Uploaded image for project: 'OpenAM'
  1. OpenAM
  2. OPENAM-5598

Adaptive Risk auth module can not be used in auth chain if the username in sharedstate map does not 'match' the search attribute of the data store

    Details

    • Sprint:
      Sprint 78 - Sustaining
    • Support Ticket IDs:

      Description

      Steps to reproduce

      • configure LDAP data store with 'uid' as 'user search attribute'
      • configure ldap auth module with 'mail' as 'Attributes Used to Search for a User to be Authenticated'
      • configure Adaptive auth module
      • configure auth chain with required modules LDAP + Adaptive Risk

      'javax.security.auth.login.name' in shared state map will be set to email address entered for LDAP auth.
      Adaptive Risk module with retrieve this value and tries to retrieve user identity from data store

      Adaptive: process called with state = 1
      amAuthAdaptive:02/26/2015 12:59:48:569 AM UTC: Thread[http-bio-8080-exec-6,5,main]
      amAuthAdaptive: Login Attempt User = testuser01@example.com
      amAuthAdaptive:02/26/2015 12:59:48:571 AM UTC: Thread[http-bio-8080-exec-6,5,main]
      ERROR: amAuthAdaptive.getIdentity : error searching Identities with username : testuser01@example.com
      Message:amAuthAdaptive.getIdentity : User testuser01@example.com is not found
      
      at org.forgerock.openam.authentication.modules.adaptive.Adaptive.getIdentity(Adaptive.java:875)
      at org.forgerock.openam.authentication.modules.adaptive.Adaptive.process(Adaptive.java:270)
      at com.sun.identity.authentication.spi.AMLoginModule.wrapProcess(AMLoginModule.java:1000)
      at com.sun.identity.authentication.spi.AMLoginModule.login(AMLoginModule.java:1170)
      at sun.reflect.GeneratedMethodAccessor39.invoke(Unknown Source)
      at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
      at java.lang.reflect.Method.invoke(Method.java:606)
      at com.sun.identity.authentication.jaas.LoginContext.invoke(LoginContext.java:210)
      at com.sun.identity.authentication.jaas.LoginContext.login(LoginContext.java:123)
      at com.sun.identity.authentication.service.AMLoginContext.runLogin(AMLoginContext.java:569)
      at com.sun.identity.authentication.server.AuthContextLocal.submitRequirements(AuthContextLocal.java:699)
      at com.sun.identity.authentication.UI.LoginViewBean.processLoginDisplay(LoginViewBean.java:1382)
      at com.sun.identity.authentication.UI.LoginViewBean.addLoginCallbackMessage(LoginViewBean.java:1536)
      at com.sun.identity.authentication.UI.LoginViewBean.processLoginDisplay(LoginViewBean.java:1404)
      at com.sun.identity.authentication.UI.LoginViewBean.processLogin(LoginViewBean.java:858)
      at com.sun.identity.authentication.UI.LoginViewBean.forwardTo(LoginViewBean.java:522)
      at com.iplanet.jato.ApplicationServletBase.dispatchRequest(ApplicationServletBase.java:981)
      at com.iplanet.jato.ApplicationServletBase.processRequest(ApplicationServletBase.java:615)
      at com.iplanet.jato.ApplicationServletBase.doPost(ApplicationServletBase.java:473)
      at javax.servlet.http.HttpServlet.service(HttpServlet.java:646)
      at javax.servlet.http.HttpServlet.service(HttpServlet.java:727)
      at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:303)
      at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
      at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)
      at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
      at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
      at org.forgerock.openam.validation.ResponseValidationFilter.doFilter(ResponseValidationFilter.java:44)
      at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
      at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
      at org.forgerock.openam.xui.XUIFilter.doFilter(XUIFilter.java:113)
      at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
      at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
      at com.sun.identity.setup.AMSetupFilter.doFilter(AMSetupFilter.java:100)
      at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
      at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
      at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:220)
      at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:122)
      at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:501)
      at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:171)
      at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:103)
      at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:950)
      at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:116)
      at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:408)
      at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1070)
      at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:611)
      at org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:314)
      at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
      at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
      at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
      at java.lang.Thread.run(Thread.java:745)
      

      Data store will not be able to find the entry as the search attribute is set to 'uid'.

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                spareyc Charles Sparey
                Reporter:
                sachiko Sachiko Wallace
              • Votes:
                0 Vote for this issue
                Watchers:
                5 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved:

                  Time Tracking

                  Estimated:
                  Original Estimate - 0h
                  0h
                  Remaining:
                  Remaining Estimate - 0h
                  0h
                  Logged:
                  Time Spent - 9h 11m
                  9h 11m