.authentication.ad.ActiveDirectoryLdapAuthenticationProvider.bindAsUser(ActiveDirectoryLdapAuthenticationProvider.java:208)
      
>       at org.springframework.security.ldap.authentication.ad.ActiveDirectoryLdapAuthenticationProvider.doAuthentication(ActiveDirectoryLdapAuthenticationProvider.java:144)
      
>       at org.springframework.security.ldap.authentication.AbstractLdapAuthenticationProvider.authenticate(AbstractLdapAuthenticationProvider.java:85)
      
>       at org.springframework.security.authentication.ProviderManager.authenticate(ProviderManager.java:174)
      
>       at com.mts.oh.config.security.LoginInterceptor.attemptAuthentication(LoginInterceptor.java:28)
      
>       at org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:212)
      
>       at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331)
      
>       at org.springframework.security.web.authentication.logout.LogoutFilter.doFilter(LogoutFilter.java:116)
      
>       at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331)
      
>       at org.springframework.security.web.header.HeaderWriterFilter.doFilterInternal(HeaderWriterFilter.java:64)
      
>       at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
      
>       at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331)
      
>       at org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:105)
      
>       at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331)
      
>       at org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter.doFilterInternal(WebAsyncManagerIntegrationFilter.java:56)
      
>       at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
      
>       at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331)
      
>       at com.mts.oh.config.cors.SimpleCORSFilter.doFilter(SimpleCORSFilter.java:32)
      
>       at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331)
      
>       at org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:214)
      
>       at org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:177)
      
>       at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:346)
      
>       at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:262)
      
>       at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
      
>       at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
      
>       at org.springframework.web.filter.RequestContextFilter.doFilterInternal(RequestContextFilter.java:99)
      
>       at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
      
>       at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
      
>       at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
      
>       at org.springframework.web.filter.HttpPutFormContentFilter.doFilterInternal(HttpPutFormContentFilter.java:108)
      
>       at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
      
>       at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
      
>       at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
      
>       at org.springframework.web.filter.HiddenHttpMethodFilter.doFilterInternal(HiddenHttpMethodFilter.java:81)
      
>       at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
      
>       at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
      
>       at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
      
>       at org.springframework.web.filter.CharacterEncodingFilter.doFilterInternal(CharacterEncodingFilter.java:197)
      
>       at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
      
>       at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
      
>       at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
      
>       at com.mts.oh.config.cors.SimpleCORSFilter.doFilter(SimpleCORSFilter.java:32)
      
>       at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
      
>       at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
      
>       at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:198)
      
>       at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:96)
      
>       at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:478)
      
>       at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:140)
      
>       at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:80)
      
>       at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:87)
      
>       at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:342)
      
>       at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:799)
      
>       at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:66)
      
>       at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:868)
      
>       at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1457)
      
>       at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49)
      
>       at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
      
>       at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
      
>       at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
      
>       at java.lang.Thread.run(Thread.java:748)
      
>     Caused by: org.springframework.security.ldap.authentication.ad.ActiveDirectoryAuthenticationException:
      
> [LDAP: error code 49 - 80090308: LdapErr: DSID-0C0903C5, comment:
      
> AcceptSecurityContext error, data 773, v2580 ]
      
>       at org.springframework.security.ldap.authentication.ad.ActiveDirectoryLdapAuthenticationProvider.raiseExceptionForErrorCode(ActiveDirectoryLdapAuthenticationProvider.java:250)
      
>       ... 61 common frames omitted
      
>     Caused by: javax.naming.AuthenticationException: [LDAP: error code 49 - 80090308: LdapErr: DSID-0C0903C5, comment: AcceptSecurityContext
      
> error, data 773, v2580 ]
      
>       at com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:3154)
      
>       at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:3100)
      
>       at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2886)
      
>       at com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2800)
      
>       at com.sun.jndi.ldap.LdapCtx.<init>(LdapCtx.java:319)
      
>       at com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(LdapCtxFactory.java:192)
      
>       at com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(LdapCtxFactory.java:210)
      
>       at com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(LdapCtxFactory.java:153)
      
>       at com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(LdapCtxFactory.java:83)
      
>       at javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:684)
      
>       at javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:313)
      
>       at javax.naming.InitialContext.init(InitialContext.java:244)
      
>       at javax.naming.ldap.InitialLdapContext.<init>(InitialLdapContext.java:154)
      
>       at org.springframework.security.ldap.authentication.ad.ActiveDirectoryLdapAuthenticationProvider$ContextFactory.createContext(ActiveDirectoryLdapAuthenticationProvider.java:402)
      
>       at org.springframework.security.ldap.authentication.ad.ActiveDirectoryLdapAuthenticationProvider.bindAsUser(ActiveDirectoryLdapAuthenticationProvider.java:203)
      
>       ... 59 common frames omitted


      I have tried different combinations of username and password but none of them work:




      • John Doe / ****

      • johnupn / ****

      • johnupn@bmad.com / ****

      • bmadjohnupn / ****


      I have picked up Spring Boot configuration from:
      https://medium.com/@dmarko484/spring-boot-active-directory-authentication-5ea04969f220

      and
      https://www.ziaconsulting.com/developer-help/spring-security-active-directory/

      but these do not work for me.






      java spring-boot spring-security active-directory




      java spring-boot spring-security active-directory






      share|improve this question













      share|improve this question











      share|improve this question




      share|improve this question










      asked Nov 20 '18 at 9:34









      msforenter090msforenter090

      64




      64
























          1 Answer
          1






          active

          oldest

          votes


















          0














          From a computer logged into the domain, a user can find the values for their account using whoami. Below shows the commands to get a user's sAMAccountName, userPrincipalName, and fully qualified distinguished name respectively. Active Directory uses all three of these as the username when authenticating via LDAP. 



          c:>whoami
          
mydomainlisa
          

          
c:>whoami /upn
          
lisa@mydomain.ccTLD
          

          
c:>whoami /fqdn
          
CN=Smith, Lisa,OU=GPOTest,OU=IT,OU=Company,DC=mydomain,DC=ccTLD





          share|improve this answer























            Your Answer






            StackExchange.ifUsing("editor", function () {
            StackExchange.using("externalEditor", function () {
            StackExchange.using("snippets", function () {
            StackExchange.snippets.init();
            });
            });
            }, "code-snippets");

            StackExchange.ready(function() {
            var channelOptions = {
            tags: "".split(" "),
            id: "1"
            };
            initTagRenderer("".split(" "), "".split(" "), channelOptions);

            StackExchange.using("externalEditor", function() {
            // Have to fire editor after snippets, if snippets enabled
            if (StackExchange.settings.snippets.snippetsEnabled) {
            StackExchange.using("snippets", function() {
            createEditor();
            });
            }
            else {
            createEditor();
            }
            });

            function createEditor() {
            StackExchange.prepareEditor({
            heartbeatType: 'answer',
            autoActivateHeartbeat: false,
            convertImagesToLinks: true,
            noModals: true,
            showLowRepImageUploadWarning: true,
            reputationToPostImages: 10,
            bindNavPrevention: true,
            postfix: "",
            imageUploader: {
            brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
            contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
            allowUrls: true
            },
            onDemand: true,
            discardSelector: ".discard-answer"
            ,immediatelyShowMarkdownHelp:true
            });


            }
            });














            draft saved

            draft discarded


















            StackExchange.ready(
            function () {
            StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53389999%2fspring-boot-microsoft-ad-authentication%23new-answer', 'question_page');
            }
            );

            Post as a guest















            Required, but never shown

























            1 Answer
            1






            active

            oldest

            votes








            1 Answer
            1






            active

            oldest

            votes









            active

            oldest

            votes






            active

            oldest

            votes









            0














            From a computer logged into the domain, a user can find the values for their account using whoami. Below shows the commands to get a user's sAMAccountName, userPrincipalName, and fully qualified distinguished name respectively. Active Directory uses all three of these as the username when authenticating via LDAP. 



            c:>whoami
            
mydomainlisa
            

            
c:>whoami /upn
            
lisa@mydomain.ccTLD
            

            
c:>whoami /fqdn
            
CN=Smith, Lisa,OU=GPOTest,OU=IT,OU=Company,DC=mydomain,DC=ccTLD





            share|improve this answer




























              0














              From a computer logged into the domain, a user can find the values for their account using whoami. Below shows the commands to get a user's sAMAccountName, userPrincipalName, and fully qualified distinguished name respectively. Active Directory uses all three of these as the username when authenticating via LDAP. 



              c:>whoami
              
mydomainlisa
              

              
c:>whoami /upn
              
lisa@mydomain.ccTLD
              

              
c:>whoami /fqdn
              
CN=Smith, Lisa,OU=GPOTest,OU=IT,OU=Company,DC=mydomain,DC=ccTLD





              share|improve this answer


























                0












                0








                0







                From a computer logged into the domain, a user can find the values for their account using whoami. Below shows the commands to get a user's sAMAccountName, userPrincipalName, and fully qualified distinguished name respectively. Active Directory uses all three of these as the username when authenticating via LDAP. 



                c:>whoami
                
mydomainlisa
                

                
c:>whoami /upn
                
lisa@mydomain.ccTLD
                

                
c:>whoami /fqdn
                
CN=Smith, Lisa,OU=GPOTest,OU=IT,OU=Company,DC=mydomain,DC=ccTLD





                share|improve this answer













                From a computer logged into the domain, a user can find the values for their account using whoami. Below shows the commands to get a user's sAMAccountName, userPrincipalName, and fully qualified distinguished name respectively. Active Directory uses all three of these as the username when authenticating via LDAP. 



                c:>whoami
                
mydomainlisa
                

                
c:>whoami /upn
                
lisa@mydomain.ccTLD
                

                
c:>whoami /fqdn
                
CN=Smith, Lisa,OU=GPOTest,OU=IT,OU=Company,DC=mydomain,DC=ccTLD






                share|improve this answer












                share|improve this answer



                share|improve this answer










                answered Dec 4 '18 at 16:14









                LisaJLisaJ

                770313




                770313
































                    draft saved

                    draft discarded




















































                    Thanks for contributing an answer to Stack Overflow!


                    • Please be sure to answer the question. Provide details and share your research!

                    But avoid



                    • Asking for help, clarification, or responding to other answers.

                    • Making statements based on opinion; back them up with references or personal experience.


                    To learn more, see our tips on writing great answers.




                    draft saved


                    draft discarded














                    StackExchange.ready(
                    function () {
                    StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53389999%2fspring-boot-microsoft-ad-authentication%23new-answer', 'question_page');
                    }
                    );

                    Post as a guest















                    Required, but never shown





















































                    Required, but never shown














                    Required, but never shown












                    Required, but never shown







                    Required, but never shown

































                    Required, but never shown














                    Required, but never shown












                    Required, but never shown







                    Required, but never shown







                    -

                    Popular posts from this blog

                    How to change which sound is reproduced for terminal bell?

                    Image
                    3 Recently upgrade to 18.10 from 18.04, and using the terminal is becoming annoying: the new alert sound is a drip ( /usr/share/sounds/gnome/default/alerts/drip.ogg ), and the previous one is still located at ( /usr/share/sounds/ubuntu/stereo/bell.ogg ). My issue is that at the gnome-terminal, when autocompleting or pressing left BOTH sounds are reproduced, at the same time. I want to just have ubuntu/stereo/bell.ogg active, not both . At the moment I have been only able to reduce the volume of the alerts (but still both are played), or turn the alerts down (but I dislike both "solutions"). gnome-terminal 18.10 teminal-bell share | improve this question
                    Read more

                    Title Spacing in Bjornstrup Chapter, Removing Chapter Number From Contents

                    Image
                    up vote 5 down vote favorite 2 I would like to make it so that the vertical space below the title of each chapter is the same when using the Bjornstrup package (i.e. so that the descenders do not affect the spacing - as shown by the red arrow in the picture below). I think I'm fairly happy with the spacing around "A chapter", so I'd really like titles without descenders (e.g. "Contents") to have the same vertical spacing as "A chapter" below the title. I would also like to remove the large "0" in the contents title. Any help appreciated, as always. documentclass[11pt,a4paper]{book} % Packages[![enter image description here][1]][1] usepackage[left=3.5cm, right=3.5cm, top=4.3cm, bottom=4.25cm]{geometry} usepackage[utf8]{inputenc} usepackage{libertine} usepackage[libertine]{newtx
                    Read more

                    Can I use Tabulator js library in my java Spring + Thymeleaf project?

                    Image
                    0 I want to add Tabulator js to my java project. I added tabulator.min.js, tabulator.min.css to resources folder. After that added to my html page these dependencies as recommending in readme.md. <link rel="stylesheet" th:href="@{/css/tabulator.min.css}"> <script type="text/javascript" th:src="@{/js/tabulator.min.js}"></script> Now my tables view all elements, that I have in the html page, but not correct. In the documentation of Tabulator is example how to create header and table, var table = new Tabulator("#example-table", { columns:[ {title:"Name", field:"name", sorter:"string", width:200, editor:true}, {title:"Age", field:"age", sorter:"
                    Read more