Uploaded image for project: 'OpenAM'
  1. OpenAM
  2. OPENAM-3296

ssoadm uses LDAP auth module first to authenticate amadmin

    Details

    • Type: Bug
    • Status: Resolved
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 10.0.0-EA, 10.0.0, 10.0.1, 10.1.0-Xpress, 11.0.0
    • Fix Version/s: 11.0.3, 12.0.1, 13.0.0
    • Component/s: CLI
    • Sprint:
      Sprint 76 - Sustaining
    • Support Ticket IDs:

      Description

      ssoadm always tries to authenticate 'amadmin' using module LDAP for module based auth. This leads to the following log entry within 'amAuthentication.error' (or database table if DBHandler is used)

      "2013-11-13 00:30:54"   "Login Failed|module_instance|LDAP"     "Not Available" "Not Available" 127.0.0.1       INFO    dc=openam,dc=forgerock,dc=org   "cn=dsameuser,ou=DSAME Users,dc=openam,dc=forgerock,dc=org"     AUTHENTICATION-268      LDAP    "Not Available" 127.0.0.1
      

      and is quite confusing for users monitoring the log files.

      Authentiator.java
          private AuthContext sessionBasedLoginInternal(
              CommandManager mgr,
              String bindUser,
              String bindPwd
          ) throws CLIException {
              AuthContext lc = null;
              String authModule = SystemProperties.get(DEFINED_AUTH_MODULE);
      
              if (authModule != null) {
                  lc = sessionBasedLoginInternal(mgr, bindUser, bindPwd, authModule);
              } else {
                  /*
                   * try LDAP and then DataStore
                   */
                  try {
                      lc = sessionBasedLoginInternal(mgr, bindUser, bindPwd,
                          LDAP_AUTH_MODULE);
                  } catch (CLIException e) {
                      lc = sessionBasedLoginInternal(mgr, bindUser, bindPwd,
                          FLATFILE_AUTH_MODULE);
                  }
              }
              return lc;
          }
      

      ldap auth module base auth should be removed as it will most like not succeed and 'amadmin' is stored in special repo.

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                kamal.sivanandam@forgerock.com Kamal Sivanandam
                Reporter:
                bthalmayr Bernhard Thalmayr
              • Votes:
                0 Vote for this issue
                Watchers:
                6 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: