Community

Subscribe
Highlighted

First LDAP connection failed then works...

Hello,

I have a strange problem with all my 5 WFA servers connected to Active Directory for authentication.

When a user try to log on for the first time since the browser was open, the authentication failed with the message : "The username or password is incorrect"

If the user retry one more time, the authentication works fine.

I have the same problem on different servers connected to different domains. All are Windows 2008 R2.

THe logon failure generates the following message on the server.log (nothing on wfa_ldap.log) :

2013-04-08 17:45:29,603 BST ERROR [org.jboss.web.tomcat.security.JBossWebRealm] (http-0.0.0.0-80-4) Error during authenticate

java.lang.IllegalStateException: Security Context has not been set

at org.jboss.web.tomcat.security.SecurityAssociationActions$SetPrincipalInfoAction.run(SecurityAssociationActions.java:70)

at java.security.AccessController.doPrivileged(Native Method)

at org.jboss.web.tomcat.security.SecurityAssociationActions.setPrincipalInfo(SecurityAssociationActions.java:270)

at org.jboss.web.tomcat.security.JBossWebRealm.authenticate(JBossWebRealm.java:388)

at org.apache.catalina.authenticator.FormAuthenticator.authenticate(FormAuthenticator.java:258)

at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:417)

at org.jboss.web.tomcat.security.JaccContextValve.invoke(JaccContextValve.java:92)

at org.jboss.web.tomcat.security.SecurityContextEstablishmentValve.process(SecurityContextEstablishmentValve.java:126)

at org.jboss.web.tomcat.security.SecurityContextEstablishmentValve.invoke(SecurityContextEstablishmentValve.java:70)

at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)

at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)

at org.jboss.web.tomcat.service.jca.CachedConnectionValve.invoke(CachedConnectionValve.java:158)

at org.apache.catalina.authenticator.SingleSignOn.invoke(SingleSignOn.java:383)

at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)

at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:330)

at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:829)

at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:598)

at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:447)

at java.lang.Thread.run(Thread.java:722)

Any help will be appreciated.

Thanks,

Julien

Re: First LDAP connection failed then works...

I am also experiencing this issue. Hopefully somebody from the WFA team can provide some insight on how to resolve this.

Re: First LDAP connection failed then works...

Hi Julien and Dan,

     I'm unable to reproduce the problem with the information you have given. Can you provide a bit more detail into this?

1. What the are login attributes you are using? Are they same as what's provide in default setup?

2. How are you trying to login? Is it by "DOMAIN\username" or just "username"

Re: First LDAP connection failed then works...

Hello sinhaa,

1. My configuration uses 2 Active Directory servers with FQDN name. I tried with IP address with no luck. (Screen capture attached). Servers are separated by comma.

2. We are using DOMAIN\username to login.

Thanks,

Julien

Re: First LDAP connection failed then works...

Nothing looks wrong here. But with similar configuration, I'm still unable to hit this problem. I need some more information.

Does it happen all the time? I mean every single time you try to login as an LDAP user, the first attempt will necessarily fail and the second one will pass. Is this correct?

Does it happen for all the users or a users in a specific WFA User group?

What browser are you using? Do you suspect any old browser cache causing it perhaps? Clear browser cache and try.

Is you LDAP configured over SSL?

Re: First LDAP connection failed then works...

What version of Jboss does WFA run?

OnCommand Insight had something similar. Ultimately the fix was to tweak the login-config.xml file

Re: First LDAP connection failed then works...

Yes, this happens all the time.

We have only two types of users Admin and Operator and we have the problem on both.

We are using Internet Explorer 8.0.7601.17514 & 9.0.8112.16421 and Firefox 17.0.1

I still have the problem when clearing the browser cache.

Yes my AD is configured for SSL

Thanks,

Julien

Re: First LDAP connection failed then works...

Looks to be JBoss 5.1.0.GA according to the Release Notes installed..

Re: First LDAP connection failed then works...

Hi Sinhaa,

1. Login Attributes ->

2. We are logging in using "DOMAIN\username"

This issue happens every single time a user logs in.

Thanks,

Dan

Re: First LDAP connection failed then works...

Hi ostiguy,

     Can you suggest what tweak was required to be done?