Help Integration of RunDeck with my ActiveDirectory
242 views
Skip to first unread message
Marcos Valente
Jul 22, 2019, 2:40:47 PM7/22/19
to rundeck-discuss
Hello guys!!! I have a problem with the integration of RunDeck with my ActiveDirectory, I'm with Rundeck installed on a windows 2012 R2 server and I've followed everything that is documentation and even then the integration does not work, someone could give me strength if I have already done this integration with success? Below are my settings to take a look if there is something wrong !!!
Thank you.
----------------------------------------------------------------------------------
File: c:\RUNDECK\etc\jaas-activedirectory.conf
activedirectory {
com.dtolabs.rundeck.jetty.jaas.JettyCachingLdapLoginModule required
debug = "true"
contextFactory = "com.sun.jndi.ldap.LdapCtxFactory"
providerUrl = "ldap://192.168.XX.XX:389"
bindDn ="CN=User,OU=Domain Admins,OU=Administrators,DC=Domain,DC=com,DC=br"
bindPassword = "XXXXXXXX"
authenticationMethod = "simple"
forceBindingLogin = "true"
userBaseDn ="OU=Users,DC=Domain,DC=com,DC=br"
userRdnAttribute = "sAMAccountName"
userIdAttribute = "sAMAccountName"
userPasswordAttribute = "unicodePwd"
userObjectClass = "user"
roleBaseDn = "OU=Users,DC=Domain,DC=com,DC=br"
roleNameAttribute = "cn"
roleMemberAttribute = "member"
roleObjectClass = "group"
cacheDurationMillis = "300000"
reportStatistics = "true";
};
-------------------------------------------------------------------------------
File: File: c:\RUNDECK\etc\profile
RDECK_BASE=C:/RUNDECK
export RDECK_BASE
JAVA_HOME=C:/Java/jdk1.8.0_31/jre
export JAVA_HOME
PATH=$JAVA_HOME/bin:$RDECK_BASE/tools/bin:$PATH
export PATH
export JAVA_CMD=$JAVA_HOME/bin/java
if test -n "$JRE_HOME"
then
unset JRE_HOME
fi
LIBDIR=$RDECK_BASE/tools/lib
CLI_CP=
for i in `ls $LIBDIR/*.jar`
do
CLI_CP=${CLI_CP}:${i}
done
export CLI_CP
Dlogging.level.root=DEBUG
export RDECK_JVM="-Djava.security.auth.login.config=/rundeck/etc/jaas-activedirectory.conf \
-Dloginmodule.name=activedirectory \
-Drdeck.config=$RDECK_CONFIG \
-Drundeck.server.configDir=$RDECK_SERVER_CONFIG \
-Dserver.datastore.path=$RDECK_SERVER_DATA/rundeck \
-Drundeck.server.serverDIR=$RDECK_INSTALL \
-Drdeck.projects=$RDECK_PROJECTS \
-Drdeck.runlogs=$RUNDECK_LOGDIR \
-Drundeck.config.locations=$RDECK_CONFIG/rundeck-config.properties \
-Djava.io.tmpdir=$RUNDECK_TEMPDIR \
-Drundeck.server.workDir=$RUNDECK_WORKDIR \
-Dserver.hhtp.port=$RDECK_HTTP_PORT"
#
# Set min/max heap size
#
export RDECK_JVM="$RDECK_JVM -Xmx1024m -Xms256m -XX:MaxMetaspaceSize=256m -server"
export RDECK_SSL_OPTS="-Djavax.net.ssl.trustStore=$RDECK_BASE/etc/truststore -Djavax.net.ssl.trustStoreType=jks -Djava.protocol.handler.pkgs=com.sun.net.ssl.internal.www.protocol"
umask 002
------------------------------------------------------------------------------------------------------------
Message has been deleted
Reiner Acuña
Jul 22, 2019, 3:47:03 PM7/22/19
to rundeck-discuss
Hi Marcos,
You can share the log output (/var/log/rundeck/service.log) to take a look and check the problem?
The first advice is not to edit the /etc/rundeck/profile file, if you want to set any JVM parameter for Rundeck you can use /etc/sysconfig/rundeckd (for redhat/centos based systems) or /etc/defaults/rundeckd (for debian/ubuntu based systems) this is useful to avoid problems at the moment of upgrade rundeck. For example in your case that's should work with:
You can see more about this here:
https://docs.rundeck.com/docs/administration/security/authenticating-users.html#configuration
Now, check this jaas-activedirectory.conf that works:
Of course, the users need to be defined on userBaseDn and Groups in roleBaseDN.
Hope it helps!
You can share the log output (/var/log/rundeck/service.log) to take a look and check the problem?
The first advice is not to edit the /etc/rundeck/profile file, if you want to set any JVM parameter for Rundeck you can use /etc/sysconfig/rundeckd (for redhat/centos based systems) or /etc/defaults/rundeckd (for debian/ubuntu based systems) this is useful to avoid problems at the moment of upgrade rundeck. For example in your case that's should work with:
RDECK_JVM_OPTS="-Drundeck.jaaslogin=true \
-Djava.security.auth.login.config=/etc/rundeck/jaas-activedirectory.conf \
-Dloginmodule.name=activedirectory"You can see more about this here:
https://docs.rundeck.com/docs/administration/security/authenticating-users.html#configuration
Now, check this jaas-activedirectory.conf that works:
activedirectory {
com.dtolabs.rundeck.jetty.jaas.JettyCachingLdapLoginModule required
debug="true"
contextFactory="com.sun.jndi.ldap.LdapCtxFactory"
providerUrl="ldap://xxx.xxx.xxx.xxx:389"
bindDn="cn=xxxx,ou=xxxxxxx,dc=xxx,dc=xxx,dc=xxx"
bindPassword="password"
authenticationMethod="simple"
forceBindingLogin="true"
userBaseDn="ou=people,dc=xxx,dc=xxx,dc=xxx"
userRdnAttribute="sAMAccountName"
userIdAttribute="sAMAccountName"
userPasswordAttribute="unicodePwd"
userObjectClass="user"
roleBaseDn="ou=groups,dc=xxx,dc=xxx,dc=xxx"
roleNameAttribute="cn"
roleMemberAttribute="member"
roleObjectClass="group"
cacheDurationMillis="300000"
reportStatistics="true"
ignoreRoles="true"
storePass="true"
clearPass="true"
useFirstPass="false"
tryFirstPass="false";
};Of course, the users need to be defined on userBaseDn and Groups in roleBaseDN.
Hope it helps!
Marcos Valente
Jul 23, 2019, 8:18:51 AM7/23/19
to rundeck-discuss
Hi Reiner !! Thanks for your response!!!
Reiner I am using RUNDECK on a Windows 2012 and not in a Linux environment so I don't know where I can make the profile settings you indicated me !! I will test these settings you gave me and see if it works. Another problem I am encountering is that I can't find the "Service.log" log, even though the environment is like Debug.
I put users and groups in the same container for easier testing, so userBaseDn and roleBaseDN are the same.
Tks...
Reiner Acuña
Jul 23, 2019, 9:41:37 AM7/23/19
to rundeck-discuss
Hi Marcos,
You're right! I forgot that detail, my mistake. For Windows systems you must create a .bat file that launch rundeck with all JVM parameter that you need (in your case something like: -Drundeck.jaaslogin=true -Djava.security.auth.login.config=C:\rundeck\server\config\jaas-activedirectory.conf -Dloginmodule.name=activedirectory), check this please:
https://docs.rundeck.com/docs/administration/install/windows.html#configuring-rundeck
About the service.log file. If you launch your Rundeck instance with "java -jar rundeck-3.0.x-xxxxxxxx.war" for example the service log is generated in the command prompt, but in the documentation, you can see how to redirects that output to service log from your .bat start file.
In the documentation check the line: "java %RDECK_CLI_OPTS% %RDECK_SSL_OPTS% <put here your AD settings> -jar rundeck-3.0.X.war --skipinstall -d >> %CURDIR%\var\logs\service.log 2>&1"
Here you have all installation and config under Windows-based systems (also check the configuration about run as a service):
https://docs.rundeck.com/docs/administration/install/windows.html
Greetings!
You're right! I forgot that detail, my mistake. For Windows systems you must create a .bat file that launch rundeck with all JVM parameter that you need (in your case something like: -Drundeck.jaaslogin=true -Djava.security.auth.login.config=C:\rundeck\server\config\jaas-activedirectory.conf -Dloginmodule.name=activedirectory), check this please:
https://docs.rundeck.com/docs/administration/install/windows.html#configuring-rundeck
About the service.log file. If you launch your Rundeck instance with "java -jar rundeck-3.0.x-xxxxxxxx.war" for example the service log is generated in the command prompt, but in the documentation, you can see how to redirects that output to service log from your .bat start file.
In the documentation check the line: "java %RDECK_CLI_OPTS% %RDECK_SSL_OPTS% <put here your AD settings> -jar rundeck-3.0.X.war --skipinstall -d >> %CURDIR%\var\logs\service.log 2>&1"
Here you have all installation and config under Windows-based systems (also check the configuration about run as a service):
https://docs.rundeck.com/docs/administration/install/windows.html
Greetings!
Marcos Valente
Jul 24, 2019, 8:12:14 AM7/24/19
to rundeck-discuss
Hi Reiner!!
I made the adjustments because I saw that I was starting RUNDECK the wrong way, now is correct as documentation, but I still can not do the integration with AD, now appears in the logs these MSGs when I try to login. Have you had this problem ??
2019-07-23 17:59:17.851 DEBUG --- [qtp157226018-23] ailsUsernamePasswordAuthenticationFilter : Updated SecurityContextHolder to contain null Authentication
2019-07-23 17:59:17.851 DEBUG --- [qtp157226018-23] ailsUsernamePasswordAuthenticationFilter : Delegating to authentication failure handler grails.plugin.springsecurity.web.authentication.AjaxAwareAuthenticationFailureHandler@7d7c05fa
Tks...
Marcos Valente
Jul 24, 2019, 8:29:58 AM7/24/19
to rundeck-discuss
2019-07-24 09:25:50.866 DEBUG --- [qtp294886047-25] ailsUsernamePasswordAuthenticationFilter : Updated SecurityContextHolder to contain null Authentication
2019-07-24 09:25:50.866 DEBUG --- [qtp294886047-25] ailsUsernamePasswordAuthenticationFilter : Delegating to authentication failure handler grails.plugin.springsecurity.web.authentication.AjaxAwareAuthenticationFailureHandler@2f64f99f
2019-07-24 09:26:04.683 DEBUG --- [qtp294886047-28] ailsUsernamePasswordAuthenticationFilter : Request is to process authentication
2019-07-24 09:26:04.683 DEBUG --- [qtp294886047-28] ailsUsernamePasswordAuthenticationFilter : Authentication request failed: org.springframework.security.authentication.AuthenticationServiceException
org.springframework.security.authentication.AuthenticationServiceException: null
at org.springframework.security.authentication.jaas.DefaultLoginExceptionResolver.resolveException(DefaultLoginExceptionResolver.java:35)
at org.springframework.security.authentication.jaas.AbstractJaasAuthenticationProvider.authenticate(AbstractJaasAuthenticationProvider.java:217)
at org.springframework.security.authentication.ProviderManager.authenticate(ProviderManager.java:174)
at org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter.attemptAuthentication(UsernamePasswordAuthenticationFilter.java:94)
at grails.plugin.springsecurity.web.authentication.GrailsUsernamePasswordAuthenticationFilter.attemptAuthentication(GrailsUsernamePasswordAuthenticationFilter.groovy:53)
at org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:212)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331)
at grails.plugin.springsecurity.web.authentication.logout.MutableLogoutFilter.doFilter(MutableLogoutFilter.groovy:64)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331)
at org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:105)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331)
at grails.plugin.springsecurity.web.SecurityRequestHolderFilter.doFilter(SecurityRequestHolderFilter.groovy:58)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331)
at org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:214)
at org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:177)
at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1642)
at org.grails.web.servlet.mvc.GrailsWebRequestFilter.doFilterInternal(GrailsWebRequestFilter.java:77)
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1642)
at org.grails.web.filters.HiddenHttpMethodFilter.doFilterInternal(HiddenHttpMethodFilter.java:67)
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1642)
at org.springframework.web.filter.CharacterEncodingFilter.doFilterInternal(CharacterEncodingFilter.java:197)
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1642)
at org.springframework.web.filter.CorsFilter.doFilterInternal(CorsFilter.java:96)
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1642)
at org.springframework.boot.actuate.autoconfigure.MetricsFilter.doFilterInternal(MetricsFilter.java:103)
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1642)
at org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:533)
at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:146)
at org.eclipse.jetty.security.SecurityHandler.handle(SecurityHandler.java:548)
at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:132)
at org.eclipse.jetty.server.handler.ScopedHandler.nextHandle(ScopedHandler.java:257)
at org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:1595)
at org.eclipse.jetty.server.handler.ScopedHandler.nextHandle(ScopedHandler.java:255)
at org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1317)
at org.eclipse.jetty.server.handler.ScopedHandler.nextScope(ScopedHandler.java:203)
at org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:473)
at org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:1564)
at org.eclipse.jetty.server.handler.ScopedHandler.nextScope(ScopedHandler.java:201)
at org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1219)
at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:144)
at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:132)
at org.eclipse.jetty.server.Server.handle(Server.java:531)
at org.eclipse.jetty.server.HttpChannel.handle(HttpChannel.java:352)
at org.eclipse.jetty.server.HttpConnection.onFillable(HttpConnection.java:260)
at org.eclipse.jetty.io.AbstractConnection$ReadCallback.succeeded(AbstractConnection.java:281)
at org.eclipse.jetty.io.FillInterest.fillable(FillInterest.java:102)
at org.eclipse.jetty.io.ChannelEndPoint$2.run(ChannelEndPoint.java:118)
at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.runTask(EatWhatYouKill.java:333)
at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.doProduce(EatWhatYouKill.java:310)
at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.tryProduce(EatWhatYouKill.java:168)
at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.run(EatWhatYouKill.java:126)
at org.eclipse.jetty.util.thread.ReservedThreadExecutor$ReservedThread.run(ReservedThreadExecutor.java:366)
at org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:762)
at org.eclipse.jetty.util.thread.QueuedThreadPool$2.run(QueuedThreadPool.java:680)
at java.lang.Thread.run(Thread.java:745)
Caused by: javax.security.auth.login.FailedLoginException: null
at org.eclipse.jetty.jaas.spi.AbstractLoginModule.login(AbstractLoginModule.java:260)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:483)
at javax.security.auth.login.LoginContext.invoke(LoginContext.java:755)
at javax.security.auth.login.LoginContext.access$000(LoginContext.java:195)
at javax.security.auth.login.LoginContext$4.run(LoginContext.java:682)
at javax.security.auth.login.LoginContext$4.run(LoginContext.java:680)
at java.security.AccessController.doPrivileged(Native Method)
at javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:680)
at javax.security.auth.login.LoginContext.login(LoginContext.java:587)
at org.springframework.security.authentication.jaas.AbstractJaasAuthenticationProvider.authenticate(AbstractJaasAuthenticationProvider.java:180)
... 58 common frames omitted
Em segunda-feira, 22 de julho de 2019 16:47:03 UTC-3, Reiner Acuña escreveu:
Reiner Acuña
Jul 24, 2019, 10:47:13 AM7/24/19
to rundeck-discuss
Hi Marcos,
Make sure that you're passing the AD Auth params, for example this "launch.bat" with this content (at the same place of your war file):
set CURDIR=%~dp0
call %CURDIR%etc\profile.bat
java %RDECK_CLI_OPTS% %RDECK_SSL_OPTS% -Drundeck.jaaslogin=true -Djava.security.auth.login.config=C:\the\path\to\your\jaas-activedirectory.conf -Dloginmodule.name=activedirectory -jar rundeck-3.0.20-20190408.war --skipinstall -d >> %CURDIR%\var\logs\service.log 2>&1Make sure that you're passing -Drundeck.jaaslogin=true to your launch script.
Hope it helps!
Marcos Valente
Jul 24, 2019, 1:19:59 PM7/24/19
to rundeck-discuss
Yes Reiner!!! Params is set on profile.bat
set RDECK_SSL_OPTS="-Djavax.net.ssl.trustStore=%RDECK_BASE%\etc\truststore -Djavax.net.ssl.trustStoreType=jks -Djava.protocol.handler.pkgs=com.sun.net.ssl.internal.www.protocol"
set RDECK_CLI_OPTS=-Xms128m -Xmx256m
set RD_LIBDIR=%RDECK_BASE%\tools\lib
Set RDECK_JVM_OPTS="-Drundeck.jaaslogin=true -Djava.security.auth.login.config=c:\rundeck\etc\jaas-activedirectory.conf -Dloginmodule.name=activedirectory"
---------------------------------------------------------------------------------------------------------------------------
Message has been deleted
Reiner Acuña
Jul 24, 2019, 2:21:20 PM7/24/19
to rundeck-discuss
Hey Marcos,
This is my profile.bat (I don't use the double quotes on RDECK_JVM var):
set RDECK_BASE=C:\rundeck
set JAVA_HOME=C:\Program Files\Java\jre1.8.0_202
:: Unsetting JRE_HOME to ensure there is no conflict with JAVA_HOME
(set JRE_HOME=)
set Path=%JAVA_HOME%\bin;%RDECK_BASE%\tools\bin;%Path%
set RDECK_SSL_OPTS="-Djavax.net.ssl.trustStore=%RDECK_BASE%\etc\truststore -Djavax.net.ssl.trustStoreType=jks -Djava.protocol.handler.pkgs=com.sun.net.ssl.internal.www.protocol"
set RDECK_CLI_OPTS=-Xms512m -Xmx1024m
set RD_LIBDIR=%RDECK_BASE%\tools\lib
set RDECK_JVM=-Drundeck.jaaslogin=true -Djava.security.auth.login.config=C:\rundeck\etc\jaas-activedirectory.conf -Dloginmodule.name=activedirectoryAnd this my "launch.bat" file:
set CURDIR=%~dp0
call %CURDIR%etc\profile.bat
java %RDECK_CLI_OPTS% %RDECK_SSL_OPTS% %RDECK_JVM% -jar rundeck-3.0.20-20190408.war --skipinstall -d >> %CURDIR%\var\logs\service.log 2>&1In the service.log file at login moment:
Configuring Spring Security Core ...
... finished configuring Spring Security Core
2019-07-24 14:06:57.728 INFO --- [ main] rundeckapp.BootStrap : Starting Rundeck 3.0.20-20190408 (2019-04-08) ...
2019-07-24 14:06:57.769 INFO --- [ main] rundeckapp.BootStrap : using rdeck.base config property: C:/rundeck
2019-07-24
14:06:57.784 INFO --- [ main] rundeckapp.BootStrap
: loaded configuration: C:\rundeck\etc\framework.properties
2019-07-24 14:06:57.846 INFO --- [ main] rundeckapp.BootStrap : RSS feeds disabled
2019-07-24 14:06:57.846 INFO --- [ main] rundeckapp.BootStrap : Using jaas authentication
2019-07-24 14:06:57.846 INFO --- [ main] rundeckapp.BootStrap : Preauthentication is disabled
2019-07-24
14:06:57.984 INFO --- [ main] rundeckapp.BootStrap
: Rundeck is ACTIVE: executions can be run.
2019-07-24
14:06:57.990 WARN --- [ main] rundeckapp.BootStrap
: The JVM default encoding is not UTF-8: windows-1252, you may
not see output as expected for multibyte locales. Specify
-Dfile.encoding=UTF-8 in the JVM options.
2019-07-24 14:06:58.403
WARN --- [ main] rundeckapp.BootStrap :
[Development Mode] Usage of H2 database is recommended only for
development and testing
2019-07-24 14:06:58.418 INFO --- [
main] rundeckapp.BootStrap : Rundeck startup
finished in 1359ms
Grails application running at http://0.0.0.0:4440 in environment: production
2019-07-24 14:07:19.607 DEBUG --- [tp1345757830-30] ailsUsernamePasswordAuthenticationFilter : Request is to process authentication
2019-07-24 14:07:19.679 INFO --- [tp1345757830-30] c.d.r.j.j.JettyCachingLdapLoginModule : Login attempts: 1, Hits: 0, Ratio: 0%.
2019-07-24 14:07:19.687 DEBUG --- [tp1345757830-30] c.d.r.j.j.JettyCachingLdapLoginModule : Found user?: true
2019-07-24 14:07:19.687 DEBUG --- [tp1345757830-30] c.d.r.j.j.JettyCachingLdapLoginModule : Searching for users with filter: '(&(objectClass={0})({1}={2}))' from base dn: ou=Users,dc=example,dc=net
2019-07-24 14:07:19.687 DEBUG --- [tp1345757830-30] c.d.r.j.j.JettyCachingLdapLoginModule : Found user?: true
2019-07-24 14:07:19.687 DEBUG --- [tp1345757830-30] c.d.r.j.j.JettyCachingLdapLoginModule : user cred is present: true
2019-07-24 14:07:19.687 DEBUG --- [tp1345757830-30] c.d.r.j.j.JettyCachingLdapLoginModule : JettyCachingLdapLoginModule: User 'jdoe' has roles: [admin, Test, Users, user]
2019-07-24 14:07:19.733 DEBUG --- [tp1345757830-30] ailsUsernamePasswordAuthenticationFilter : Authentication success. Updating SecurityContextHolder to contain: org.springframework.security.authentication.jaas.JaasAuthenticationToken@3121d6: Principal: jdoe; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@ffff6a82: RemoteIpAddress: 10.0.1.54; SessionId: null; Granted Authorities: Jaas Authority [admin,admin], Jaas Authority [Test,Test], Jaas Authority [Users,Users], Jaas Authority [user,user]Please check and test it.
Marcos Valente
Jul 29, 2019, 8:55:54 AM7/29/19
to rundeck-discuss
Hello Reiner !!
I adjusted my files to be the same as yours, but now the service does not start and presents me the error below !! Have you had similar problem ??? I've done the Zero configuration again to see if the problem changes but the error is the same !!
VERBOSE: Determined hostname: Zune
VERBOSE: {rdeck.base=C:/RUNDECK, server.https.port=4443, rundeck.server.configDir=C:/RUNDECK/server/config, loginmodule.conf.name=jaas-loginmodule.conf, default.admin.name=admin, server.web.context=, logger.jobchanges.format=[%d{ISO8601}] %X{user} %X{change} [%X{id}] %X{project} "%X{groupPath}/%X{jobName}" (%X{method})%X{extraInfo}%n, logger.access.format=[%d{ISO8601}] "%X{method} %X{uri}" %X{remoteHost} %X{secure} %X{remoteUser} %X{authToken} %X{duration} %X{project} [%X{contentType}] (%X{userAgent})%n, default.encryption.password=ud8m7a6m5sbspm2, server.hostname=Zune, server.datastore.path=C:/RUNDECK/server/data/grailsdb, rundeck.launcher.jar.location=C:/RUNDECK/rundeck-3.0.23-20190619.war, logger.execevents.format=[%d{ISO8601}] %X{eventUser} %X{event} [%X{id}:%X{state}] %X{project} %X{user}/%X{abortedby} "%X{groupPath}/%X{jobName} %X{argString}"[%X{uuid}] %n, rundeck.config.name=rundeck-config.properties, logger.storage.format=[%d{ISO8601}] %X{action} %X{type} %X{path} %X{status} %X{metadata}%n, default.admin.password=admin, default.encryption.algorithm=PBEWITHSHA256AND128BITAES-CBC-BC, rundeck.log.dir=C:/RUNDECK/server/logs, logger.options.format=[%d{ISO8601}] %X{httpStatusCode} %X{contentLength}B %X{durationTime}ms %X{lastModifiedDateTime} [%X{jobName}] %X{url} %X{contentSHA1}%n, server.http.port=4440, default.user.password=user, loginmodule.name=activedirectory, logger.apirequests.format=[%d{ISO8601}] %X{remoteHost} %X{secure} %X{remoteUser} %X{authToken} %X{duration} %X{project} "%X{method} %X{uri}" (%X{userAgent})%n, default.user.name=user}
VERBOSE: --skipinstall: Not extracting.
Configuring Spring Security Core ...
... finished configuring Spring Security Core
2019-07-29 09:50:26.288 ERROR --- [ main] g.b.c.GrailsApplicationPostProcessor : Error loading spring/resources.groovy file: java.io.IOException: Configuration Error:
Line 21: expected [controlFlag]
java.lang.SecurityException: java.io.IOException: Configuration Error:
Line 21: expected [controlFlag]
at sun.security.provider.ConfigFile$Spi.<init>(ConfigFile.java:137)
at sun.security.provider.ConfigFile.<init>(ConfigFile.java:102)
at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:62)
at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45)
at java.lang.reflect.Constructor.newInstance(Constructor.java:408)
at java.lang.Class.newInstance(Class.java:438)
at javax.security.auth.login.Configuration$2.run(Configuration.java:255)
at javax.security.auth.login.Configuration$2.run(Configuration.java:247)
at java.security.AccessController.doPrivileged(Native Method)
at javax.security.auth.login.Configuration.getConfiguration(Configuration.java:246)
at javax.security.auth.login.Configuration$getConfiguration.call(Unknown Source)
at org.codehaus.groovy.runtime.callsite.CallSiteArray.defaultCall(CallSiteArray.java:47)
at org.codehaus.groovy.runtime.callsite.AbstractCallSite.call(AbstractCallSite.java:116)
at org.codehaus.groovy.runtime.callsite.AbstractCallSite.call(AbstractCallSite.java:120)
at resources$_run_closure1$_closure53.doCall(resources.groovy:498)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:483)
at org.codehaus.groovy.reflection.CachedMethod.invoke(CachedMethod.java:98)
at groovy.lang.MetaMethod.doMethodInvoke(MetaMethod.java:325)
at org.codehaus.groovy.runtime.metaclass.ClosureMetaClass.invokeMethod(ClosureMetaClass.java:264)
at groovy.lang.MetaClassImpl.invokeMethod(MetaClassImpl.java:1034)
at groovy.lang.Closure.call(Closure.java:418)
at grails.spring.BeanBuilder.invokeBeanDefiningMethod(BeanBuilder.java:708)
at grails.spring.BeanBuilder.invokeMethod(BeanBuilder.java:565)
at org.codehaus.groovy.runtime.metaclass.ClosureMetaClass.invokeOnDelegationObjects(ClosureMetaClass.java:414)
at org.codehaus.groovy.runtime.metaclass.ClosureMetaClass.invokeMethod(ClosureMetaClass.java:338)
at groovy.lang.MetaClassImpl.invokeMethod(MetaClassImpl.java:1034)
at org.codehaus.groovy.runtime.callsite.PogoMetaClassSite.callCurrent(PogoMetaClassSite.java:68)
at org.codehaus.groovy.runtime.callsite.CallSiteArray.defaultCallCurrent(CallSiteArray.java:51)
at org.codehaus.groovy.runtime.callsite.AbstractCallSite.callCurrent(AbstractCallSite.java:157)
at org.codehaus.groovy.runtime.callsite.AbstractCallSite.callCurrent(AbstractCallSite.java:177)
at resources$_run_closure1.doCall(resources.groovy:497)
at resources$_run_closure1.doCall(resources.groovy)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:483)
at org.codehaus.groovy.reflection.CachedMethod.invoke(CachedMethod.java:98)
at groovy.lang.MetaMethod.doMethodInvoke(MetaMethod.java:325)
at org.codehaus.groovy.runtime.metaclass.ClosureMetaClass.invokeMethod(ClosureMetaClass.java:264)
at groovy.lang.MetaClassImpl.invokeMethod(MetaClassImpl.java:1034)
at groovy.lang.Closure.call(Closure.java:418)
at groovy.lang.Closure.call(Closure.java:412)
at grails.spring.BeanBuilder.invokeBeanDefiningClosure(BeanBuilder.java:759)
at grails.spring.BeanBuilder.beans(BeanBuilder.java:588)
at org.grails.spring.RuntimeSpringConfigUtilities.reloadSpringResourcesConfig(RuntimeSpringConfigUtilities.java:103)
at grails.boot.config.GrailsApplicationPostProcessor.postProcessBeanDefinitionRegistry(GrailsApplicationPostProcessor.groovy:181)
at org.springframework.context.support.PostProcessorRegistrationDelegate.invokeBeanDefinitionRegistryPostProcessors(PostProcessorRegistrationDelegate.java:272)
at org.springframework.context.support.PostProcessorRegistrationDelegate.invokeBeanFactoryPostProcessors(PostProcessorRegistrationDelegate.java:122)
at org.springframework.context.support.AbstractApplicationContext.invokeBeanFactoryPostProcessors(AbstractApplicationContext.java:687)
at org.springframework.context.support.AbstractApplicationContext.refresh(AbstractApplicationContext.java:525)
at org.springframework.boot.context.embedded.EmbeddedWebApplicationContext.refresh(EmbeddedWebApplicationContext.java:122)
at org.springframework.boot.SpringApplication.refresh(SpringApplication.java:693)
at org.springframework.boot.SpringApplication.refreshContext(SpringApplication.java:360)
at org.springframework.boot.SpringApplication.run(SpringApplication.java:303)
at grails.boot.GrailsApp.run(GrailsApp.groovy:84)
at grails.boot.GrailsApp.run(GrailsApp.groovy:393)
at grails.boot.GrailsApp.run(GrailsApp.groovy:380)
at grails.boot.GrailsApp$run.call(Unknown Source)
at org.codehaus.groovy.runtime.callsite.CallSiteArray.defaultCall(CallSiteArray.java:47)
at org.codehaus.groovy.runtime.callsite.AbstractCallSite.call(AbstractCallSite.java:116)
at org.codehaus.groovy.runtime.callsite.AbstractCallSite.call(AbstractCallSite.java:136)
at rundeckapp.Application.main(Application.groovy:28)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:483)
at org.springframework.boot.loader.MainMethodRunner.run(MainMethodRunner.java:48)
at org.springframework.boot.loader.Launcher.launch(Launcher.java:87)
at org.springframework.boot.loader.Launcher.launch(Launcher.java:50)
at org.springframework.boot.loader.WarLauncher.main(WarLauncher.java:59)
Caused by: java.io.IOException: Configuration Error:
Line 21: expected [controlFlag]
at sun.security.provider.ConfigFile$Spi.ioException(ConfigFile.java:666)
at sun.security.provider.ConfigFile$Spi.match(ConfigFile.java:572)
at sun.security.provider.ConfigFile$Spi.parseLoginEntry(ConfigFile.java:454)
at sun.security.provider.ConfigFile$Spi.readConfig(ConfigFile.java:427)
at sun.security.provider.ConfigFile$Spi.init(ConfigFile.java:329)
at sun.security.provider.ConfigFile$Spi.init(ConfigFile.java:271)
at sun.security.provider.ConfigFile$Spi.<init>(ConfigFile.java:135)
... 73 common frames omitted
2019-07-29 09:50:26.320 ERROR --- [ main] o.s.boot.SpringApplication : Application startup failed
org.grails.core.exceptions.GrailsConfigurationException: Error loading spring/resources.groovy file: java.io.IOException: Configuration Error:
Line 21: expected [controlFlag]
at grails.boot.config.GrailsApplicationPostProcessor.postProcessBeanDefinitionRegistry(GrailsApplicationPostProcessor.groovy:184)
at org.springframework.context.support.PostProcessorRegistrationDelegate.invokeBeanDefinitionRegistryPostProcessors(PostProcessorRegistrationDelegate.java:272)
at org.springframework.context.support.PostProcessorRegistrationDelegate.invokeBeanFactoryPostProcessors(PostProcessorRegistrationDelegate.java:122)
at org.springframework.context.support.AbstractApplicationContext.invokeBeanFactoryPostProcessors(AbstractApplicationContext.java:687)
at org.springframework.context.support.AbstractApplicationContext.refresh(AbstractApplicationContext.java:525)
at org.springframework.boot.context.embedded.EmbeddedWebApplicationContext.refresh(EmbeddedWebApplicationContext.java:122)
at org.springframework.boot.SpringApplication.refresh(SpringApplication.java:693)
at org.springframework.boot.SpringApplication.refreshContext(SpringApplication.java:360)
at org.springframework.boot.SpringApplication.run(SpringApplication.java:303)
at grails.boot.GrailsApp.run(GrailsApp.groovy:84)
at grails.boot.GrailsApp.run(GrailsApp.groovy:393)
at grails.boot.GrailsApp.run(GrailsApp.groovy:380)
at grails.boot.GrailsApp$run.call(Unknown Source)
at org.codehaus.groovy.runtime.callsite.CallSiteArray.defaultCall(CallSiteArray.java:47)
at org.codehaus.groovy.runtime.callsite.AbstractCallSite.call(AbstractCallSite.java:116)
at org.codehaus.groovy.runtime.callsite.AbstractCallSite.call(AbstractCallSite.java:136)
at rundeckapp.Application.main(Application.groovy:28)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:483)
at org.springframework.boot.loader.MainMethodRunner.run(MainMethodRunner.java:48)
at org.springframework.boot.loader.Launcher.launch(Launcher.java:87)
at org.springframework.boot.loader.Launcher.launch(Launcher.java:50)
at org.springframework.boot.loader.WarLauncher.main(WarLauncher.java:59)
Caused by: java.lang.SecurityException: java.io.IOException: Configuration Error:
Line 21: expected [controlFlag]
at sun.security.provider.ConfigFile$Spi.<init>(ConfigFile.java:137)
at sun.security.provider.ConfigFile.<init>(ConfigFile.java:102)
at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:62)
at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45)
at java.lang.reflect.Constructor.newInstance(Constructor.java:408)
at java.lang.Class.newInstance(Class.java:438)
at javax.security.auth.login.Configuration$2.run(Configuration.java:255)
at javax.security.auth.login.Configuration$2.run(Configuration.java:247)
at java.security.AccessController.doPrivileged(Native Method)
at javax.security.auth.login.Configuration.getConfiguration(Configuration.java:246)
at javax.security.auth.login.Configuration$getConfiguration.call(Unknown Source)
at org.codehaus.groovy.runtime.callsite.CallSiteArray.defaultCall(CallSiteArray.java:47)
at org.codehaus.groovy.runtime.callsite.AbstractCallSite.call(AbstractCallSite.java:116)
at org.codehaus.groovy.runtime.callsite.AbstractCallSite.call(AbstractCallSite.java:120)
at resources$_run_closure1$_closure53.doCall(resources.groovy:498)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:483)
at org.codehaus.groovy.reflection.CachedMethod.invoke(CachedMethod.java:98)
at groovy.lang.MetaMethod.doMethodInvoke(MetaMethod.java:325)
at org.codehaus.groovy.runtime.metaclass.ClosureMetaClass.invokeMethod(ClosureMetaClass.java:264)
at groovy.lang.MetaClassImpl.invokeMethod(MetaClassImpl.java:1034)
at groovy.lang.Closure.call(Closure.java:418)
at grails.spring.BeanBuilder.invokeBeanDefiningMethod(BeanBuilder.java:708)
at grails.spring.BeanBuilder.invokeMethod(BeanBuilder.java:565)
at org.codehaus.groovy.runtime.metaclass.ClosureMetaClass.invokeOnDelegationObjects(ClosureMetaClass.java:414)
at org.codehaus.groovy.runtime.metaclass.ClosureMetaClass.invokeMethod(ClosureMetaClass.java:338)
at groovy.lang.MetaClassImpl.invokeMethod(MetaClassImpl.java:1034)
at org.codehaus.groovy.runtime.callsite.PogoMetaClassSite.callCurrent(PogoMetaClassSite.java:68)
at org.codehaus.groovy.runtime.callsite.CallSiteArray.defaultCallCurrent(CallSiteArray.java:51)
at org.codehaus.groovy.runtime.callsite.AbstractCallSite.callCurrent(AbstractCallSite.java:157)
at org.codehaus.groovy.runtime.callsite.AbstractCallSite.callCurrent(AbstractCallSite.java:177)
at resources$_run_closure1.doCall(resources.groovy:497)
at resources$_run_closure1.doCall(resources.groovy)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:483)
at org.codehaus.groovy.reflection.CachedMethod.invoke(CachedMethod.java:98)
at groovy.lang.MetaMethod.doMethodInvoke(MetaMethod.java:325)
at org.codehaus.groovy.runtime.metaclass.ClosureMetaClass.invokeMethod(ClosureMetaClass.java:264)
at groovy.lang.MetaClassImpl.invokeMethod(MetaClassImpl.java:1034)
at groovy.lang.Closure.call(Closure.java:418)
at groovy.lang.Closure.call(Closure.java:412)
at grails.spring.BeanBuilder.invokeBeanDefiningClosure(BeanBuilder.java:759)
at grails.spring.BeanBuilder.beans(BeanBuilder.java:588)
at org.grails.spring.RuntimeSpringConfigUtilities.reloadSpringResourcesConfig(RuntimeSpringConfigUtilities.java:103)
at grails.boot.config.GrailsApplicationPostProcessor.postProcessBeanDefinitionRegistry(GrailsApplicationPostProcessor.groovy:181)
... 24 common frames omitted
Caused by: java.io.IOException: Configuration Error:
Line 21: expected [controlFlag]
at sun.security.provider.ConfigFile$Spi.ioException(ConfigFile.java:666)
at sun.security.provider.ConfigFile$Spi.match(ConfigFile.java:572)
at sun.security.provider.ConfigFile$Spi.parseLoginEntry(ConfigFile.java:454)
at sun.security.provider.ConfigFile$Spi.readConfig(ConfigFile.java:427)
at sun.security.provider.ConfigFile$Spi.init(ConfigFile.java:329)
at sun.security.provider.ConfigFile$Spi.init(ConfigFile.java:271)
at sun.security.provider.ConfigFile$Spi.<init>(ConfigFile.java:135)
... 73 common frames omitted
Reiner Acuña
Jul 29, 2019, 9:41:52 AM7/29/19
to rundeck-discuss
Hi Marcos,
Probably your jaas-activedirectory.conf is corrupted, check this:
https://github.com/rundeck/rundeck/issues/3761
Make sure that doesn't have a strange character, or possible encode error in your files.
Probably your jaas-activedirectory.conf is corrupted, check this:
https://github.com/rundeck/rundeck/issues/3761
Make sure that doesn't have a strange character, or possible encode error in your files.
Regards!
Marcos Valente
Jul 31, 2019, 9:57:17 AM7/31/19
to rundeck-discuss
Hi Reiner!!
I reinstalled the entire environment, reinstalled JAVA and after that the environment worked perfectly, thanks for the support.
Tks...
Reply all
Reply to author
Forward
0 new messages