-
Bug
-
Resolution: Unresolved
-
Low
-
None
-
4.2.3
-
None
-
8
-
Severity 3 - Minor
-
5
-
Problem
When Crowd loses connectivity with LDAP, whenever an authentication call is done by an application to Crowd and goes to that delegated LDAP, will have an invalid credentials error happening.
Environment
Crowd 4.2.3
Delegated LDAP
Other LDAP directories connected
An application connected to Crowd
Steps to Reproduce
Have an application using Crowd for authentication.
Have crowd using a delegated LDAP and other directories available
Have the connection between Crowd and the delegated LDAP lost or broken
Have an authentication request coming from the application connected to the crowd for a user present on the delegated LDAP
The crowd will try to authenticate against the delegated LDAP, after identifying the unavailability, will start to try it against all others directories, spamming "invalid credentials"
Which will trigger captcha on the applications of origin.
Expected Results
Have crowd return authentication unavailable at the time or time out of the request.
Actual Results
Try to authenticate on any of the directories and cache of Crowd and reply with invalid credentials, triggering captcha and locking the account on connected applications.
2021-07-19 17:11:22,534 http-nio-8300-exec-58 ERROR [crowd.manager.application.ApplicationServiceGeneric] Directory 'LDAP' is not functional during authentication of 'USER'. Skipped. 2021-07-19 17:11:22,563 http-nio-8300-exec-58 INFO [crowd.manager.application.ApplicationServiceGeneric] Invalid credentials for user USER in directory Internal Crowd, aborting 2021-07-19 17:11:24,548 http-nio-8300-exec-32 ERROR [crowd.manager.application.ApplicationServiceGeneric] Directory 'LDAP' is not functional during authentication of 'USER'. Skipped. 2021-07-19 17:11:24,580 http-nio-8300-exec-32 INFO [crowd.manager.application.ApplicationServiceGeneric] Invalid credentials for user USER in directory Internal Crowd, aborting 2021-07-19 17:11:27,504 https-jsse-nio-8301-exec-15 ERROR [crowd.manager.application.ApplicationServiceGeneric] Directory 'LDAP' is not functional during authentication of 'USER'. Skipped. 2021-07-19 17:11:27,537 https-jsse-nio-8301-exec-15 INFO [crowd.manager.application.ApplicationServiceGeneric] Invalid credentials for user USER in directory Internal Crowd, aborting 2021-07-19 17:11:28,036 http-nio-8300-exec-43 ERROR [crowd.manager.application.ApplicationServiceGeneric] Directory 'LDAP' is not functional during authentication of 'USER'. Skipped.
Workaround
Have captcha disabled on the application connected to crowd or disable all of the automation from generating authentication requests during the time frame where the LDAP is not available.
[CWD-5730] Crowd throws invalid credentials when not able to access delegated LDAP
| UIS | Original: 10 | New: 5 |
| Support reference count | Original: 7 | New: 8 |
| UIS | Original: 4 | New: 10 |
| UIS | Original: 3 | New: 4 |
| Support reference count | Original: 6 | New: 7 |
| UIS | Original: 4 | New: 3 |
| UIS | Original: 3 | New: 4 |
| UIS | Original: 0 | New: 3 |
| Support reference count | Original: 5 | New: 6 |
| UIS | Original: 1 | New: 0 |