LDAPS authentication to Active Directory and certificate validation · lmenezes/cerebro#432

(4 comments) (0 reactions) (0 assignees)JavaScript (5,411 stars) (721 forks)batch import

help wantedquestion

Description

We are configuring Cerebro to autheticate users by LDAP on Active directory, but authetication fails with: Caused by: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

we tried to disable certification validation with these parameters in application.conf: play.ws.ssl.loose.allowWeakCiphers = true play.ws.ssl.loose.allowWeakProtocols = true play.ws.ssl.loose.acceptAnyCertificate = true play.ws.ssl.loose.disableHostnameVerification = true

Cerebro continues to check certificate and fails authentcation.

we tried to debug problem by play.ws.ssl.debug.all = true but cerebro fails to start

Any idea?

Contributor guide

Tech stack: java
Domain: backendsecurity
Issue type: bug
Difficulty: 3
Estimated time: 1-2 days
Activity status: stale
Clarity: mostly clear
Prerequisites: Basic SSL/TLS knowledgePlay Framework config familiarity
Newbie friendliness: 30
Research direction: Investigate how Cerebro's LDAP authentication module handles SSL configuration. Look at the Play framework SSL settings in application.conf, particularly whether the loose settings are being overridden or ignored. Check the LDAP authentication code for certificate validation logic. Search for similar issues or commits related to SSL configuration. Examine the conf/application.conf file for any missing or conflicting settings.