I need to do NTLM authentication over LDAP protocol. For this I am trying to use Unbound ID LDAP SDK and jcifs-ng together. Everything works fine if domain controllers doesn't require LDAP signing (integrity check). If LDAP signing is enabled, code fails with message
The server requires binds to turn on integrity checking if SSL\TLS are
not already active on the connection
If I use NtlmFlags.NTLMSSP_NEGOTIATE_SIGN flag for Type3Message, code fails with following message ( even if LDAP Signing is disabled in domain controller )
resultCode :: 49 (invalid credentials) resultCode :: 80090302:
LdapErr: DSID-0C090588, comment: AcceptSecurityContext error, data 1, v2580
Please point me to any other way or the mistake in my approach to construct Type3Message properly. Thanks in advance.
NTLM signing was achieved using apache httpclient library instead of using jcifs-ng
Related
I am pretty new into web development. Currently I am trying to do an Form Based Authentication on my Jakarta app. I managed to create a realm on Glassfish 6.0.0 and to integrate it on the web.xml descriptor. I managed to make the Basic Authentication work, but when I try it to change to Form Authentication I get an 403 status code ever time I want to login. I got the following error every time I send a POST request to j_security_check with good credentials, along with 403 status code:
***WEB9102: Web Login Failed:
com.sun.enterprise.security.auth.login.common.LoginException
: Login failed: Security Exception*** which doesn't say to much for me.
I wanted to create an Form Authentication in order to use j_security_check to login using form-data format from Postman. If I can not do this, is there a way to create a custom endpoint to send a request in order to authenticate?
I found out a method to do what I needed for the moment. I just sent parameters in URL. For now it is perfect, even though the security suffer with this method.
I have a question regarding SQL Server Reporting Services 2019:
We have received a HTTPS-certificate and added a URL for both Web Service and Web Portal. When we try to access either /Reports or /ReportServer on HTTP we can get through with no problem, but when we try to access on HTTPS then we are met with a logon dialog which will give three attempts at log on before displaying a white page. All attempts at entering a valid combination of user name and password returns a 401 error.
We've tried removing and reinserting all bindings for HTTP, HTTPS, SSL, changing logon mechanism in the config file to use Kerberos, NTLM or a combination of those but nothing works.
Does anyone what the source of this problem might be and how to solve it?
We figured out what the problem was. Authentication issues did not behave the same for HTTP and HTTPS. My test user wasn't a member of the correct user group. Once we gave it "System User" access then we could log in.
I have integrated the CAS server with Keycloak version 12.0.4. When I go to the CAS login page it redirects me to the keycloak login successfully.
After entering the valid credentials in the keycloak page, it provides an error in the cas logs which is mentioned below:
2021-05-12 08:51:41,865 WARN
[org.pac4j.oidc.credentials.authenticator.OidcAuthenticator] -
<Preferred token endpoint Authentication method: null not available.
Defaulting to: private_key_jwt
Can someone tell me if I'm missing any configuration?
Seems the CAS was not able to take the properties from the cas.properties. I changed the class OidcAuthenticator in the cas package to choose the method "client_secret_basic" manually. After doing this change it's working fine.
I have a FileMaker application which pulls Jobs (and clients etc) from servicem8 using the API. As its a private application I just use username/password in the GET_URL. It usually works, but now and then will not login correctly, and I get the message:
- "Authorisation Required"
Restarting FileMaker and/or pasting the URL directly into a browser then trying again seems to resolve the problem.
The only other consistent behaviour seems to be that once it fails once, it will not work again until I restart as above.
Anyone found similar issues or have any ideas?
For Private applications servicem8 uses HTTP Basic Authentication. You can try to reset cached request by calling the same url from FileMaker with a different, but incorrect username and password and then repeating the original request with correct credentials.
servicem8 documentation uses curl for authentication examples and I think this will work better. To implement curl you will need a plugin, like BaseElements or MBS, although on a mac curl could be called through AppleScript.
Try using
BE_Curl_Set_Option ( "CURLOPT_HTTPAUTH" ; 1 )
From This BaseElements help article, we can be sure that Basic clearly isn't the default method:
BE_Curl_Set_Option ( "CURLOPT_HTTPAUTH" ; 1 ) forces Basic auth for
some sites that won't work with the defaults.
ServiceM8 will work consistently with basic auth for private applications as you say, but there are other authentications that will only work when other valid session data is present, which can be misleading when it works at times and not others.
I have a Mule application which uses the Salesforce connector.
When I started developing this application, I first used oAuth to connect to Salesforce, but it kept giving me the following error: Invalid Session ID found in SessionHeader: Illegal Session. Session not found, missing session key: <key>, so I switched to basic authentication for Salesforce.
This has worked great, but now, after some time, the application still throws the Invalid Session ID found in SessionHeader: Illegal Session. Session not found, missing session key: <key> error.
This is unexpected behaviour, since each request contains the username, password and secret token.
It looks to me like some old version is in the Mule cache or something, which makes it want to use the oAuth method again. Is this a possibility?
Any ideas on how to fix this?
#Sytze You need to check the flag in the Salesforce connector for all applications sharing the same user credentials to Disable session invalidation (disableSessionInvalidation="true"). What is likely happening is one of your other applications is invalidating the session while your current app still believes its active.
In the connector configuration , check for the correct Token code ( generated via sfdc ) .
Update the latest code and try again
Your security token that you add with your password while calling it would have expired. Create a new token for you account/email-id in salesforce and use that and it should work
Best would be to use the oAuth to call salesforce.