Issue Description
Customer configured TIBCO JasperReports® Server to perform external authentication with LDAP server.
When the LDAP server is unavailable (due to shut down or network issues), customer can't login to TIBCO JasperReports® Server even as internal users (superuser, jasperadmin)
Resolution
The applicationContext-externalAuth-LDAP-mt.xml file contains the bean ldapAuthenticationManager
which lists the available authentication providers:
<bean id="ldapAuthenticationManager" class="com.jaspersoft.jasperserver.api.security.externalAuth.wrappers.spring.JSProviderManager"> <property name="providers"> <list> <ref local="ldapAuthenticationProvider"/> <ref bean="${bean.daoAuthenticationProvider}"/> </list> </property> </bean>[/code]
The providers in the list are invoked in the order they appear in the configuration file until one of them authenticates the user.
The rest of the providers are then skipped.
The final provider in the list, ${bean.daoAuthenticationProvider} authenticates against the jasperserver internal database.
By default, TIBCO JasperReports® Server performs authentication against LDAP server first.
If the server is unavailable, authentication process fails and users can't login even with internal accounts.
In order to workaround the issue, <ref bean="${bean.daoAuthenticationProvider}"/> bean should be placed first in the list:
<bean id="ldapAuthenticationManager" class="com.jaspersoft.jasperserver.api.security.externalAuth.wrappers.spring.JSProviderManager"> <property name="providers"> <list> <ref bean="${bean.daoAuthenticationProvider}"/> <ref local="ldapAuthenticationProvider"/> </list> </property> </bean>[/code]
Server restart required.
Solution tested with TIBCO JasperReports® Server v.7.1.0
AS-20190322
Recommended Comments
There are no comments to display.
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now