AnsweredAssumed Answered

"User Principal cannot be created" Error

Question asked by Sirisha Bomma on Oct 28, 2019
Latest reply on Nov 5, 2019 by Ian Staines

Related to the auth source - everything was working fine till I introduced a third auth source. Here is the scenario:

Added 2nd auth source with one AD domain - worked fine with domain\sAMAccountName 

Added 3rd auth source with another AD domain (default) - worked fine but the second auth source started failing with below error:

10/25/2019 12:49:48.388 ERROR (default task-7) [com.aveksa.server.authentication.AveksaJndiLoginModule] Attribute could not be retrieved method=Authenticate domain\sAMAccountName
10/25/2019 12:49:48.389 INFO (default task-7) [com.aveksa.server.authentication.AuthenticationProviderServiceImpl] javax.security.auth.login.LoginException: User Principal cannot be created.

 

Looks the authentication was successful but then errors out.I setup debug logging:

New AD authentication (3rd - working fine)
10/25/2019 13:15:29.316 DEBUG (default task-8) [com.aveksa.server.authentication.AuthenticationProviderServiceImpl] Getting all the configured authentication providers
10/25/2019 13:15:29.321 DEBUG (default task-8) [com.aveksa.server.authentication.AuthenticationProviderServiceImpl] Successfully got all the configured authentication providers
10/25/2019 13:15:40.482 DEBUG (default task-64) [com.aveksa.server.authentication.AveksaJndiLoginModule] Initializing Login Module : AveksaJndiLoginModule method=Initialize {BindPassword=*********, AuthUserAttribute=sAMAccountName, UserSearchAttribute=sAMAccountName, jboss.security.security_domain=ABC_Authentication, ConnectionUrl=ldap://abc.company.com:389, UseSSL=No, UserBaseDN=DC=natest,DC=company,DC=com, SearchFilterForUsers=, UserSearchScope=2, BindDn=WINNTDOMTEST\xyz}
10/25/2019 13:15:40.483 DEBUG (default task-64) [com.aveksa.server.authentication.AveksaJndiLoginModule] Initializing Complete for Login Module method=Initialize
10/25/2019 13:15:40.484 DEBUG (default task-64) [com.aveksa.server.authentication.AveksaJndiLoginModule] Login Method called method=Login
10/25/2019 13:15:40.488 DEBUG (default task-64) [com.aveksa.server.authentication.AveksaJndiLoginModule] Query for user search: (sAMAccountName=usera) method=Authenticate
10/25/2019 13:15:40.490 DEBUG (default task-64) [com.aveksa.server.authentication.AveksaJndiLoginModule] Using DN: CN=usera,OU=Users,OU=KW,OU=Boise,DC=abc,DC=company,DC=comfor authentication method=Authenticate
10/25/2019 13:15:40.705 DEBUG (default task-64) [com.aveksa.server.authentication.AveksaJndiLoginModule] User authenticated method=Authenticate
10/25/2019 13:15:40.706 DEBUG (default task-64) [com.aveksa.server.authentication.AveksaJndiLoginModule] Authenticated user DN method=Authenticate usera
10/25/2019 13:15:40.707 DEBUG (default task-64) [com.aveksa.server.authentication.AveksaJndiLoginModule] Login Method returning method=Login true

 

This was working before the previous AD authentication was added (2nd - broked after 3rd was added)
10/25/2019 13:13:56.800 DEBUG (default task-38) [com.aveksa.server.authentication.AuthenticationProviderServiceImpl] Getting all the configured authentication providers
10/25/2019 13:13:56.803 DEBUG (default task-38) [com.aveksa.server.authentication.AuthenticationProviderServiceImpl] Successfully got all the configured authentication providers
10/25/2019 13:14:17.950 DEBUG (default task-56) [com.aveksa.server.authentication.AveksaJndiLoginModule] Initializing Login Module : AveksaJndiLoginModule method=Initialize {BindPassword=*********, AuthUserAttribute=def\sAMAccountName, UserSearchAttribute=sAMAccountName, jboss.security.security_domain=DEF_Authentication, ConnectionUrl=ldap://def.company.com:389, UseSSL=No, UserBaseDN=DC=def,DC=company,DC=com, SearchFilterForUsers=, UserSearchScope=2, BindDn=def\xyz}
10/25/2019 13:14:17.951 DEBUG (default task-56) [com.aveksa.server.authentication.AveksaJndiLoginModule] Initializing Complete for Login Module method=Initialize
10/25/2019 13:14:17.951 DEBUG (default task-56) [com.aveksa.server.authentication.AveksaJndiLoginModule] Login Method called method=Login
10/25/2019 13:14:17.955 DEBUG (default task-56) [com.aveksa.server.authentication.AveksaJndiLoginModule] Query for user search: (sAMAccountName=usera) method=Authenticate
10/25/2019 13:14:17.957 DEBUG (default task-56) [com.aveksa.server.authentication.AveksaJndiLoginModule] Using DN: CN=usera,CN=Users,DC=def,DC=company,DC=comfor authentication method=Authenticate
10/25/2019 13:14:17.961 DEBUG (default task-56) [com.aveksa.server.authentication.AveksaJndiLoginModule] User authenticated method=Authenticate
10/25/2019 13:14:17.962 ERROR (default task-56) [com.aveksa.server.authentication.AveksaJndiLoginModule] Attribute could not be retrieved method=Authenticate def\sAMAccountName
10/25/2019 13:14:17.963 INFO (default task-56) [com.aveksa.server.authentication.AuthenticationProviderServiceImpl] javax.security.auth.login.LoginException: User Principal cannot be created.

Outcomes