-
Type:
Bug
-
Status: Resolved
-
Priority:
Major
-
Resolution: Fixed
-
Affects Version/s: 13.5.0
-
Component/s: authentication
-
Labels:
Steps to reproduce
configure LDAP data store with 'uid' as 'user search attribute'
configure ldap auth module with 'mail' as 'Attributes Used to Search for a User to be Authenticated'
configure OATH auth module
configure auth chain with required modules LDAP + FR-OATH
'javax.security.auth.login.name' in shared state map will be set to email address entered for LDAP auth.
OATH checkOTP method fails as the user identity can not be found.
Data store will not be able to find the entry as the search attribute is set to 'uid'.
amAuth:03/27/2017 10:11:50:432 AM BST: Thread[http-bio-8080-exec-13,5,main]: TransactionId[f2a39421-e2fb-44b5-aa0b-bf1106a984fa-876] Error during login.. amAuth:03/27/2017 10:11:50:432 AM BST: Thread[http-bio-8080-exec-13,5,main]: TransactionId[f2a39421-e2fb-44b5-aa0b-bf1106a984fa-876] Exception javax.security.auth.login.LoginException: java.lang.NullPointerException at org.forgerock.openam.authentication.modules.fr.oath.AuthenticatorOATH.init(AuthenticatorOATH.java:208) at com.sun.identity.authentication.spi.AMLoginModule.initialize(AMLoginModule.java:961) at sun.reflect.GeneratedMethodAccessor64.invoke(Unknown Source) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.lang.reflect.Method.invoke(Method.java:606) at com.sun.identity.authentication.jaas.LoginContext.invoke(LoginContext.java:204)
amIdm:03/27/2017 10:11:50:431 AM BST: Thread[http-bio-8080-exec-13,5,main]: TransactionId[f2a39421-e2fb-44b5-aa0b-bf1106a984fa-876] WARNING: Error searching for user identity
- is related to
-
OPENAM-12064 Revisit usage of Users Search and Naming Attributes
-
- Open
-
-
OPENAM-5429 OATH auth module can not be used in auth chain if the username in sharedstate map does not 'match' the search attribute of the data store
-
- Resolved
-
- relates to
-
OPENAM-4856 HOTP auth module can not be used in auth chain if the username in sharedstate map does not 'match' the search attribute of the data store
-
- Resolved
-
-
OPENAM-11115 Push authentication should use alias attributes to find identities
-
- Resolved
-