Atlas - Certificate for LDAPS connection?

jorge_florencio — Wed, 03 Jan 2018 06:02:58 GMT

Hi folks,

Atlas is unable to authenticate using AD with SSL (unable to find valid certification path to requested target):

2018-01-02 22:56:32,503 ERROR - [pool-2-thread-6:] ~ AD Authentication Failed: (AtlasADAuthenticationProvider:126)
org.springframework.security.authentication.InternalAuthenticationServiceException: simple bind failed: dc01.vlab.local:636; nested exception is javax.naming.CommunicationException: simple bind failed: dc01.vlab.local:636 [Root exception is javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target]
        at org.springframework.security.ldap.authentication.LdapAuthenticationProvider.doAuthentication(LdapAuthenticationProvider.java:206)
        at org.springframework.security.ldap.authentication.AbstractLdapAuthenticationProvider.authenticate(AbstractLdapAuthenticationProvider.java:85)
        at org.apache.atlas.web.security.AtlasADAuthenticationProvider.getADBindAuthentication(AtlasADAuthenticationProvider.java:116)
        at org.apache.atlas.web.security.AtlasADAuthenticationProvider.authenticate(AtlasADAuthenticationProvider.java:64)
        at org.apache.atlas.web.security.AtlasAuthenticationProvider.authenticate(AtlasAuthenticationProvider.java:109)
        at org.springframework.security.authentication.ProviderManager.authenticate(ProviderManager.java:174)
        at org.springframework.security.authentication.ProviderManager.authenticate(ProviderManager.java:199)
        at org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter.attemptAuthentication(UsernamePasswordAuthenticationFilter.java:94)
        at org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:212)
        at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331)
        at org.springframework.security.web.authentication.logout.LogoutFilter.doFilter(LogoutFilter.java:116)
        at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331)
        at org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:105)
        at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331)
        at org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter.doFilterInternal(WebAsyncManagerIntegrationFilter.java:56)
        at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
        at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331)
        at org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:214)
        at org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:177)
        at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:346)
        at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:262)
        at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1652)
        at org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:585)
        at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:143)
        at org.eclipse.jetty.security.SecurityHandler.handle(SecurityHandler.java:577)
        at org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:223)
        at org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1127)
        at org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:515)
        at org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:185)
        at org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1061)
        at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:141)
        at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:97)
        at org.eclipse.jetty.server.Server.handle(Server.java:499)
        at org.eclipse.jetty.server.HttpChannel.handle(HttpChannel.java:310)
        at org.eclipse.jetty.server.HttpConnection.onFillable(HttpConnection.java:257)
        at org.eclipse.jetty.io.AbstractConnection$2.run(AbstractConnection.java:540)
        at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
        at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
        at java.lang.Thread.run(Thread.java:745)

Where can I configure the path to the certificate store containing CA root certificate ?

Many thanks in advance,

Jorge

Re: Atlas - Certificate for LDAPS connection?

nixonrodrigues — Thu, 04 Jan 2018 13:56:50 GMT

@Jorge Florencio,

Can you check this article for setting up LDAPS with Atlas

https://community.hortonworks.com/content/kbentry/148958/steps-to-setup-atlas-with-ldaps-ssl.html

Re: Atlas - Certificate for LDAPS connection?

jorge_florencio — Thu, 04 Jan 2018 17:51:07 GMT

Perfect, it worked!

Thank you!!

question Re: Atlas - Certificate for LDAPS connection? in Archives of Support Questions (Read Only)

Atlas - Certificate for LDAPS connection?

Re: Atlas - Certificate for LDAPS connection?

Re: Atlas - Certificate for LDAPS connection?