@Override protected AuthenticationHandlerExecutionResult authenticateUsernamePasswordInternal(final UsernamePasswordCredential upc, final String originalPassword) throws GeneralSecurityException, PreventedException { val response = getLdapAuthenticationResponse(upc); LOGGER.debug("LDAP response: [{}]", response); if (!passwordPolicyHandlingStrategy.supports(response)) { LOGGER.warn("Authentication has failed because LDAP password policy handling strategy [{}] cannot handle [{}].", response, passwordPolicyHandlingStrategy.getClass().getSimpleName()); throw new FailedLoginException("Invalid credentials"); } LOGGER.debug("Attempting to examine and handle LDAP password policy via [{}]", passwordPolicyHandlingStrategy.getClass().getSimpleName()); val messageList = passwordPolicyHandlingStrategy.handle(response, getPasswordPolicyConfiguration()); if (response.getResult()) { LOGGER.debug("LDAP response returned a result. Creating the final LDAP principal"); val principal = createPrincipal(upc.getUsername(), response.getLdapEntry()); return createHandlerResult(upc, principal, messageList); } if (AuthenticationResultCode.DN_RESOLUTION_FAILURE == response.getAuthenticationResultCode()) { LOGGER.warn("DN resolution failed. [{}]", response.getMessage()); throw new AccountNotFoundException(upc.getUsername() + " not found."); } throw new FailedLoginException("Invalid credentials"); }
@Override public void validate(final UsernamePasswordCredentials credentials, final WebContext context) { init(); final String username = credentials.getUsername(); CommonHelper.assertNotBlank(Pac4jConstants.USERNAME, username); final AuthenticationResponse response; try { logger.debug("Attempting LDAP authentication for: {}", credentials); final List<String> attributesToRead = defineAttributesToRead(); final AuthenticationRequest request = new AuthenticationRequest(username, new Credential(credentials.getPassword()), attributesToRead.toArray(new String[attributesToRead.size()])); response = this.ldapAuthenticator.authenticate(request); } catch (final LdapException e) { throw new TechnicalException("Unexpected LDAP error", e); } logger.debug("LDAP response: {}", response); if (response.getResult()) { final LdapEntry entry = response.getLdapEntry(); final List<Map<String, Object>> listAttributes = new ArrayList<>(); listAttributes.add(getAttributesFromEntry(entry)); final LdapProfile profile = convertAttributesToProfile(listAttributes, username); credentials.setUserProfile(profile); return; } if (AuthenticationResultCode.DN_RESOLUTION_FAILURE == response.getAuthenticationResultCode()) { throw new AccountNotFoundException(username + " not found"); } throw new BadCredentialsException("Invalid credentials for: " + username); }
if (AuthenticationResultCode.DN_RESOLUTION_FAILURE == response.getAuthenticationResultCode()) { logger.warn("DN resolution failed. {}", response.getMessage()); throw new AccountNotFoundException(upc.getUsername() + " not found.");
authenticationContext.getSubcontext(LDAPResponseContext.class, true) .setAuthenticationResponse(response); if (AuthenticationResultCode.DN_RESOLUTION_FAILURE == response.getAuthenticationResultCode() || AuthenticationResultCode.INVALID_CREDENTIAL == response.getAuthenticationResultCode()) { handleError(profileRequestContext, authenticationContext, String.format("%s:%s", response.getAuthenticationResultCode(), response.getMessage()), AuthnEventIds.INVALID_CREDENTIALS); recordFailure(profileRequestContext, true);