Affects Version/s: 10.0.0-EA, 10.0.0, 10.0.1, 10.1.0-Xpress, 10.0.2, 11.0.0, 11.0.1, 11.0.2, 12.0.0
Environment:Oracle java version "1.7.0_67"
Apache Tomcat 7.0.53
Support Ticket IDs:
Steps to reproduce
- configure LDAP data store with 'uid' as 'user search attribute'
- configure ldap auth module with 'mail' as 'Attributes Used to Search for a User to be Authenticated'
- configure HOTP auth module
- configure auth chain with required modules LDAP + HOTP
'javax.security.auth.login.name' in shared state map will be set to email address entered for LDAP auth.
HOTP module with retrieve this value and tries to retrieve user attributes from data store to send Email or SMS.
Data store will not be able to find the entry as the search attribute is set to 'uid'.
Excerpt from access log
excerpt from OpenAM debug log
HOTP auth module must offer a way to configure a search attribute, which will be used to retrieve profile attributes