Uploaded image for project: 'OpenAM'
  1. OpenAM
  2. OPENAM-10233

Authentication failing when multiple datastores in realm

    XMLWordPrintable

    Details

    • Support Ticket IDs:

      Description

      When trying to log into a subrealm with multiple user datastores configured authentication requests fail with an HTTP-401 (Unauthorized) error saying "Your account has been locked."

      Looking at the user in the subjects tab, the account has in fact not been locked.

      To reproduce

      • Set up OpenDJ with sample users
      • Log into OpenAM as amadmin
      • Create a subrealm
      • Add OpenDJ as a user datastore (along with embedded)
      • In a private browsing session log in as demo/changeit
        Expected
      • Authentication success, and demo user profile shown
        Actual
      • "Your account has been locked." Error message and no token.

      This is coming out of the POST request to http://openam.example.com:8080/openam/json/realms/root/realms/alt/authenticate?realm=/alt
      from the XUI request.

      This also occurs if you try and log in as user.1 (i.e. DJ User store rather than embedded). Removing either datastore then allows authentication to proceed.

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                jonthomas Jonathan Thomas
                Reporter:
                samdrew Sam Drew [X] (Inactive)
              • Votes:
                0 Vote for this issue
                Watchers:
                5 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: