[OPENAM-14080] LDAP Decision Node returns incorrect user attribute to search for in user store Created: 06/Dec/18  Updated: 25/Apr/19  Resolved: 02/Jan/19

Status: Resolved
Project: OpenAM
Component/s: trees
Affects Version/s: 6.5.0
Fix Version/s:,, 6.5.1, 6.0.1, 7.0.0

Type: Bug Priority: Major
Reporter: Patryk Krolikowski Assignee: Michael Carter
Resolution: Fixed Votes: 0
Labels: AME, Must-Fix
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

AM 6.5 on Tomcat 9, Tomcat 8

Attachments: PNG File image-2018-12-06-10-48-12-630.png     PNG File image-2018-12-06-11-25-41-874.png     PNG File image-2018-12-06-11-26-25-177.png    
Issue Links:
is duplicated by OPENAM-14150 Cannot log in using email address wit... Resolved
is caused by OPENAM-13531 LDAP Decision node removes username f... Resolved
Target Version/s:
Rank: 1|hzx8xz:
Verified Version/s:
Functional tests:


Bug description

When using LDAP Decision Node incorrect search attribute is passed down to user store which results in User not found after successful authentication.

How to reproduce the issue


  • Vanilla AM 6.5 with embedded DS as user repo.
  • Default Identity Store configuration
  1. add email address to the sample demo user
  2. create a tree with LDAP Decision node

3. Properties of the Node:

3. Use the tree. Sign in using email of demo user. 



This was working fine in AM 6.5 M9. 




Comment by Peter Major [X] (Inactive) [ 14/Dec/18 ]

Chances are the authentication node needs to update the username in sharedstate when the decision determines that the username is actually something else than what the user entered.

Comment by Steffo Weber [ 14/Dec/18 ]

It worked in M9

Comment by Peter Major [X] (Inactive) [ 14/Dec/18 ]

Looks like this is caused by https://stash.forgerock.org/projects/OPENAM/repos/openam/pull-requests/6161/diff#openam-auth-trees/auth-nodes/src/main/java/org/forgerock/openam/auth/nodes/LdapDecisionNode.java

Comment by Filip Kubáň [X] (Inactive) [ 10/Jan/19 ]

Verified on ForgeRock Access Management Build d901475564 (2019-January-10 06:24)

User was signed in as expected

Generated at Mon Mar 01 05:00:59 UTC 2021 using Jira 7.13.12#713012-sha1:6e07c38070d5191bbf7353952ed38f111754533a.