Uploaded image for project: 'OpenAM'
  1. OpenAM
  2. OPENAM-816

ssoadm authentication depends on the sunEnableModuleBasedAuth=true

    XMLWordPrintable

    Details

    • Sprint:
      Sprint 76 - Sustaining
    • Support Ticket IDs:

      Description

      It seems that ssoadm utility authentication depends on the OpenAM having "Module Based Authentication" enabled in the "Access Control/Top level realm/Authentication/All Core Settings" page. The corresponding property name is sunEnableModuleBasedAuth=true with the iPlanetAMAuthService service.

      When we have this property=false, the ssoadm command fails with the following error message:

      Service URL not found:session

      And when looking at the network trace we find that the request

      <Request><![CDATA[<?xml version="1.0" encoding="UTF-8"?>
      <AuthContext version="1.0"><Request authIdentifier="0"><AppSSOToken>AQIC5wM2LY4SfcztWB6hWIT0KPuF3iR-1NnSzneVKgq_gtw.AAJTSQACMDIAAlNLAAotNzQzNTE1NzY0AAJTMQACMDE.</AppSSOToken><Login orgName="/"><IndexTypeNamePair indexType="moduleInstance"><IndexName>LDAP</IndexName></IndexTypeNamePair></Login></Request></AuthContext>]]></Request>

      is given the response:

      <?xml version="1.0" encoding="UTF-8" standalone="yes"?>
      <ResponseSet vers="1.0" svcid="auth" reqid="6">
      <Response><![CDATA[<?xml version="1.0" encoding="UTF-8"?>
      <AuthContext version="1.0"><Response authIdentifier="0"><LoginStatus status="failed"></LoginStatus><Exception message="Module Based Authentication is not allowed." errorCode="120"></Exception></Response></AuthContext>]]></Response>
      </ResponseSet>

      Could it be that the ssoadm utility is depending on the authentication module instance "LDAP" and is not using the authentication chain "ldapService" for authentication, when it is so configured at the "Administrator Authentication Configuration" drop-down box and the iplanet-am-auth-admin-auth-module property.

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                jonthomas Jonathan Thomas
                Reporter:
                aivo.jurgenson aivo.jurgenson
              • Votes:
                1 Vote for this issue
                Watchers:
                7 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: