How to configure jaas.conf to use mysql backend authentication?

[fciannella]

After a clean install of the docker container with the latest version, and inserting a user in the mysql database, I get this error when I try to login to the frontend ui.

wherehows-frontend_1       | 2018-08-01 22:43:12 WARN  application:390 - Authentication error!
wherehows-frontend_1       | javax.naming.AuthenticationException: javax.security.auth.login.LoginException: No LoginModules configured for WHZ-Authentication
wherehows-frontend_1       |    at security.AuthenticationManager.authenticateUser(AuthenticationManager.java:38) ~[wherehows-frontend.jar:na]
wherehows-frontend_1       |    at controllers.Application.authenticate(Application.java:388) ~[wherehows-frontend.jar:na]
wherehows-frontend_1       |    at router.Routes$$anonfun$routes$1$$anonfun$applyOrElse$7$$anonfun$apply$7.apply(Routes.scala:3006) [wherehows-frontend.jar:na]

Is there a way to configure the jaas.conf to use the mysql backend?

[jywadhwani]

The sample config provided in jaas.conf uses LDAP. I am sure there are other modules that use MySQL database (ex: https://developer.jboss.org/thread/42212). Could you try using this module or others available for your use case?

[fciannella]

I can set up an ldap server, but it would be nice to have some documentation on how to configure other authentication methods. I suppose that the purpose of adding the jaas feature is to use multiple authentication methods.

[jywadhwani]

Some links that may be useful
https://docs.oracle.com/javase/8/docs/technotes/guides/security/jaas/JAASRefGuide.html
https://docs.oracle.com/javase/7/docs/technotes/guides/security/jaas/tutorials/GeneralAcnOnly.html
LDAP module: https://docs.oracle.com/javase/8/docs/jre/api/security/jaas/spec/com/sun/security/auth/module/LdapLoginModule.html
We will add them to README file as well.

[fciannella]

I have configured an LDAP server now, and I have added it to the .env file in a docker container deployment. This is how it looks like:

LDAP

WHZ_LDAP_URL=ldap://172.17.0.1:389
WHZ_LDAP_PRINCIPAL_DOMAIN=@dsx.com
WHZ_LDAP_SEARCH_BASE=ou=People,dc=dsx,dc=com

When I do the docker-compose up I don't think that this configuration is taken up. I have the following in the logs when I try to login from the frontend UI:

wherehows-frontend_1 | 2018/08/02 22:28:18 Received 200 from http://wherehows-elasticsearch:9200
wherehows-frontend_1 | 2018-08-02 22:28:20 INFO p.a.Play:97 - Application started (Prod)
wherehows-frontend_1 | 2018-08-02 22:28:20 INFO p.c.s.NettyServer:165 - Listening for HTTP on /0.0.0.0:9000
wherehows-frontend_1 | 2018-08-02 22:29:50 INFO application:118 - Creating DAO factory: wherehows.dao.DaoFactory
wherehows-frontend_1 | 2018-08-02 22:29:51 ERROR application:263 - Piwik site ID must be an integer
wherehows-frontend_1 | 2018-08-02 22:29:57 WARN application:390 - Authentication error!
wherehows-frontend_1 | javax.naming.AuthenticationException: javax.security.auth.login.LoginException: No LoginModules configured for WHZ-Authentication
wherehows-frontend_1 | at security.AuthenticationManager.authenticateUser(AuthenticationManager.java:38) ~[wherehows-frontend.jar:na]
wherehows-frontend_1 | at controllers.Application.authenticate(Application.java:388) ~[wherehows-frontend.jar:na]
wherehows-frontend_1 | at router.Routes$$anonfun$routes$1$$anonfun$applyOrElse$7$$anonfun$apply$7.apply(Routes.scala:3006) [wherehows-frontend.jar:na]

[fciannella]

Where am I supposed to add the ldap servr configuration in the docker deployment? Is it in the jaas.conf? But if I do it there, then how do I restart the server to have the configuration taken up?

[jywadhwani]

Yes, the ldap server is configured in jaas.conf. The error "No LoginModules configured for WHZ-Authentication" is probably because the app is not able to pick up this config file. Please try restarting your server.

[fciannella]

How do I restart the server inside the docker container?

[jywadhwani]

Using the standard docker commands? https://docs.docker.com/engine/reference/commandline/restart/

[sarthakdev90]

I'm getting that error too, and have tried restarting the container. Has this resolved for you, @fciannel?

[Ravion]

All,
The links that jaywadhani provided is not enough. Kindly tell us with a sample jaas.conf ho to configure DummyLoginModule. Trying for last couple of days, no luck. Please help.

[Ravion]

wherehows-frontend_1 | javax.naming.AuthenticationException: javax.security.auth.login.LoginException: No LoginModules configured for WHZ-Authentication

[virivigio]

Same problem. I'm using the docker compose version, does it make any difference?

[tonglin0325]

Same problem. javax.naming.AuthenticationException: javax.security.auth.login.LoginException: 没有为WHZ-Authentication配置 LoginModules

[mbd-dbc-dk]

Same problem here, after adding a user to the mysql database (not using LDAP), as explained in #874 .

Some partial progress. Added this to the frontend docker file:
ENV JAVA_OPTS -Djava.security.auth.login.config=/application/conf/jaas.conf

(Got info from https://docs.oracle.com/javase/7/docs/technotes/guides/security/jgss/tutorials/LoginConfigFile.html).

Using a registerede user (again, #874), I can get through the auth, but gets

"
We encountered an error

SyntaxError: JSON.parse: unexpected character at line 3 column 1 of the JSON data
"
in the GUI, gets this in the logs:

wherehows-frontend_1       | play.api.UnexpectedException: Unexpected exception[UnsupportedOperationException: Operation not implemented]
wherehows-frontend_1       |    at play.api.http.HttpErrorHandlerExceptions$.throwableToUsefulException(HttpErrorHandler.scala:261) ~[com.typesafe.play-play_2.11-2.4.11.jar:2.4.11]
wherehows-frontend_1       |    at play.api.http.DefaultHttpErrorHandler.onServerError(HttpErrorHandler.scala:191) ~[com.typesafe.play-play_2.11-2.4.11.jar:2.4.11]
wherehows-frontend_1       |    at play.api.GlobalSettings$class.onError(GlobalSettings.scala:179) [com.typesafe.play-play_2.11-2.4.11.jar:2.4.11]
wherehows-frontend_1       |    at play.api.DefaultGlobal$.onError(GlobalSettings.scala:212) [com.typesafe.play-play_2.11-2.4.11.jar:2.4.11]
wherehows-frontend_1       |    at play.api.http.GlobalSettingsHttpErrorHandler.onServerError(HttpErrorHandler.scala:94) [com.typesafe.play-play_2.11-2.4.11.jar:2.4.11]
wherehows-frontend_1       |    at play.core.server.netty.PlayDefaultUpstreamHandler$$anonfun$9$$anonfun$apply$1.applyOrElse(PlayDefaultUpstreamHandler.scala:162) [com.typesafe.play-play-netty-server_2.11-2.4.11.jar:2.4.11]
wherehows-frontend_1       |    at play.core.server.netty.PlayDefaultUpstreamHandler$$anonfun$9$$anonfun$apply$1.applyOrElse(PlayDefaultUpstreamHandler.scala:159) [com.typesafe.play-play-netty-server_2.11-2.4.11.jar:2.4.11]
wherehows-frontend_1       |    at scala.runtime.AbstractPartialFunction.apply(AbstractPartialFunction.scala:36) [org.scala-lang-scala-library-2.11.6.jar:na]
wherehows-frontend_1       |    at scala.util.Failure$$anonfun$recover$1.apply(Try.scala:215) [org.scala-lang-scala-library-2.11.6.jar:na]
wherehows-frontend_1       |    at scala.util.Try$.apply(Try.scala:191) [org.scala-lang-scala-library-2.11.6.jar:na]
wherehows-frontend_1       |    at scala.util.Failure.recover(Try.scala:215) [org.scala-lang-scala-library-2.11.6.jar:na]
wherehows-frontend_1       |    at scala.concurrent.Future$$anonfun$recover$1.apply(Future.scala:324) [org.scala-lang-scala-library-2.11.6.jar:na]
wherehows-frontend_1       |    at scala.concurrent.Future$$anonfun$recover$1.apply(Future.scala:324) [org.scala-lang-scala-library-2.11.6.jar:na]
wherehows-frontend_1       |    at scala.concurrent.impl.CallbackRunnable.run(Promise.scala:32) [org.scala-lang-scala-library-2.11.6.jar:na]
wherehows-frontend_1       |    at play.api.libs.iteratee.Execution$trampoline$.executeScheduled(Execution.scala:109) [com.typesafe.play-play-iteratees_2.11-2.4.11.jar:2.4.11]
wherehows-frontend_1       |    at play.api.libs.iteratee.Execution$trampoline$.execute(Execution.scala:71) [com.typesafe.play-play-iteratees_2.11-2.4.11.jar:2.4.11]
wherehows-frontend_1       |    at scala.concurrent.impl.CallbackRunnable.executeWithValue(Promise.scala:40) [org.scala-lang-scala-library-2.11.6.jar:na]
wherehows-frontend_1       |    at scala.concurrent.impl.Promise$DefaultPromise.tryComplete(Promise.scala:248) [org.scala-lang-scala-library-2.11.6.jar:na]
wherehows-frontend_1       |    at scala.concurrent.Promise$class.complete(Promise.scala:55) [org.scala-lang-scala-library-2.11.6.jar:na]
wherehows-frontend_1       |    at scala.concurrent.impl.Promise$DefaultPromise.complete(Promise.scala:153) [org.scala-lang-scala-library-2.11.6.jar:na]
wherehows-frontend_1       |    at scala.concurrent.impl.Future$PromiseCompletingRunnable.run(Future.scala:23) [org.scala-lang-scala-library-2.11.6.jar:na]
wherehows-frontend_1       |    at play.core.j.HttpExecutionContext$$anon$2.run(HttpExecutionContext.scala:40) [com.typesafe.play-play_2.11-2.4.11.jar:2.4.11]
wherehows-frontend_1       |    at akka.dispatch.TaskInvocation.run(AbstractDispatcher.scala:40) [com.typesafe.akka-akka-actor_2.11-2.3.13.jar:na]
wherehows-frontend_1       |    at akka.dispatch.ForkJoinExecutorConfigurator$AkkaForkJoinTask.exec(AbstractDispatcher.scala:397) [com.typesafe.akka-akka-actor_2.11-2.3.13.jar:na]
wherehows-frontend_1       |    at scala.concurrent.forkjoin.ForkJoinTask.doExec(ForkJoinTask.java:260) [org.scala-lang-scala-library-2.11.6.jar:na]
wherehows-frontend_1       |    at scala.concurrent.forkjoin.ForkJoinPool$WorkQueue.runTask(ForkJoinPool.java:1339) [org.scala-lang-scala-library-2.11.6.jar:na]
wherehows-frontend_1       |    at scala.concurrent.forkjoin.ForkJoinPool.runWorker(ForkJoinPool.java:1979) [org.scala-lang-scala-library-2.11.6.jar:na]
wherehows-frontend_1       |    at scala.concurrent.forkjoin.ForkJoinWorkerThread.run(ForkJoinWorkerThread.java:107) [org.scala-lang-scala-library-2.11.6.jar:na]
wherehows-frontend_1       | Caused by: java.lang.UnsupportedOperationException: Operation not implemented
wherehows-frontend_1       |    at wherehows.dao.view.DataTypesViewDao.getAllPlatforms(DataTypesViewDao.java:38) ~[wherehows-dao-wherehows-dao.jar:na]
wherehows-frontend_1       |    at controllers.api.v2.Dataset.lambda$listSegments$1(Dataset.java:97) ~[wherehows-frontend.jar:na]
wherehows-frontend_1       |    at play.core.j.FPromiseHelper$$anonfun$promise$2.apply(FPromiseHelper.scala:36) ~[com.typesafe.play-play_2.11-2.4.11.jar:2.4.11]
wherehows-frontend_1       |    at scala.concurrent.impl.Future$PromiseCompletingRunnable.liftedTree1$1(Future.scala:24) [org.scala-lang-scala-library-2.11.6.jar:na]
wherehows-frontend_1       |    at scala.concurrent.impl.Future$PromiseCompletingRunnable.run(Future.scala:24) [org.scala-lang-scala-library-2.11.6.jar:na]
wherehows-frontend_1       |    ... 7 common frames omitted

So, no dice there. LDAP still enabled - perhaps that needs to go?

[sauravGit]

Above issue has been fixed? Shall we use only WHZ-Authentication {
security.DummyLoginModule sufficient; }; ? I am trying to bring it up on docker. I am not able to login

[tonglin0325]

Please try tag v1.0.0 @sauravGit

[mbd-dbc-dk]

@tonglin0325 - could you provide an url for the branch/tag/something, in order to eliminate the potential for confusion (my end). Thanks in advance.

[tonglin0325]

git tag -l

v0.0.1
v0.2.0
v0.2.1
v1.0.0
v1.1.0

git checkout v1.0.0
@mbd-dbc-dk

[mbd-dbc-dk]

Thanks! That is on the main branch, then, I take it.

[sauravGit]

Thank you @mbd-dbc-dk . Will try it.

[sauravGit]

@mbd-dbc-dk : I tried inserting the records in users table. Still it not working

mysql> select * from users;
+----+-------------+-------------------+----------+-------------------+------------------------------------------+----------------------+--------------------------+---------------------+
| id | name | email | username | department_number | password_digest | password_digest_type | ext_directory_ref_app_id | authentication_type |
+----+-------------+-------------------+----------+-------------------+------------------------------------------+----------------------+--------------------------+---------------------+
| 1 | Paul | spau0004@XXXX.com | Paul | NULL | d033e22ae348aeb5660fc2140aec35850c4da997 | SHA1 | NULL | default |

[mbd-dbc-dk]

@sauravGit : To get a user into the local database, I used the method from #874:

INSERT INTO wherehows.users (name, email, username, password_digest, password_digest_type, authentication_type) VALUES ('Your Name', 'username@domain.com', 'YourUsername, SHA1('YourPassword'), 'SHA1', 'default');

Seems you have done the same(?), so not sure what the problem is. However, to get the frontend to use the passwordbased auth mechanism, I added

ENV JAVA_OPTS -Djava.security.auth.login.config=/application/conf/jaas.conf

to the frontend Dockerfile. I was then able to get through the auth without LDAP, but then got an error (see above). I have not been able to test it further since then. Hoping to by the end of next month.

[LennartRoeder]

The Insert together with the JAVA_OPTS mentioned by @mbd-dbc-dk worked.

However, this is terrible from a workflow standpoint. Why do I have to build the dockerfile myself and why is there no default user or better let me create a user on first access?

[keremsahin1]

Dear issue owner,

Thanks for your interest in WhereHows. We have recently announced DataHub which is the rebranding of WhereHows. LinkedIn improved the architecture of WhereHows and rebranded WhereHows into DataHub and replaced its metadata infrastructure in this direction. DataHub is a more advanced and improved metadata management product compared to WhereHows.

Unfortunately, we have to stop supporting WhereHows to better focus on DataHub and offer more help to DataHub users. Therefore, we will drop all issues related to WhereHows and will not accept any contribution for it. Active development for DataHub has already started on datahub branch and will continue to live in there until it's finally merged to master and project is renamed to DataHub.

Please check the datahub branch to get familar with DataHub.

Best,
DataHub team