Description:
Using an ldap authentication module and logging in via XUI results in login hanging on credential entry page, submit button being greyed out. In network tab, can see that request to /users endpoint has resulted in a 404.
Reproduction steps:
- Deploy AM, embedded config and user store.
- In top level realm, add a new LDAP authn module, LDAP2, pointing at embedded user store, e.g. localhost:50389 with same bind DN, password and root suffix.
- Create a new chain, e.g. ldap2Chain, which contains LDAP2 as a required module.
- Via XUI, login using default org chain (ldapService -> dataStore module) as user demo. Observe that this succeeds and user profile page is displayed.
- Logout, then repeat the login adding ?service=ldap2Chain to url, e.g. https://openam.amtest2.com:8443/access?service=ldap2Chain. Observe that the login stays on the credential entry page, with the submit button greyed out. Reviewing the network tab shows that the request to the /users endpoint has resulted in a 404 response.
Expected behaviour
User should be able to complete authentication successfully and view their profile page.
Current behaviour
User remains on login page with greyed out link.
Other notes
Performing the rest query to the users endpoint, e.g:
curl -k 'https://openam.amtest2.com:8443/access/json/realms/root/users/demo' -H 'Accept-API-Version: protocol=1.0,resource=2.0' -H 'Content-Type: application/json' -H 'Cookie: iPlanetDirectoryPro=<user sso token>
If an admin user token is used, then this request succeeds and returns the user. If the user's session token is used (when the user has authenticated via the ldap authn module), this returns a 404.
Workaround
Use a tree that includes LdapDecisionNode.
- is duplicated by
-
OPENAM-16452 LDAP Authentication fails in AM 7.0
-
- Closed
-