search

mitreid-connect / OpenID-Connect-Java-Spring-Server

An OpenID Connect reference implementation in Java on the Spring platform.
Other
1.47k stars 767 forks source link

OpenID Connect with OpenLDAP #1582

Open pipa1985 opened 1 year ago

pipa1985 commented 1 year ago

Hello, I was able to install OpenID Connect by following the instructions given here leaving everything on default. Now I want to use an LDAP directory so here is how I intend to proceed. Please tell me if this is correct. Personally, I'm thinking of installing OpenLDAP first, then downloading ldap-openid-connect-server and modifying the user-context.xml file to point to my LDAP server, and finally use the commands mvn package and mvn jetty:run-war to build and deploy the server. Is it correct ? I'm really not an expert.

pipa1985 commented 1 year ago

Hello, I installed ldap overlay and the execution of the two commands mvn package and mvn jetty:run-war did not generate any error. But when I try to access the link: http://localhost:8080/ldap-openid-connect-server/ It shows a 404 error:

**Error 404 Not Found

There was an error processing your request.

Not Found**

Knowing that OpenLDAP and OpenID Connect are installed on the same machine Do you have an idea of what it could be, I will really appreciate your help because I am completely lost. I am using Jetty

pipa1985 commented 1 year ago

This link works with tomcat, however, when I try to login with an LDAP account It shows me the following message: The system was unable to log you in. Please try again. The only error in catalina.out is the following: INFO : org.mitre.openid.connect.config.JsonMessageSource - No locale loaded, trying to load from ServletContext resource [/resources/js/locale/fr/messages.json] [2022-09-08 09:25:33] [info] ERROR: org.mitre.openid.connect.config.JsonMessageSource - Unable to load locale [2022-09-08 09:25:33] [info] java.io.FileNotFoundException: Could not open ServletContext resource [/resources/js/locale/fr/messages.json]

Maybe I misconfigured the user-context.XML file, can you please check: **

    <security:ldap-server url="ldap://192.168.43.118:389/dc=my-university,dc=dz" />

    <bean id="ldapAuthProvider" class="org.springframework.security.ldap.authentication.LdapAuthenticationProvider">
            <constructor-arg>
                    <bean class="org.springframework.security.ldap.authentication.BindAuthenticator">
                            <constructor-arg ref="contextSource" />
                            <property name="userDnPatterns">
                                    <list>
                                            <value>uid={0}</value>
                                    </list>
                            </property>
                    </bean>
            </constructor-arg>
            <constructor-arg>
                    <bean class="edu.mit.kit.userdetails.MappedLdapAuthoritiesPopulator">
                            <property name="admins">
                                    <set>
                                            <!-- list admin usernames here -->
                                    </set>
                            </property>
                    </bean>
            </constructor-arg>
    </bean>

    <bean id="contextSource" class="org.springframework.ldap.core.support.LdapContextSource">
            <property name="url" value="ldap://192.168.43.118:389" />
            <property name="base" value="dc=my-university,dc=dz" />
    </bean>

    <bean id="ldapTemplate" class="org.springframework.ldap.core.LdapTemplate">
            <constructor-arg name="contextSource" ref="contextSource" />
    </bean>

    <bean id="ldapUserInfoRepository" primary="true" class="edu.mit.kit.repository.impl.LdapUserInfoRepository">
            <property name="ldapTemplate" ref="ldapTemplate" />
    </bean>

    <!-- end LDAP -->**
pipa1985 commented 1 year ago

Can the LDAP server and OpenID Connect be in the same server

pipa1985 commented 1 year ago

Actually there was a problem in the LDAP schema. The problem is solved. Bellow my configuration. Now I have a problem to connect OpenID Connect with Moodle, but I prefer to open a new post

<security:ldap-server url="ldap://192.168.43.118:389/dc=my-university,dc=dz" />

<bean id="ldapAuthProvider" class="org.springframework.security.ldap.authentication.LdapAuthenticationProvider">
        <constructor-arg>
                <bean class="org.springframework.security.ldap.authentication.BindAuthenticator">
                        <constructor-arg ref="contextSource" />
                        <property name="userDnPatterns">
                                <list>
                                        <value>uid={0},ou=people</value>
                                </list>
                        </property>
                </bean>
        </constructor-arg>
        <constructor-arg>
                <bean class="edu.mit.kit.userdetails.MappedLdapAuthoritiesPopulator">
                        <property name="admins">
                                <set>
                                        <!-- list admin usernames here -->
                                         <value>me</value>
                                </set>
                        </property>
                </bean>
        </constructor-arg>
</bean>

<bean id="contextSource" class="org.springframework.ldap.core.support.LdapContextSource">
        <property name="url" value="ldap://192.168.43.118:389" />
        <property name="base" value="dc=my-university,dc=dz" />
</bean>

<bean id="ldapTemplate" class="org.springframework.ldap.core.LdapTemplate">
        <constructor-arg name="contextSource" ref="contextSource" />
</bean>

<bean id="ldapUserInfoRepository" primary="true" class="edu.mit.kit.repository.impl.LdapUserInfoRepository">
        <property name="ldapTemplate" ref="ldapTemplate" />
</bean>

<!-- end LDAP -->