Microsoft introduced a 'LdapEnforceChannelBinding' option requiring clients to provide channel binding information in order to connect to AD over SSL/TLS. After this has enabled in AD, Java applications which use Kerberos/ LDAP authentication receive following error from the server.
javax.naming.AuthenticationException: [LDAP: error code 49 - 80090346: LdapErr: DSID-0C09056D, comment: AcceptSecurityContext error, data 80090346, v2580
My code uses LoginContext to authenticate and DirContext with GSSAPI security mechanism.
Is there a way to enable channel binding in Java code to fix this issue?
This is a known issue with OpenJDK and is supposedly implemented in JDK 16 which is in early access but is planned to be backported to JDK 8, though I haven't gotten it to work yet.
Here is the bug report: https://bugs.openjdk.java.net/browse/JDK-8245527
See my issue here for more details. LDAPS Channel Binding with GSS
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With