search

wolfd / pwm

PWM is an open source password self service application for LDAP directories. - exported from code.google.com/p/pwm
http://pwmdemo.weisberg.net/
0 stars 1 forks source link

Cannot Login using HTTP Headers when connected to Active Directory #564

Closed GoogleCodeExporter closed 9 years ago

GoogleCodeExporter commented 9 years ago 
What steps will reproduce the problem?
1. Setup HTTP Headers
2. Access PWM with the appropriate headers
3. Try Change Password
4. Enter in user password to Login

What is the expected output? What do you see instead?
I expect to see the Change Password page where I should be able to enter in my 
new password.

Instead I see the Login page again.

What version of PWM are you using?
1.7.1

What ldap directory and version are you using?
Active Directory - Windows Server 2003 Functional Level

Please paste any error log messages below:
PWM Logs
2014-05-01 12:07:10, util.Helper, creating new chai provider using config of 
ChaiConfiguration: locked=false settings: 
{chai.bind.URLs=ldaps://activedirectory.corptest.co.nz:636,, 
chai.bind.dn=CN=Kumar\, Bhavik,OU=Organisation,OU=Users,OU=New 
Zealand,DC=corptest,DC=local, chai.bind.password=**stripped**, 
chai.cache.enable=false, chai.cache.maximumSize=128, 
chai.cache.maximumAge=1000, chai.statistics.enable=true, 
chai.watchdog.enable=true, chai.watchdog.operationTimeout=60000, 
chai.watchdog.idleTimeout=30000, chai.watchdog.disableIfPwExpired=true, 
chai.connection.watchdog.frequency=60000, chai.connection.promiscuousSSL=false, 
chai.wireDebug.enable=false, chai.failover.enable=true, 
chai.failover.failBackTime=90000, chai.failover.connectRetries=4, 
chai.ldap.dereferenceAliases=never, chai.ldap.ldapTimeout=5000, 
chai.ldap.followReferrals=false, 
chai.provider.implementation=com.novell.ldapchai.provider.JNDIProviderImpl, 
chai.edirectory.enableNMAS=false, 
chai.provider.extendedOperation.failureCache=true, 
chai.provider.readonly=false, chai.vendor.default=, 
chai.provider.jndi.enablePool=true, chai.crsetting.caseInsensitive=true, 
chai.crsetting.allowDuplicateResponses=false, 
chai.crsetting.defaultFormatType=SHA1_SALT, chai.cr.chai.attributeName=comment, 
chai.cr.chai.recordId=0002, chai.cr.chai.saltCount=100000, 
chai.ad.setPolicyHintsOnPwSet=false}
2014-05-01 12:07:10, operations.UserAuthenticator, {e,Kumar, Bhavik} successful 
ssl authentication for CN=Kumar\, Bhavik,OU=Organisation,OU=Users,OU=New 
Zealand,DC=corptest,DC=local (150ms) [10.65.101.13/]
2014-05-01 12:07:10, servlet.TopServlet, attempt to access functionality 
requiring password authentication, but password not yet supplied by actor, 
forwarding to password Login page
2014-05-01 12:07:10, servlet.TopServlet, {e,Kumar, Bhavik} user is 
authenticated without a password, redirecting to login page [10.65.101.13/]
2014-05-01 12:07:10, pwm.SessionFilter, {e,Kumar, Bhavik} GET request for: 
/sps/private/Login (no params)  [10.65.101.13/]

Added logging to the suspected class and this is what got printed out.
password.pwm.error.PwmUnrecoverableException: 5062 ERROR_PASSWORD_REQUIRED
        at password.pwm.SessionManager.getChaiProvider(SessionManager.java:111)
        at password.pwm.util.operations.UserStatusHelper.populateActorUserInfoBean(UserStatusHelper.java:166)
        at password.pwm.util.operations.UserAuthenticator.postAuthenticationSequence(UserAuthenticator.java:397)
        at password.pwm.util.operations.UserAuthenticator.authenticateUser(UserAuthenticator.java:107)
        at password.pwm.servlet.LoginServlet.processRequest(LoginServlet.java:90)
        at password.pwm.servlet.TopServlet.handleRequest(TopServlet.java:83)
        at password.pwm.servlet.TopServlet.doPost(TopServlet.java:158)
        at javax.servlet.http.HttpServlet.service(HttpServlet.java:646)
        at javax.servlet.http.HttpServlet.service(HttpServlet.java:727)
        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:303)
        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
        at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)
        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
        at password.pwm.AuthenticationFilter.processAuthenticatedSession(AuthenticationFilter.java:139)
        at password.pwm.AuthenticationFilter.doFilter(AuthenticationFilter.java:78)
        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
        at password.pwm.SessionFilter.processFilter(SessionFilter.java:224)
        at password.pwm.SessionFilter.doFilter(SessionFilter.java:90)
        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
        at password.pwm.GZIPFilter.doFilter(GZIPFilter.java:45)
        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
        at password.pwm.ApplicationModeFilter.doFilter(ApplicationModeFilter.java:63)
        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
        at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:220)
        at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:122)
        at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:170)
        at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:98)
        at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:950)
        at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:116)
        at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:408)
        at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1040)
        at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:607)
        at org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:315)
        at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
        at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
        at java.lang.Thread.run(Thread.java:744)

----

I think the bug is with line 166 of UserStatusHelper
final ChaiProvider provider = pwmSession.getSessionManager().getChaiProvider();

It should be final ChaiProvider provider = 
pwmSession.getSessionManager().getChaiProvider(userDN, userCurrentPassword);

Original issue reported on code.google.com by bhav...@datacom.co.nz on 1 May 2014 at 3:04

GoogleCodeExporter commented 9 years ago 
The lines which required modification where in UserStatusHelper class.

Original comment by bhav...@datacom.co.nz on 1 May 2014 at 3:16

GoogleCodeExporter commented 9 years ago

Original comment by jrivard on 1 May 2014 at 5:16