Uploaded image for project: 'OpenAM'
  1. OpenAM
  2. OPENAM-5429

OATH auth module can not be used in auth chain if the username in sharedstate map does not 'match' the search attribute of the data store

    Details

    • Type: Bug
    • Status: Resolved
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 11.0.0, 11.0.1, 11.0.2, 12.0.0, 13.0.0
    • Fix Version/s: 13.5.1, 14.5.0, 14.1.2
    • Component/s: authentication
    • Labels:
    • Sprint:
      AM Sustaining Sprint 37, AM Sustaining Sprint 38, AM Sustaining Sprint 39, AM Sustaining Sprint 40, AM Sustaining Sprint 41, AM Sustaining Sprint 42, AM Sustaining Sprint 43
    • Story Points:
      2
    • Needs backport:
      No
    • Support Ticket IDs:
    • Needs QA verification:
      No
    • Functional tests:
      No
    • Are the reproduction steps defined?:
      Yes and I used the same an in the description

      Description

      Steps to reproduce

      configure LDAP data store with 'uid' as 'user search attribute'
      configure ldap auth module with 'mail' as 'Attributes Used to Search for a User to be Authenticated'
      configure OATH auth module
      configure auth chain with required modules LDAP + OATH

      'javax.security.auth.login.name' in shared state map will be set to email address entered for LDAP auth.
      OATH checkOTP method fails as the user identity can not be found.

      Data store will not be able to find the entry as the search attribute is set to 'uid'.

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                andrew.dunn Andrew Dunn [X] (Inactive)
                Reporter:
                bthalmayr Bernhard Thalmayr
              • Votes:
                1 Vote for this issue
                Watchers:
                6 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: