8 Replies Latest reply: Apr 11, 2008 9:43 AM by (secbill) RSS

    Problem Authentication (Active Directory and Policy Server)

      I have configured LDAP on my policy server and while creating policies i can find list of users in my Active Directory

      But problem is that i m not able to login to policy server with my Active directory Users
      how to login I have tried several different method
      e.g
      Muhammad Amin/password
      muhammad.amin@mydomain.com/password
      but failed

      I have also enabled and try with both JAAS and Kerberos athentication
      but failed to connect with internal users.

      I can login with External Users which i created.

      Any Guru can help me to sort this porblem
        • 1. Re: Problem Authentication (Active Directory and Policy Server)
          Community Member
          Hi Muhammed,

          There are a couple of possible problems. Did you update your login-config.xml as described in the documentation? If so, you might want to double-check that is correct.

          If so, you should make sure the UID Attribute you have setup to use in Policy Server is the same as you are trying to login with.

          Can you post the exception you are getting in the server log?

          Hope this helps,

          -Bill
          • 2. Re: Problem Authentication (Active Directory and Policy Server)
            Community Member
            Hi Bill thanks for reply here is "JaasApp" is my application policy name---------

            2007-05-30 10:22:44,648 ERROR [com.adobe.edc.server.provider.authentication.JAASAuthProviderImpl] Thread: http-0.0.0.0-8443-Processor5, hashcode: 29520898 Inside JAASAuthProvider: Login Failed using the JAAS Application - JaasApp .. continue trying other auth providers
            2007-05-30 10:22:44,664 ERROR [com.adobe.edc.server.errors.exception.EDCServerLoggedException] Thread: http-0.0.0.0-8443-Processor5, hashcode: 29520898 [AuthenticationManagerBean] errorCode:513 errorCodeHEX:0x201 severity:1 message:None of the Auth Provider could authenticate the user. Authentication Failed chainedException:java.lang.Exception:

            Inside JAASAuthProvider: Login Failed using the JAAS Application - JaasApp .. continue trying other auth providerschainedExceptionMessage:Inside JAASAuthProvider: Login Failed using the JAAS Application - JaasApp .. continue trying other auth providers chainedException trace:java.lang.Exception: Inside JAASAuthProvider: Login Failed using the JAAS Application - JaasApp .. continue trying other auth providers
            • 3. Re: Problem Authentication (Active Directory and Policy Server)
              Community Member
              Caused by: javax.security.auth.login.FailedLoginException: Login incorrect
              at com.adobe.edc.server.provider.authentication.login.LDAPLoginModule.doAuthentication(LDAPL oginModule.java:419)
              at com.adobe.edc.server.provider.authentication.login.LDAPLoginModule.login(LDAPLoginModule. java:246)
              at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
              at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
              at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
              at java.lang.reflect.Method.invoke(Method.java:324)
              at javax.security.auth.login.LoginContext.invoke(LoginContext.java:675)
              at javax.security.auth.login.LoginContext.access$000(LoginContext.java:129)
              at javax.security.auth.login.LoginContext$4.run(LoginContext.java:610)
              at java.security.AccessController.doPrivileged(Native Method)
              at javax.security.auth.login.LoginContext.invokeModule(LoginContext.java:607)
              at javax.security.auth.login.LoginContext.login(LoginContext.java:534)
              at com.adobe.edc.server.provider.authentication.JAASAuthProviderImpl.invokeUsernamePwdModule (JAASAuthProviderImpl.java:138)
              • 4. Re: Problem Authentication (Active Directory and Policy Server)
                Community Member
                in login-config.xml I have have used sAMAccountName instead of UID
                • 6. Re: Problem Authentication (Active Directory and Policy Server)
                  Community Member
                  Well Jaas is working in my system well the problem was in a login-config.xml I made "searchUsingAnonymousBind" to false
                  and use bind user as shown below it works

                  false
                  cn=Administrator,cn=Users,dc=myDomainName,dc=COM

                  myadminpassword

                  and i can login with
                  User Name : muhammad.amin
                  Password  : mypassword
                  any suggestions
                  thanks
                  • 7. Re: Problem Authentication (Active Directory and Policy Server)
                    Can anyone tell me what are the security settings for Websphere 6.0 when using LDAPLoginModule.W hat should i select for Active Protocol ,Active authentication mechanism(SWAM or LTPA) and what should i select for Active user registry (Custom,LDAP or OS)
                    • 8. Re: Problem Authentication (Active Directory and Policy Server)
                      Community Member
                      Hi Prashant,

                      For WebSphere 6.0 its better to choose LTPA (Lightweight Third-Party Authentication); SWAM is deprecated in next WebSphere release. If the user after having received the LTPA token accesses a server that is a member of the same authentication configuration as the first server, and if the browsing session has not been terminated (the browser was not closed down), then the user is automatically authenticated and will not be challenged for a name and password. Such an environment is also called a Single-Sign-On (SSO) environment.
                      For Active user registry you would need to select LDAP

                      Hope this helps,

                      -Bill