Have you tried the ActiveDriectoryRealm? org.apache.shiro.realm.activedirectory.ActiveDirectoryRealm
You don't need to pre hash passwords, the Realms will handle that for you. In fact, normally you never need to deal with logging in/out directly either, the ShiroFilter (when set up correctly) does all of this for you. On Thu, Feb 13, 2020 at 7:40 PM rick3ry <[email protected]> wrote: > I was able to get authenticated to our Windows domain server using simple > LDAP using the following: > > [main] > ldapRealm = org.apache.shiro.realm.ldap.DefaultLdapRealm > ldapRealm.contextFactory.url = ldap://mydc.mydomain.com:389 > ldapRealm.contextFactory.authenticationMechanism = simple > securityManager.realms = $ldapRealm > > > public static void main(String[] args) { > Factory<SecurityManager> factory = new > IniSecurityManagerFactory("classpath:shiroldap2.ini"); > SecurityManager securityManager = factory.getInstance(); > > AuthenticationToken AT = new > UsernamePasswordToken("[email protected]", "pwd", false); > AuthenticationInfo authenticationInfo = > securityManager.authenticate(AT); > } > > > I would like to do the same with DIGEST-MD5. I used several types of > authenticationMechanisms until the DC answered with something other than a > bad protocol error, now I am failing to authenticate, so I am guessing the > protocol is OK. I'm hoping the problem is just the way I am hashing the > password. Here is what I have that is failing: > > [main] > ldapRealm = org.apache.shiro.realm.ldap.DefaultLdapRealm > ldapRealm.contextFactory.url = ldap://mydc.mydomain.com:389 > ldapRealm.contextFactory.authenticationMechanism = DIGEST-MD5 > securityManager.realms = $ldapRealm > > public static void main(String[] args) { > Factory<SecurityManager> factory = new > IniSecurityManagerFactory("classpath:shiroldap3.ini"); > SecurityManager securityManager = factory.getInstance(); > > String salt="7road"; > String hex = new Md5Hash("pwd",salt).toHex(); > AuthenticationToken AT = new > UsernamePasswordToken("[email protected]", hex, false); > AuthenticationInfo authenticationInfo = > securityManager.authenticate(AT); > > > > > > -- > Sent from: http://shiro-user.582556.n2.nabble.com/ >
