Details
-
Fix
-
Status: Released (View Workflow)
-
Major
-
Resolution: Fixed
-
1.13.9, 2.3.1
-
None
-
None
Description
Current Situation
- For LDAP access with the JOC Cockpit the SOS implementation makes use of the Shiro component.
- With release 1.13.10 SOS upgraded from Shiro 1.5 to Shiro 1.7 that introduced a change (introduced with Shiro 1.5.1) which is reported here:
- In the shiro.ini file the "org.apache.shiro.authc.pam.FirstSuccessfulStrategy" module throws the below error when trying to login into the JOC Cockpit using an LDAP user account:
java.lang.IllegalArgumentException: User principal cannot be null or empty for User DN construction.
- In the shiro.ini file the "org.apache.shiro.authc.pam.FirstSuccessfulStrategy" module throws the below error when trying to login into the JOC Cockpit using an LDAP user account:
- When removing the below modules from shiro.ini file it is working properly:
- authcStrategy = org.apache.shiro.authc.pam.FirstSuccessfulStrategy
- authenticator.authenticationStrategy = $authcStrategy
Desired Behavior
- It should be possible to use the FirstSuccessfulStrategy
Workaround
There are two workarounds
1. workaround: Still using org.apache.shiro.authc.pam.FirstSuccessfulStrategy
add this setting to the shiro.ini.
authcStrategy.stopAfterFirstSuccess=true
2. workaround: Use the SOS Implementation for the strategy
Change
authcStrategy=org.apache.shiro.authc.pam.FirstSuccessfulStrategy
to
authcStrategy = com.sos.auth.shiro.SOSFirstSuccessfulStrategy