Uploaded image for project: 'OpenAM'
  1. OpenAM
  2. OPENAM-10971

FR-OATH auth module can not be used in auth chain if the username in sharedstate map does not 'match' the search attribute of the data store

    Details

    • Sprint:
      AM Sustaining Sprint 36, AM Sustaining Sprint 37, AM Sustaining Sprint 38
    • Story Points:
      2
    • Support Ticket IDs:

      Description

      Steps to reproduce
      configure LDAP data store with 'uid' as 'user search attribute'
      configure ldap auth module with 'mail' as 'Attributes Used to Search for a User to be Authenticated'
      configure OATH auth module
      configure auth chain with required modules LDAP + FR-OATH
      'javax.security.auth.login.name' in shared state map will be set to email address entered for LDAP auth.
      OATH checkOTP method fails as the user identity can not be found.
      Data store will not be able to find the entry as the search attribute is set to 'uid'.

      amAuth:03/27/2017 10:11:50:432 AM BST: Thread[http-bio-8080-exec-13,5,main]: TransactionId[f2a39421-e2fb-44b5-aa0b-bf1106a984fa-876]
      Error during login..
      amAuth:03/27/2017 10:11:50:432 AM BST: Thread[http-bio-8080-exec-13,5,main]: TransactionId[f2a39421-e2fb-44b5-aa0b-bf1106a984fa-876]
      Exception
      javax.security.auth.login.LoginException: java.lang.NullPointerException
              at org.forgerock.openam.authentication.modules.fr.oath.AuthenticatorOATH.init(AuthenticatorOATH.java:208)
              at com.sun.identity.authentication.spi.AMLoginModule.initialize(AMLoginModule.java:961)
              at sun.reflect.GeneratedMethodAccessor64.invoke(Unknown Source)
              at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
              at java.lang.reflect.Method.invoke(Method.java:606)
              at com.sun.identity.authentication.jaas.LoginContext.invoke(LoginContext.java:204)
      
      amIdm:03/27/2017 10:11:50:431 AM BST: Thread[http-bio-8080-exec-13,5,main]: TransactionId[f2a39421-e2fb-44b5-aa0b-bf1106a984fa-876]
      WARNING: Error searching for user identity
      

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                andrew.dunn Andrew Dunn [X] (Inactive)
                Reporter:
                andrew.dunn Andrew Dunn [X] (Inactive)
              • Votes:
                0 Vote for this issue
                Watchers:
                4 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: