Jasper Server MS Active Directory Hang at Login

rsanborn_1 · November 2, 2015

I've been banging my head against this for two solid days. I'm trying to authenticate against Active Directory 2008 R2 using JasperServer 6.1 Community Edition. My External Auth config file is below (Mostly based on the sample provided and some of the notes from the cookbook). Domain structure is here for reference.
COM->DOMAIN->Accounts->Department1->User001
->Department2->User004

When I try to log in with built in credentials, I log right in. If I try to log in with bad domain credentials (no password) I get an appropriate error "Invalid credentials supplied. Could not login to JasperReports Server.".

Here is the puzzle, if I login with correct domain credentials, the login process hangs at a blank webpage with the URL: http://server_name:8080/jasperserver/j_spring_security_check. If I load the webpage again, it doesn't log me in, and if I login as jasperadmin, I don't see this user in the users section. If I check my domain controller, I see good logins though, so my domain controller is receiving the request, and sending back a login accepted message.

Please help! Whats going on!?

<list>

<!--anonymousAuthenticationProvider only needed if filterInvocationInterceptor.alwaysReauthenticate is set to true

</list>

</property>

</bean>

<constructor-arg>

<constructor-arg><ref local="ldapContextSource"/></constructor-arg>

</bean>

</constructor-arg>

<constructor-arg>

<constructor-arg index="0"><ref local="ldapContextSource"/></constructor-arg>

<constructor-arg index="1"><value></value></constructor-arg>

</bean>

</constructor-arg>

</bean>

<bean id="userSearch"

class="com.jaspersoft.jasperserver.api.security.externalAuth.wrappers.spring.ldap.JSFilterBasedLdapUserSearch">

<constructor-arg index="0">

</constructor-arg>

<constructor-arg index="1">

<value>(&(objectClass=user)(sAMAccountName={0}))</value>

</constructor-arg>

<constructor-arg index="2">

</constructor-arg>

</property>

</bean>

<constructor-arg value="ldap://DOMAIN_CONTROLLER:389/dc=DOMAIN,dc=COM"/>

</bean>

<bean id="externalDataSynchronizer"

class="com.jaspersoft.jasperserver.api.security.externalAuth.ExternalDataSynchronizerImpl">

<list>

</list>

</property>

</bean>

</bean>

<!--Default permitted role characters; others are removed. Change regular expression to allow other chars.

</property>

<list>

</list>

</property>

<map>

<entry>

<key>

<value>ROLE_ADMIN_EXTERNAL_ORGANIZATION</value>

</key>

<value>ROLE_ADMINISTRATOR</value>

</entry>

</map>

</property>

</bean>

bgrimal · May 6, 2016

Can't help you fix it, but I too have been trying to get AD logins working to no avail. Exactly the same problem - LDAP bind is successful, search for roles completes, then the session dies.

Here's log entries in case anyone has any hints:

DEBUG FilterChainProxy,http-nio-8080-exec-150:337 - /j_spring_security_check at position 1 of 20 in additional filter chain; firing Filter: 'SecurityContextPersistenceFilter'DEBUG HttpSessionSecurityContextRepository,http-nio-8080-exec-150:152 - HttpSession returned null object for SPRING_SECURITY_CONTEXTDEBUG HttpSessionSecurityContextRepository,http-nio-8080-exec-150:91 - No SecurityContext was available from the HttpSession: org.apache.catalina.session.StandardSessionFacade@42409942. A new one will be created.DEBUG FilterChainProxy,http-nio-8080-exec-150:337 - /j_spring_security_check at position 2 of 20 in additional filter chain; firing Filter: 'EncryptionFilter'DEBUG FilterChainProxy,http-nio-8080-exec-150:337 - /j_spring_security_check at position 3 of 20 in additional filter chain; firing Filter: 'JSDelegatingFilterProxy'DEBUG FilterChainProxy,http-nio-8080-exec-150:337 - /j_spring_security_check at position 4 of 20 in additional filter chain; firing Filter: 'MultipartRequestWrapperFilter'DEBUG FilterChainProxy,http-nio-8080-exec-150:337 - /j_spring_security_check at position 5 of 20 in additional filter chain; firing Filter: 'WebAppSecurityFilter'DEBUG FilterChainProxy,http-nio-8080-exec-150:337 - /j_spring_security_check at position 6 of 20 in additional filter chain; firing Filter: 'JSCsrfGuardFilter'DEBUG FilterChainProxy,http-nio-8080-exec-150:337 - /j_spring_security_check at position 7 of 20 in additional filter chain; firing Filter: 'StandardLoggingFilter'DEBUG FilterChainProxy,http-nio-8080-exec-150:337 - /j_spring_security_check at position 8 of 20 in additional filter chain; firing Filter: 'UserPreferencesFilter'DEBUG FilterChainProxy,http-nio-8080-exec-150:337 - /j_spring_security_check at position 9 of 20 in additional filter chain; firing Filter: 'JSDelegatingFilterProxy'DEBUG FilterChainProxy,http-nio-8080-exec-150:337 - /j_spring_security_check at position 10 of 20 in additional filter chain; firing Filter: 'JSDelegatingFilterProxy'DEBUG EncryptionAuthenticationProcessingFilter,http-nio-8080-exec-150:205 - Request is to process authenticationDEBUG ProviderManager,http-nio-8080-exec-150:152 - Authentication attempt using com.jaspersoft.jasperserver.api.security.externalAuth.wrappers.spring.ldap.JSLdapAuthenticationProviderDEBUG JSLdapAuthenticationProvider,http-nio-8080-exec-150:65 - Processing authentication request for user: myuserDEBUG FilterBasedLdapUserSearch,http-nio-8080-exec-150:107 - Searching for user 'myuser', with user search [ searchFilter: '(&(sAMAccountName={0})(memberOf=cn=Jasper_User,cn=users,dc=mydomain,dc=com))', searchBase: '', scope: subtree, searchTimeLimit: 0, derefLinkFlag: false ]DEBUG SpringSecurityLdapTemplate,http-nio-8080-exec-150:211 - Searching for entry under DN 'dc=mydomain,dc=com', base = '', filter = '(&(sAMAccountName={0})(memberOf=cn=Jasper_User,cn=users,dc=mydomain,dc=com))'DEBUG SpringSecurityLdapTemplate,http-nio-8080-exec-150:223 - Found DN: cn=My User,cn=UsersINFO SpringSecurityLdapTemplate,http-nio-8080-exec-150:229 - Ignoring PartialResultExceptionDEBUG BindAuthenticator,http-nio-8080-exec-150:108 - Attempting to bind as cn=My User,cn=Users,dc=mydomain,dc=comDEBUG JSLdapContextSource,http-nio-8080-exec-150:76 - Removing pooling flag for user cn=My User,cn=Users,dc=mydomain,dc=comDEBUG BindAuthenticator,http-nio-8080-exec-150:116 - Retrieving attributes...DEBUG DefaultLdapAuthoritiesPopulator,http-nio-8080-exec-150:182 - Getting authorities for user cn=My User,cn=Users,dc=mydomain,dc=comDEBUG DefaultLdapAuthoritiesPopulator,http-nio-8080-exec-150:211 - Searching for roles for user 'myuser', DN = 'cn=My User,cn=Users,dc=mydomain,dc=com', with filter (&(member={0})(objectclass=group)(cn=Jasper_User)) in search base ''DEBUG SpringSecurityLdapTemplate,http-nio-8080-exec-150:150 - Using filter: (&(member=cn=My User,cn=Users,dc=mydomain,dc=com)(objectclass=group)(cn=Jasper_User))DEBUG HttpSessionSecurityContextRepository,http-nio-8080-exec-150:304 - SecurityContext is empty or contents are anonymous - context will not be stored in HttpSession.DEBUG SecurityContextPersistenceFilter,http-nio-8080-exec-150:97 - SecurityContextHolder now cleared, as request processing completedDEBUG AntPathRequestMatcher,http-nio-8080-exec-150:145 - Checking match of request : '/500.html'; against '/xmla'DEBUG AntPathRequestMatcher,http-nio-8080-exec-150:145 - Checking match of request : '/500.html'; against '/services/**'DEBUG AntPathRequestMatcher,http-nio-8080-exec-150:145 - Checking match of request : '/500.html'; against '/rest/login'DEBUG AntPathRequestMatcher,http-nio-8080-exec-150:145 - Checking match of request : '/500.html'; against '/rest/**'DEBUG AntPathRequestMatcher,http-nio-8080-exec-150:145 - Checking match of request : '/500.html'; against '/rest_v2/**'DEBUG FilterChainProxy,http-nio-8080-exec-150:337 - /500.html at position 1 of 20 in additional filter chain; firing Filter: 'SecurityContextPersistenceFilter'DEBUG HttpSessionSecurityContextRepository,http-nio-8080-exec-150:152 - HttpSession returned null object for SPRING_SECURITY_CONTEXTDEBUG HttpSessionSecurityContextRepository,http-nio-8080-exec-150:91 - No SecurityContext was available from the HttpSession: org.apache.catalina.session.StandardSessionFacade@42409942. A new one will be created.DEBUG FilterChainProxy,http-nio-8080-exec-150:337 - /500.html at position 2 of 20 in additional filter chain; firing Filter: 'EncryptionFilter'DEBUG FilterChainProxy,http-nio-8080-exec-150:337 - /500.html at position 3 of 20 in additional filter chain; firing Filter: 'JSDelegatingFilterProxy'DEBUG FilterChainProxy,http-nio-8080-exec-150:337 - /500.html at position 4 of 20 in additional filter chain; firing Filter: 'MultipartRequestWrapperFilter'DEBUG FilterChainProxy,http-nio-8080-exec-150:337 - /500.html at position 5 of 20 in additional filter chain; firing Filter: 'WebAppSecurityFilter'DEBUG FilterChainProxy,http-nio-8080-exec-150:337 - /500.html at position 6 of 20 in additional filter chain; firing Filter: 'JSCsrfGuardFilter'DEBUG FilterChainProxy,http-nio-8080-exec-150:337 - /500.html at position 7 of 20 in additional filter chain; firing Filter: 'StandardLoggingFilter'DEBUG FilterChainProxy,http-nio-8080-exec-150:337 - /500.html at position 8 of 20 in additional filter chain; firing Filter: 'UserPreferencesFilter'DEBUG FilterChainProxy,http-nio-8080-exec-150:337 - /500.html at position 9 of 20 in additional filter chain; firing Filter: 'JSDelegatingFilterProxy'DEBUG FilterChainProxy,http-nio-8080-exec-150:337 - /500.html at position 10 of 20 in additional filter chain; firing Filter: 'JSDelegatingFilterProxy'DEBUG FilterChainProxy,http-nio-8080-exec-150:337 - /500.html at position 11 of 20 in additional filter chain; firing Filter: 'UserPreferencesFilter'DEBUG FilterChainProxy,http-nio-8080-exec-150:337 - /500.html at position 12 of 20 in additional filter chain; firing Filter: 'JSDelegatingFilterProxy'DEBUG FilterChainProxy,http-nio-8080-exec-150:337 - /500.html at position 13 of 20 in additional filter chain; firing Filter: 'JSDelegatingFilterProxy'DEBUG ProviderManager,http-nio-8080-exec-150:152 - Authentication attempt using com.jaspersoft.jasperserver.api.security.externalAuth.wrappers.spring.ldap.JSLdapAuthenticationProviderDEBUG JSLdapAuthenticationProvider,http-nio-8080-exec-150:65 - Processing authentication request for user: myuserDEBUG FilterBasedLdapUserSearch,http-nio-8080-exec-150:107 - Searching for user 'myuser', with user search [ searchFilter: '(&(sAMAccountName={0})(memberOf=cn=Jasper_User,cn=users,dc=mydomain,dc=com))', searchBase: '', scope: subtree, searchTimeLimit: 0, derefLinkFlag: false ]DEBUG SpringSecurityLdapTemplate,http-nio-8080-exec-150:211 - Searching for entry under DN 'dc=mydomain,dc=com', base = '', filter = '(&(sAMAccountName={0})(memberOf=cn=Jasper_User,cn=users,dc=mydomain,dc=com))'DEBUG SpringSecurityLdapTemplate,http-nio-8080-exec-150:223 - Found DN: cn=My User,cn=UsersINFO SpringSecurityLdapTemplate,http-nio-8080-exec-150:229 - Ignoring PartialResultExceptionDEBUG BindAuthenticator,http-nio-8080-exec-150:108 - Attempting to bind as cn=My User,cn=Users,dc=mydomain,dc=comDEBUG JSLdapContextSource,http-nio-8080-exec-150:76 - Removing pooling flag for user cn=My User,cn=Users,dc=mydomain,dc=comDEBUG BindAuthenticator,http-nio-8080-exec-150:116 - Retrieving attributes...DEBUG DefaultLdapAuthoritiesPopulator,http-nio-8080-exec-150:182 - Getting authorities for user cn=My User,cn=Users,dc=mydomain,dc=comDEBUG DefaultLdapAuthoritiesPopulator,http-nio-8080-exec-150:211 - Searching for roles for user 'myuser', DN = 'cn=My User,cn=Users,dc=mydomain,dc=com', with filter (&(member={0})(objectclass=group)(cn=Jasper_User)) in search base ''DEBUG SpringSecurityLdapTemplate,http-nio-8080-exec-150:150 - Using filter: (&(member=cn=My User,cn=Users,dc=mydomain,dc=com)(objectclass=group)(cn=Jasper_User))DEBUG HttpSessionSecurityContextRepository,http-nio-8080-exec-150:304 - SecurityContext is empty or contents are anonymous - context will not be stored in HttpSession.DEBUG SecurityContextPersistenceFilter,http-nio-8080-exec-150:97 - SecurityContextHolder now cleared, as request processing completed

jah.junk · June 27, 2016

Same issue here. Cant figure out what is not working.

I have everything configured pretty much the same. It seems to bind to LDAP, but then gets SecurityContext is empty... then blank page.

kkpan47 · August 8, 2016

I have been facing the same issue for a while.

Finally found the solution: add below property below the password tag for the LDAP authentication

<property name="referral" value="follow" />

olivedev · September 14, 2016

Hi,

I too have the same problem, and <property name="referral" value="follow" /> did not help, unfortunately.

It's very frustrating, I tried with Jasper 6.1.1, 6.2.0, and now 6.3, and on different machines, and still got the same result: the LDAP is user is found, all seems ok, but we're stuck at this j_spring_security_check page.

If someone has the solution to this, please reply.

Thanks.

olivedev · September 14, 2016

Hi,

I have it fixed now.

Here is my applicationContext-externalAuth-LDAP.xml file for Jasperserver Community 6.3:

http://pastebin.com/7f7p0bGz

I created JASPER_MANAGEMENT and JASPER_USER groups on my AD and added some users, it works fine.

Users are "WorkstationUsers" in "AccessGroups" on my domain and I used a "ServiceAccounts" for the domain connection.

pav · January 31, 2018

Looking at the original applicationContext-externalAuth-LDAP-mt.xml, there is no value in: <constructor-arg index="1"><value></value></constructor-arg> in the bean ldapAuthenticationProvider.

I fixed the same error by setting correct OU of goups I defined in AD.

Sign In

Jasper Server MS Active Directory Hang at Login

Recommended Posts

rsanborn_1

Link to comment

Share on other sites

Top Posters In This Topic

Popular Days

Top Posters In This Topic

Popular Days

bgrimal

Link to comment

Share on other sites

jah.junk

Link to comment

Share on other sites

kkpan47

Link to comment

Share on other sites

olivedev

Link to comment

Share on other sites

olivedev

Link to comment

Share on other sites

pav

Link to comment

Share on other sites

Create an account or sign in to comment

Create an account

Sign in

Activity

Products

Explore