Uploaded image for project: 'OpenAM'
  1. OpenAM
  2. OPENAM-16181

Login via XUI hangs using LDAP authn module (users endpoint returns 404)


    • Type: Bug
    • Status: Resolved
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 7.0.0
    • Fix Version/s: 7.0.0
    • Component/s: XUI
    • Labels:
    • Target Version/s:
    • Rank:
    • Needs QA verification:
    • Functional tests:



      Using an ldap authentication module and logging in via XUI results in login hanging on credential entry page, submit button being greyed out.  In network tab, can see that request to /users endpoint has resulted in a 404.

      Reproduction steps:

      1. Deploy AM, embedded config and user store.
      2. In top level realm, add a new LDAP authn module, LDAP2, pointing at embedded user store, e.g. localhost:50389 with same bind DN, password and root suffix.
      3. Create a new chain, e.g. ldap2Chain, which contains LDAP2 as a required module.
      4. Via XUI, login using default org chain (ldapService -> dataStore module) as user demo.  Observe that this succeeds and user profile page is displayed.
      5. Logout, then repeat the login adding ?service=ldap2Chain to url, e.g. https://openam.amtest2.com:8443/access?service=ldap2Chain.  Observe that the login stays on the credential entry page, with the submit button greyed out.  Reviewing the network tab shows that the request to the /users endpoint has resulted in a 404 response.

      Expected behaviour

      User should be able to complete authentication successfully and view their profile page.

      Current behaviour

      User remains on login page with greyed out link.

      Other notes

      Performing the rest query to the users endpoint, e.g: 

      curl -k 'https://openam.amtest2.com:8443/access/json/realms/root/users/demo' -H 'Accept-API-Version: protocol=1.0,resource=2.0' -H 'Content-Type: application/json' -H 'Cookie:  iPlanetDirectoryPro=<user sso token>

      If an admin user token is used, then this request succeeds and returns the user.  If the user's session token is used (when the user has authenticated via the ldap authn module), this returns a 404.


      Use a tree that includes LdapDecisionNode.


          Issue Links



              • Assignee:
                michael.carter Michael Carter
                lawrence.yarham Lawrence Yarham
              • Votes:
                0 Vote for this issue
                2 Start watching this issue


                • Created: