[OPENAM-5429] OATH auth module can not be used in auth chain if the username in sharedstate map does not 'match' the search attribute of the data store - ForgeRock JIRA

Details

Type: Bug
Status: Resolved
Priority: Major
Resolution: Fixed
Affects Version/s: 11.0.0, 11.0.1, 11.0.2, 12.0.0, 13.0.0
Fix Version/s: 13.5.1, 14.5.0, 14.1.2
Component/s: authentication
Labels:
- EDISON

Target Version/s:

13.5.1, 14.5.0, 14.1.2

Sprint:
AM Sustaining Sprint 37, AM Sustaining Sprint 38, AM Sustaining Sprint 39, AM Sustaining Sprint 40, AM Sustaining Sprint 41, AM Sustaining Sprint 42, AM Sustaining Sprint 43
Story Points:
2
Needs backport:

No

Support Ticket IDs:

Needs QA verification:

No
Functional tests:

No
Are the reproduction steps defined?:

Yes and I used the same an in the description

Description

Steps to reproduce

configure LDAP data store with 'uid' as 'user search attribute'
configure ldap auth module with 'mail' as 'Attributes Used to Search for a User to be Authenticated'
configure OATH auth module
configure auth chain with required modules LDAP + OATH

'javax.security.auth.login.name' in shared state map will be set to email address entered for LDAP auth.
OATH checkOTP method fails as the user identity can not be found.

Data store will not be able to find the entry as the search attribute is set to 'uid'.

Attachments

Issue Links

is related to

OPENAM-4856 HOTP auth module can not be used in auth chain if the username in sharedstate map does not 'match' the search attribute of the data store

Resolved

relates to

OPENAM-10971 FR-OATH auth module can not be used in auth chain if the username in sharedstate map does not 'match' the search attribute of the data store

Resolved

Activity

People

Assignee:

Andrew Dunn [X] (Inactive)

Reporter:

Bernhard Thalmayr

Votes:

1 Vote for this issue

Watchers:

6 Start watching this issue

Dates

Created:

20/Jan/15 11:35 AM

Updated:

20/Apr/18 3:14 PM

Resolved:

28/Sep/17 12:33 PM