Authentication is not possible on an wiki where the Active Directory app has went through an upgrade process

[AndreeaChi]

On a local XWiki 13.4.5 Jetty+HSQL, Windows 10 I did the following:

• I have set in xwiki.cfg two lines (the workaround presented on ticket 47 ) xwiki.authentication.authclass=org.xwiki.contrib.ldap.XWikiLDAPAuthServiceImpl xwiki.authentication.ldap.trylocal=1
• I started the XWiki server
• I installed Active Directory app 1.11.1 and generated a trial license
• I upgraded to 1.13
• I upgraded to 1.13.1
• I have configured a new user details
• Test connection was successful
• on an incognito Chrome tab I have tried to connect with the newly configured user and I got Invalid Credentials

I tried uninstalling the upgraded AD 1.13.1 app and then to reinstall it directly at version 1.13.1, but there are some leftovers that continue to interfere, the authentication with an AD user is still not possible.

On a second 13.4.5 local Jetty+HSQL, Windows:

• I have set in xwiki.cfg two lines xwiki.authentication.authclass=org.xwiki.contrib.ldap.XWikiLDAPAuthServiceImpl xwiki.authentication.ldap.trylocal=1
• I started the XWiki server
• I installed Active Directory app 1.13.1 and generated a trial license
• I have configured a new user details
• Test connection was successful
• on an incognito Chrome tab I have tried to connect with the newly configured user and it was successful

[AndreeaChi]

I have done some new tests on a fresh 13.4.5 Jetty+HSQL, using Chrome 95 version.

First test - starting from AD 1.11.1 and upgrading it to 1.13:

1. Logged in with the Admin account
2. Installed AD 1.11.1 and configured with a known server and user used by the QA team at XWiki SAS.
3. Click on Save and then tested the connection and it was successful.
4. On an Incognito tab, I logged successfully with the AD user and then I logged out.
5. Back to the page where I was logged in with the Admin account, I upgraded the AD app to version 1.13
6. During the app upgrade process, I saw a notification with a number of checked pages. I left them checked and I clicked on Continue to finish.
7. I tried again "Test Connection" and it was a success.
8. I tried to log in again on an incognito tab with the known AD user and it was without success.
9. I restarted the xwiki server.
10. I tried to log in again on an incognito tab with the known AD user and it was a success.

Second test - the same 13.4.5 Jetty, this time continuing with an upgrade to 1.13.1:

1. Logged with Admin, I upgraded the AD app from 1.13 to 1.13.1
2. No notifications to pause the process.
3. On an incognito tab, I was not able to connect with the known AD user.
4. I restarted the xwiki server.
5. I logged in on an incognito tab with the known user.

Logs showing the restart action, I have upgraded the app the LDAP authentication failed: logs.txt

[oanat]

I have also reproduced the issue locally on XWiki 13.9 with an upgrade for Active Directory app from 1.11.1 to 1.13.1: Here is the error from the logs:

2021-11-18 19:13:29,545 [qtp1307904972-19 - http://localhost:8080/xwiki/bin/loginsubmit/XWiki/XWikiLogin] DEBUG x.c.l.XWikiLDAPAuthServiceImpl - The provided user is null. We don't try to authenticate, it probably means the user is in non logged mode. 
2021-11-18 19:13:29,547 [qtp1307904972-19 - http://localhost:8080/xwiki/bin/loginsubmit/XWiki/XWikiLogin] DEBUG o.x.c.l.XWikiLDAPConfig        - remoteUserParser: null 
2021-11-18 19:13:29,568 [qtp1307904972-19 - http://localhost:8080/xwiki/bin/loginsubmit/XWiki/XWikiLogin] DEBUG o.x.c.l.XWikiLDAPConfig        - ldap_group_classes: [groupofnames, posixgroup, apple-group, groupofuniquenames, dynamicgroup, groupwisedistributionlist, group, dynamicgroupaux] 
2021-11-18 19:13:29,580 [qtp1307904972-19 - http://localhost:8080/xwiki/bin/loginsubmit/XWiki/XWikiLogin] DEBUG o.x.c.l.XWikiLDAPConfig        - ldap_group_memberfields: [uniquemember, memberuid, member] 
2021-11-18 19:13:29,583 [qtp1307904972-19 - http://localhost:8080/xwiki/bin/loginsubmit/XWiki/XWikiLogin] DEBUG x.c.l.XWikiLDAPAuthServiceImpl - LDAP authentication failed: LDAP not activ 
2021-11-18 19:13:29,583 [qtp1307904972-19 - http://localhost:8080/xwiki/bin/loginsubmit/XWiki/XWikiLogin] DEBUG x.c.l.XWikiLDAPAuthServiceImpl - Trying authentication against XWiki DB 
2021-11-18 19:13:29,584 [qtp1307904972-19 - http://localhost:8080/xwiki/bin/loginsubmit/XWiki/XWikiLogin] DEBUG x.c.l.XWikiLDAPAuthServiceImpl - LDAP authentication failed for user [TestUser] 
2021-11-18 19:13:29,584 [qtp1307904972-19 - http://localhost:8080/xwiki/bin/loginsubmit/XWiki/XWikiLogin] WARN  nticationFailureLoggerListener - Authentication failure with login [TestUser] 
2021-11-18 19:13:29,587 [qtp1307904972-19 - http://localhost:8080/xwiki/bin/loginsubmit/XWiki/XWikiLogin] DEBUG x.c.l.XWikiLDAPAuthServiceImpl - XWikiUser: null

A server restart fixed the issue.

[acotiuga]

This issue duplicates https://github.com/xwikisas/application-activedirectory/issues/47. It is affected by the same improvement https://jira.xwiki.org/browse/XWIKI-16909, has the same fix in https://jira.xwiki.org/browse/XWIKI-19107 (in XWiki 13.10) and the same workaround works in XWiki 13.2 to XWiki 13.9: restarting the server after upgrade.