kent.josefsen

Okay, you're welcome. Another workaround might be to reverse the order in which the providers are invoked so that the internal provider is invoked before the LDAP authentication, like so: <bean id="ldapAuthenticationManager" class="com.jaspersoft.jasperserver.api.security.externalAuth.wrappers.spring.JSProviderManager"> <constructor-arg index="0"> <list> <ref bean="${bean.daoAuthenticationProvider}"/> <ref bean="ldapAuthenticationProvider"/> </list> </constructor-arg> </bean> but I have not tested if it works.

I found a possible workaround by modifying the following section in applicationContext-externalAuth-LDAP.xml: <bean id="ldapAuthenticationManager" class="com.jaspersoft.jasperserver.api.security.externalAuth.wrappers.spring.JSProviderManager"> <constructor-arg index="0"> <list> <ref bean="ldapAuthenticationProvider"/> <!--<ref bean="${bean.daoAuthenticationProvider}"/>--> <!--anonymousAuthenticationProvider only needed if filterInvocationInterceptor.alwaysReauthenticate is set to true <ref bean="anonymousAuthenticationProvider"/>--> </list> </constructor-arg> </bean> I commented out the usage of daoAuthenticationProvider. This solves the issue with the error 500 message, but it also means that the login for the internal jasperadmin account is disabled.

I also have the same issue with my LDAP setup. Here are the steps to reproduce: Sign in first time with LDAP username and wrong password (Ok) Sign in with LDAP username and correct password (Ok) Sign out (Ok) Sign in with LDAP username and wrong password (Exception) The problem happens when the user has already been synchronized with the internal database (externally defined) and then try to sign in with the wrong password. I have included the Tomcat server log and LDAP configuration file. The jasperserver.log was empty. applicationContext-externalAuth-LDAP.xml localhost.2024-03-06.log