x509 authentication with Active directory using Spring security -


hi iam new spring security,
task authenticate user against active directory matching username retrieved x509 client certificate. far did enabled ssl mutual authentication

that above part working fine have security.xml file in have configured related x509 reference , active directory configuration

      <global-method-security secured-annotations="enabled" />               <http >                <intercept-url pattern="/**" access="role_user,role_anonymous" requires-     channel="https"/>      <intercept-url pattern="/userlogin/*"  access="role_admin,role_user" requires-channel="https"/>          <x509 subject-principal-regex="cn=(.*?)," user-service-ref="ldapuserservice" />   </http>  <authentication-manager>          <authentication-provider user-service-ref="ldapuserservice" />  </authentication-manager>    <bean:bean id="contextsource" class="org.springframework.security.ldap.defaultspringsecuritycontextsource">   <bean:constructor-arg value="ldap://activedirectoryurl:389/cn=example,dc=net"/>   <bean:property name="userdn" value="mkanaka@example.local"/> <bean:property name="password" value="secuera1smk"/> </bean:bean>   <bean:bean name="ldapuserservice" class="org.springframework.security.ldap.userdetails.ldapuserdetailsservice">     <bean:constructor-arg ref="ldapusersearch"/>     <bean:constructor-arg ref="ldapauthoritiespopulator"/> </bean:bean> <bean:bean name="ldapusersearch" class="org.springframework.security.ldap.search.filterbasedldapusersearch">     <bean:constructor-arg value=""/>     <bean:constructor-arg value="(&amp;(samaccountname={0})(objectclass=users))"/>     <bean:constructor-arg ref="contextsource" /> </bean:bean> <bean:bean name="ldapauthoritiespopulator"   class="org.springframework.security.ldap.userdetails.defaultldapauthoritiespopulator">     <bean:constructor-arg ref="contextsource" />     <bean:constructor-arg value="" />     <bean:property name="groupsearchfilter" value="member={0}" />     <bean:property name="searchsubtree" value="true" /> </bean:bean> 

now problem facing when try retrieve securitycontextholder.getcontext().getauthentication().getprincipal(); it's return type string rather userdetails(certificate details used while logging), string output getprincipal() anonymoususer , authorities give role_anonymous when call getauthentication.isauthenticated() returns true. using tomcat 7, spring security 3.1
might problem please me in regard

with configuration, username extracted certificate "mohankumar kanaka" , spring security try use authentication.

with ldap configuration, search directory entry samaccountname attribute matching (which doesn't find).

you need way of mapping name in certificate active directory entry. there's no way spring security can automatically. ideally part of subject name in certificate should match ad user name can extract easily.


Comments

Popular posts from this blog

jquery - How can I dynamically add a browser tab? -

keyboard - C++ GetAsyncKeyState alternative -

android - java.net.UnknownHostException(Unable to resolve host “URL”: No address associated with hostname) -