search cancel

ldap-grps-mappings-config.xml fails to authenticate users in the specified group with ArrayIndexOutOfBounds exception.

book

Article ID: 202455

calendar_today

Updated On:

Products

CA Spectrum CA eHealth

Issue/Introduction

When setting up the ldap-grps-mappings-config.xml to authenticate users in Spectrum that are defined in the specified LDAP group it fails to authenticate with the following exception:

The customer is seeing the following exception in the catalina.out file:

ep 28, 2020 18:25:39.694 (http-nio-8080-exec-13) (SecuritySP) - Getting user model for xxxxx
Sep 28, 2020 18:25:39.694 (http-nio-8080-exec-13) (SecuritySP) - Getting user model by filter from admin domain xxxxxxxxx
Sep 28, 2020 18:25:39.732 (http-nio-8080-exec-13) (SecuritySP) - LDAP custom group authentication is enabled
Sep 28, 2020 18:25:39.732 (http-nio-8080-exec-13) (SecuritySP) - Trying to authenticate logged in user with LDAP server using the credentials provided
Sep 28, 2020 18:25:39.732 - Exception occcured in findUserGroup : java.lang.ArrayIndexOutOfBoundsException: 1
at com.aprisma.spectrum.app.web.servlet.container.SpectrumJNDIRealm.getUserByPattern(SpectrumJNDIRealm.java:1293)
at com.aprisma.spectrum.app.web.servlet.container.SpectrumJNDIRealm.getUser(SpectrumJNDIRealm.java:1263)
at com.aprisma.spectrum.app.web.servlet.container.SpectrumJNDIRealm.verifyUser(SpectrumJNDIRealm.java:1190)
at com.aprisma.spectrum.app.web.servlet.container.SpectrumJNDIRealm.findUserGroup(SpectrumJNDIRealm.java:1619)
at com.aprisma.spectrum.app.web.servlet.container.SecuritySpSSORB.initModelDomains(SecuritySpSSORB.java:1108)
at com.aprisma.spectrum.app.web.servlet.container.SecuritySpSSORB.getUserRoles(SecuritySpSSORB.java:1489)
at com.aprisma.tomcat.realm.SecurityRealm.authenticate(SecurityRealm.java:205)
at org.apache.catalina.authenticator.BasicAuthenticator.doAuthenticate(BasicAuthenticator.java:101)
at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:631)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:139)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:92)
at org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:690)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:74)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:343)
at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:373)
at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:65)
at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:868)
at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1590)
at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
at java.lang.Thread.run(Thread.java:748)

Environment

Release : 20.2

Component : DX NetOps Spectrum OneClick

Cause

The "User By Pattern" was configured in the OneClick LDAP configuration. The ldap-grps-mappings-config.xml configuration only supports "User by Search"

Resolution

Change the User Name lookup to "User by Search" in the OneClick LDAP configuration page and restart the tomcat service.