cerebro icon indicating copy to clipboard operation
cerebro copied to clipboard

Published 20 hours ago verified publisher icon lmenezes

LDAPS authentication to Active Directory and certificate validation

Open mmusolesi opened this issue 4 years ago • 4 comments

We are configuring Cerebro to autheticate users by LDAP on Active directory, but authetication fails with: Caused by: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

we tried to disable certification validation with these parameters in application.conf: play.ws.ssl.loose.allowWeakCiphers = true play.ws.ssl.loose.allowWeakProtocols = true play.ws.ssl.loose.acceptAnyCertificate = true play.ws.ssl.loose.disableHostnameVerification = true

Cerebro continues to check certificate and fails authentcation.

we tried to debug problem by play.ws.ssl.debug.all = true but cerebro fails to start

Any idea?

mmusolesi avatar Mar 20 '20 19:03 mmusolesi

Hi, Have you found some workaround? I've tried to run /opt/cerebro/bin/cerebro -Dcom.sun.net.ssl.checkRevocation=false, but it does not work. Thank you

mkurtak avatar Jul 01 '20 12:07 mkurtak

Hi,

no way, I do not yet find a solution.

I noted to try again by using a trustmanager (see https://www.playframework.com/documentation/2.5.x/WSQuickStart)

but I had no time. I'll do as soon

Kind Regards

mmusolesi avatar Jul 01 '20 12:07 mmusolesi

Hi, I've found a workaround:

  1. Create truststore with command keytool -import -alias myalias -keystore my.keystore -trustcacerts -file your-certificate.cer
  2. Run cerebro with created keystore ./bin/cerebro -Djavax.net.ssl.trustStore=./conf/my.keystore -Djavax.net.ssl.trustStorePassword=your-password

mkurtak avatar Jul 02 '20 07:07 mkurtak

HiHo, Could you paste your config? If i switch to sasl it wont work for me.

ogger avatar Dec 04 '20 13:12 ogger