-
Type:
Bug
-
Status: Resolved
-
Priority:
Blocker
-
Resolution: Fixed
-
Affects Version/s: 13.0.0, 13.5.0, 13.5.1, 13.5.2, 14.0.0, 14.1.0, 14.1.1, 14.5.0, 14.5.1, 5.5.1, 14.1.1.1, 14.1.1.2, 14.1.1.3, 6.0.0, 6.0.0.1, 6.0.0.2, 6.0.0.3, 6.0.0.4, 14.1.1.4, 6.0.0.5, 14.1.1.5, 14.1.2.2, 6.5.0, 6.0.0.6, 6.5.0.1, 6.0.0.7, 14.1.2.3, 6.5.1, 6.5.0.2, 14.1.2.4, 6.5.2, 6.5.2.1, 6.5.2.2, 14.1.2.5, 7.0.0, 14.1.2.11
-
Component/s: authentication
-
Labels:
-
Environment:Oracle JDK 1.8.0_201
Apache Tomcat/9.0.8
AM 6.0.0.6
-
Sprint:AM Sustaining Sprint 69, AM Sustaining Sprint 70
-
Story Points:5
-
Support Ticket IDs:
Bug description
Initialization of DeviceIdSave auth module fails if username is not present
How to reproduce the issue
- Configure AM
- Configure the below mentioned auth-chain in some sub-realm
- Perform service based authentication
AuthnChain
[name=Certificate] [flag=OPTIONAL] [options=] [name=DeviceMatch] [flag=SUFFICIENT] [options=] [name=OTP] [flag=OPTIONAL] [options=] [name=DeviceSave] [flag=SUFFICIENT] [options=] [name=LDAP] [flag=REQUISITE] [options=] [name=DeviceMatch] [flag=SUFFICIENT] [options=] [name=OTP] [flag=REQUIRED] [options=] [name=DeviceSave] [flag=REQUIRED] [options=]
Expected behaviour
HOTP auth module should be triggered after submitting credentials for LDAP auth module.
Current behaviour
User is prompted for LDAP credentials a second time.
Code analysis
org.forgerock.openam.authentication.modules.deviceprint.DeviceIdSave.java
...
@Override
public void init(Subject subject, Map sharedState, Map config) {
...
amIdentityPrincipal = IdUtils.getIdentity(userName, realm, userSearchAttributes);
...
}
- is related to
-
-
- Open
-
-
-
- Open
-