ldap-grps-mappings-config.xml fails to authenticate users in the specified group with ArrayIndexOutOfBounds exception.
search cancel

ldap-grps-mappings-config.xml fails to authenticate users in the specified group with ArrayIndexOutOfBounds exception.

book

Article ID: 202455

calendar_today

Updated On:

Products

CA Spectrum CA eHealth

Issue/Introduction

When setting up the ldap-grps-mappings-config.xml to authenticate users in Spectrum that are defined in the specified LDAP group it fails to authenticate with the following exception:

The customer is seeing the following exception in the catalina.out file:

ep 28, 2020 18:25:39.694 (http-nio-8080-exec-13) (SecuritySP) - Getting user model for xxxxx
Sep 28, 2020 18:25:39.694 (http-nio-8080-exec-13) (SecuritySP) - Getting user model by filter from admin domain xxxxxxxxx
Sep 28, 2020 18:25:39.732 (http-nio-8080-exec-13) (SecuritySP) - LDAP custom group authentication is enabled
Sep 28, 2020 18:25:39.732 (http-nio-8080-exec-13) (SecuritySP) - Trying to authenticate logged in user with LDAP server using the credentials provided
Sep 28, 2020 18:25:39.732 - Exception occcured in findUserGroup : java.lang.ArrayIndexOutOfBoundsException: 1
at com.aprisma.spectrum.app.web.servlet.container.SpectrumJNDIRealm.getUserByPattern(SpectrumJNDIRealm.java:1293)
at com.aprisma.spectrum.app.web.servlet.container.SpectrumJNDIRealm.getUser(SpectrumJNDIRealm.java:1263)
at com.aprisma.spectrum.app.web.servlet.container.SpectrumJNDIRealm.verifyUser(SpectrumJNDIRealm.java:1190)
at com.aprisma.spectrum.app.web.servlet.container.SpectrumJNDIRealm.findUserGroup(SpectrumJNDIRealm.java:1619)
at com.aprisma.spectrum.app.web.servlet.container.SecuritySpSSORB.initModelDomains(SecuritySpSSORB.java:1108)
at com.aprisma.spectrum.app.web.servlet.container.SecuritySpSSORB.getUserRoles(SecuritySpSSORB.java:1489)
at com.aprisma.tomcat.realm.SecurityRealm.authenticate(SecurityRealm.java:205)
at org.apache.catalina.authenticator.BasicAuthenticator.doAuthenticate(BasicAuthenticator.java:101)
at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:631)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:139)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:92)
at org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:690)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:74)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:343)
at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:373)
at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:65)
at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:868)
at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1590)
at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
at java.lang.Thread.run(Thread.java:748)

Environment

Release : 20.2

Component : DX NetOps Spectrum OneClick

Cause

The "User By Pattern" was configured in the OneClick LDAP configuration. The ldap-grps-mappings-config.xml configuration only supports "User by Search"

Resolution

Change the User Name lookup to "User by Search" in the OneClick LDAP configuration page and restart the tomcat service. 

Powered by Wolken Software