Uploaded image for project: 'OpenAM'
  1. OpenAM
  2. OPENAM-10971

FR-OATH auth module can not be used in auth chain if the username in sharedstate map does not 'match' the search attribute of the data store

    Details

    • Sprint:
      AM Sustaining Sprint 36, AM Sustaining Sprint 37, AM Sustaining Sprint 38
    • Story Points:
      2
    • Support Ticket IDs:

      Description

      Steps to reproduce
      configure LDAP data store with 'uid' as 'user search attribute'
      configure ldap auth module with 'mail' as 'Attributes Used to Search for a User to be Authenticated'
      configure OATH auth module
      configure auth chain with required modules LDAP + FR-OATH
      'javax.security.auth.login.name' in shared state map will be set to email address entered for LDAP auth.
      OATH checkOTP method fails as the user identity can not be found.
      Data store will not be able to find the entry as the search attribute is set to 'uid'.

      amAuth:03/27/2017 10:11:50:432 AM BST: Thread[http-bio-8080-exec-13,5,main]: TransactionId[f2a39421-e2fb-44b5-aa0b-bf1106a984fa-876]
Error during login..
amAuth:03/27/2017 10:11:50:432 AM BST: Thread[http-bio-8080-exec-13,5,main]: TransactionId[f2a39421-e2fb-44b5-aa0b-bf1106a984fa-876]
Exception
javax.security.auth.login.LoginException: java.lang.NullPointerException
        at org.forgerock.openam.authentication.modules.fr.oath.AuthenticatorOATH.init(AuthenticatorOATH.java:208)
        at com.sun.identity.authentication.spi.AMLoginModule.initialize(AMLoginModule.java:961)
        at sun.reflect.GeneratedMethodAccessor64.invoke(Unknown Source)
        at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
        at java.lang.reflect.Method.invoke(Method.java:606)
        at com.sun.identity.authentication.jaas.LoginContext.invoke(LoginContext.java:204)

      amIdm:03/27/2017 10:11:50:431 AM BST: Thread[http-bio-8080-exec-13,5,main]: TransactionId[f2a39421-e2fb-44b5-aa0b-bf1106a984fa-876]
WARNING: Error searching for user identity

        Attachments

          Issue Links

          is related to

          Epic - Created by Jira Software - do not edit or delete. Issue type for a big user story that needs to be broken down. OPENAM-12064 Revisit usage of Users Search and Naming Attributes

          • Major - Major loss of function.
          • Open

          Bug - A problem which impairs or prevents the functions of the product. OPENAM-5429 OATH auth module can not be used in auth chain if the username in sharedstate map does not 'match' the search attribute of the data store

          • Major - Major loss of function.
          • Resolved
          relates to

          Bug - A problem which impairs or prevents the functions of the product. OPENAM-4856 HOTP auth module can not be used in auth chain if the username in sharedstate map does not 'match' the search attribute of the data store

          • Major - Major loss of function.
          • Resolved

          Bug - A problem which impairs or prevents the functions of the product. OPENAM-11115 Push authentication should use alias attributes to find identities

          • Major - Major loss of function.
          • Resolved

            Activity

              People

              • Assignee:
                andrew.dunn Andrew Dunn [X] (Inactive)
                Reporter:
                andrew.dunn Andrew Dunn [X] (Inactive)
              • Votes:
                0 Vote for this issue
                Watchers:
                4 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: