Hello,
i’m currently trying to integrate the LdapIdentityProviderPlugin in our Process-Engine and can’t figure out what is missing to login the User after a successfull authentication against LDAP.
When i start up the Application, i see that the AdministratorAuthorizationPlugin Plugin is granting access to the User i have configured:
2019-10-08 09:57:46.590 INFO 18332 --- [ main] org.camunda.bpm.engine.plugin.admin : ENGINE-19002 GRANT user hv16911 ALL permissions on resource Application.
2019-10-08 09:57:46.595 INFO 18332 --- [ main] org.camunda.bpm.engine.plugin.admin : ENGINE-19002 GRANT user hv16911 ALL permissions on resource User.
2019-10-08 09:57:46.598 INFO 18332 --- [ main] org.camunda.bpm.engine.plugin.admin : ENGINE-19002 GRANT user hv16911 ALL permissions on resource Group.
…
When i login into the Webapplication with that configured User, i see that LDAP is returning its Data (i have removed the Details out of the Response):
2019-10-08 09:58:57.846 DEBUG 18332 --- [nio-8080-exec-7] org.camunda.bpm.identity.impl.ldap : LDAP-00006 LDAP user query results: [LdapUserEntity[id=hv16911, revision=0, firstName=hv16911, lastName=Testuser02, email=null, password=null, salt=null, lockExpirationTime=null, attempts=0] based on cn=hv16911: null:null:{givenname=givenName: Projekt-KLuB, d sn=sn: Testuser02, personaltitle=personalTitle: Frau, uid=uid: hv16911, objectclass=objectClass: top, person, devkperson, inetOrgPerson, organizationalPerson, devkfaxtk, account, ........ ]
But the login fails, with the error message: Login Failed : Unauthorized.
I’m not sure what exactly to look for, any help would be highly appriciated.
Here is the Code im using (Spring Boot, embedded Database for testing):
@Configuration
public class LDAPIntegrationConfig {
@Bean
public static ProcessEnginePlugin strongUUIDGenerator() {
return new ProcessEnginePlugin() {
@Override
public void preInit(ProcessEngineConfigurationImpl processEngineConfiguration) {
processEngineConfiguration.setIdGenerator(new StrongUuidGenerator());
}
@Override
public void postInit(ProcessEngineConfigurationImpl processEngineConfiguration) {
}
@Override
public void postProcessEngineBuild(ProcessEngine processEngine) {
}
};
}
@Bean
@Order(Ordering.DEFAULT_ORDER + 2)
public static LdapIdentityProviderPlugin ldapIdentityProviderPlugin(){
LdapIdentityProviderPlugin plugin = new LdapIdentityProviderPlugin();
plugin.setServerUrl("ldap://xxxxxxxx:389");
plugin.setAcceptUntrustedCertificates(false);
plugin.setAllowAnonymousLogin(true);
plugin.setUseSsl(false);
plugin.setSecurityAuthentication("simple");
// user-spezifische Einstellungen
plugin.setUserSearchBase("ou=people,dc=xxxx,dc=de");
plugin.setUserSearchFilter("(objectClass=person)");
plugin.setUserIdAttribute("uid"); //cn?uid?
plugin.setUserFirstnameAttribute("cn");
// gruppen-spezifische Einstellungen
plugin.setGroupSearchBase("ou=wasgruppen,ou=rechte,dc=xxxxxx,dc=de");
plugin.setGroupSearchFilter("(objectclass=*)");
plugin.setGroupNameAttribute("cn");
plugin.setGroupMemberAttribute("uniqueMember"); //cn?? //uniqueMember??
return plugin;
}
@Bean
@Order(Ordering.DEFAULT_ORDER + 1)
public static AdministratorAuthorizationPlugin administratorAuthorizationPlugin(){
AdministratorAuthorizationPlugin plugin = new AdministratorAuthorizationPlugin();
plugin.setAdministratorUserName("hv16911"); //User-id available in the ldap server
return plugin;
}
}