000029818 - Unable to login to ACM after editing a authentication source and BindDN account containing special characters

Document created by RSA Customer Support Employee on Jun 14, 2016Last modified by RSA Customer Support Employee on Apr 22, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000029818
Applies ToRSA Product Set: Identity Management and Governance
RSA Version/Condition: 6.9 and 6.9.1 GA
 
IssueUsers are unable to login on ACM after any of authentication source was edited.
Have Multiple authentication sources. 
Login and Password provided are valid.
No changes was made to the authentication source that now fails.
Authentication Sources failing are configured with BindDN contain backslash (eg:CN=serviceaccount\, Aveksa ,OU=System Accounts,OU=Accounts,DC=2k8r2-vcloud,DC=local)
Test button on the Authentication Source shows:
Unable to Login User: 
ERROR: Connection could not be established with the directory server with username: CN=aveksa\\\\, serviceaccount,OU=support,DC=2k8r2-vcloud,DC=local
Each time a authentication source is edited and saved (no changes required) the other authentication source will fail on test with double the number of backslashes for each save.
Just clicking on Test button (not Test login Button) BinDN already shows 4 backslashes
SUCCESS: Authentication Module:AD. JAAS Configuration found. 
JAAS configuration Information: 
    Login Module Name: com.aveksa.server.authentication.AveksaJndiLoginModule 
    Options: {UseSSL=No, AuthAccountAttribute=sAMAccountName, SearchFilterForAccounts=, jboss.security.security_domain=AD, ConnectionUrl=ldap://192.168.26.120:389, BindPassword=+h/Zj1dNwEh+, AccountSearchScope=2, AccountBaseDN=OU=support,DC=2k8r2-vcloud,DC=local, AccountSearchAttribute=sAMAccountName, BindDn=CN=aveksa\\\\, serviceaccount,OU=support,DC=2k8r2-vcloud,DC=local} 
    Control Flag: LoginModuleControlFlag: required 
Providing a valid login and password on the test screen that shows 4 backslashes will fail with 8 backslashes.
Unable to Login User:
ERROR: Connection could not be established with the directory server with username: CN=aveksa\\\\\\\\, serviceaccount,OU=support,DC=2k8r2-vcloud,DC=local
In log file will get message:
INFO  [com.aveksa.server.authentication.AuthenticationProviderServiceImpl] javax.security.auth.login.LoginException: Connection could not be established with the directory server with username: CN=aveksa\\\\\\\\, serviceaccount,OU=support,DC=2k8r2-vcloud,DC=local
CauseOn Active directory any special character need to be escaped with a backslash. 
Saving Authentication source are escaping the existing backslashes with more backslashing causing the BindDN to become invalid and causing the authentication failure.
ResolutionThis is a defect that has been submitted as Engineering ticket# ACM-53094.
WorkaroundModify each Authentication source and use and account that do not contain any special characters.

Attachments

    Outcomes