Failed to load auth plugin Neo4j version 4.2

Neo4j Graph Platform
1

Hi All,

We've created our own auth plugin in Java to authenticate against Oauth2 of Azure.
This is working fine with Neo4j 3.5.18. We're planning to migrate to Neo4j v4.2 and running into an issue when trying to use our plugin.

A simple local test with docker-compose to fire up Neo4j 4.2 with a volume mount to contain our auth plugin:

version: '3'
services:
  neo4j:
    ports:
      - "7474:7474"
      - "7687:7687"
    container_name: neo4j
    volumes:
      - ./deployment/neo4j4_plugins:/var/lib/neo4j/plugins/
    environment:
      NEO4J_dbms_security_authentication__providers: "plugin-com.acme.authplugin.AadAuthPlugin"
      NEO4J_ACCEPT_LICENSE_AGREEMENT: "yes"
    image: "neo4j:4.2.3-enterprise"

is giving us the error:

neo4j    | 2021-03-02 14:54:41.498+0000 ERROR Failed to start Neo4j on dbms.connector.http.listen_address, a socket address. If missing port or hostname it is acquired from dbms.default_listen_address.
neo4j    | java.lang.IllegalArgumentException: Illegal configuration: Failed to load auth plugin 'plugin-com.acme.authplugin.AadAuthPlugin'.
neo4j    |      at com.neo4j.server.security.enterprise.EnterpriseSecurityModule.illegalConfiguration(EnterpriseSecurityModule.java:399) ~[neo4j-security-enterprise-4.2.3.jar:4.2.3]
neo4j    |      at com.neo4j.server.security.enterprise.EnterpriseSecurityModule.createPluginRealms(EnterpriseSecurityModule.java:342) ~[neo4j-security-enterprise-4.2.3.jar:4.2.3]

Has anyone had the same issue and maybe a fix?

I saw that there was a 4.0 example version of the auth-plugin on github, but is left in unmerged branch. GitHub - neo4j/neo4j-example-auth-plugins at 4.0

Any help is very much appreciated.

Kind regards,

Peter

2

from the error is speaks of

neo4j    | java.lang.IllegalArgumentException: Illegal configuration: Failed to load auth plugin 'plugin-com.[our organisationname].authplugin.AadAuthPlugin'.

is [our organisationname] the actual text of the error or have you simply replaced this with its actual value. For example does the actual error report

neo4j    | java.lang.IllegalArgumentException: Illegal configuration: Failed to load auth plugin 'plugin-com.acme.authplugin.AadAuthPlugin'.

for example and whereby your organization is 'acme'

3

Hi Dana,

In the actual message it's a correct value ;-) I replaced it by acme.

Kind regards,

Peter

4

I figured it out with some help of a Neo4J employee.
In the resources directory, change the filename in the directory META-INF.services to:
com.neo4j.server.security.enterprise.auth.plugin.spi.AuthPlugin

(was: org.neo4j.server.security.enterprise.auth.plugin.spi.AuthPlugin)

Add the dependency and registry to the pom.xml file:

        <dependency>
            <groupId>com.neo4j</groupId>
            <artifactId>neo4j-security-enterprise</artifactId>
            <version>4.0.0</version>
            <scope>provided</scope>
		</dependency>

	<repositories>
		<repository>
			<snapshots>
				<enabled>false</enabled>
			</snapshots>
			<id>neo4j-enterprise</id>
			<name>Neo4j Enterprise Artifacts</name>
			<url>[neo4j's enterprise maven repository URL]</url>
		</repository>
	</repositories>

Add credentials to your settings.xml. These credentials and neo4j enterprise maven URL can be obtained from Neo4j (probably enterprise customers only, since the auth plugin only works with enterprise version).

Thanks and regards,

Peter