[OPENAM-4856] HOTP auth module can not be used in auth chain if the username in sharedstate map does not 'match' the search attribute of the data store Created: 03/Nov/14 Updated: 26/Oct/17 Resolved: 22/Dec/14 |
|
Status: | Resolved |
Project: | OpenAM |
Component/s: | authentication |
Affects Version/s: | 10.0.0-EA, 10.0.0, 10.0.1, 10.1.0-Xpress, 10.0.2, 11.0.0, 11.0.1, 11.0.2, 12.0.0 |
Fix Version/s: | 11.0.3, 12.0.1, 13.0.0 |
Type: | Bug | Priority: | Major |
Reporter: | Bernhard Thalmayr | Assignee: | Bernhard Thalmayr |
Resolution: | Fixed | Votes: | 0 |
Labels: | release-notes | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified | ||
Environment: |
Oracle java version "1.7.0_67" |
Issue Links: |
|
||||||||||||||||
Support Ticket IDs: | |||||||||||||||||
Verified Version/s: |
Description |
Steps to reproduce
'javax.security.auth.login.name' in shared state map will be set to email address entered for LDAP auth. Data store will not be able to find the entry as the search attribute is set to 'uid'. Excerpt from access log [03/Nov/2014:21:59:47 +0100] SEARCH REQ conn=7 op=277 msgID=278 base="dc=openam,dc=forgerock,dc=org" scope=wholeSubtree filter="(&(uid=demo@localhost)(objectclass=inetorgperson))" attrs="*" [03/Nov/2014:21:59:47 +0100] SEARCH RES conn=7 op=277 msgID=278 result=0 nentries=0 etime=1 excerpt from OpenAM debug log ERROR: HOTP.sendSMS() : error searching Identities with username : demo@localhost Message:HTOP:sendSMS : More than one user found at com.sun.identity.authentication.modules.hotp.HOTPService.sendHOTP(HOTPService.java:193) at com.sun.identity.authentication.modules.hotp.HOTPService.sendHOTP(HOTPService.java:126) at com.sun.identity.authentication.modules.hotp.HOTP.process(HOTP.java:233) at com.sun.identity.authentication.spi.AMLoginModule.wrapProcess(AMLoginModule.java:1000) at com.sun.identity.authentication.spi.AMLoginModule.login(AMLoginModule.java:1170) HOTP auth module must offer a way to configure a search attribute, which will be used to retrieve profile attributes |
Comments |
Comment by Bernhard Thalmayr [ 04/Dec/14 ] |
Fixed in 11.0.3 with R11666 |
Comment by Bernhard Thalmayr [ 17/Dec/14 ] |
Fixed in 13.0.0 with R11952 |
Comment by Bernhard Thalmayr [ 22/Dec/14 ] |
Fixed in 12.0.1 with R12002 |
Comment by Filip Kubáň [X] (Inactive) [ 24/Apr/15 ] |
Verified fix on OpenAM 12.0.1 |
Comment by Michael Alexander [ 08/May/15 ] |
Is this fixed? the i18n property value a513 isn't in the 11.0.3 release for the HOTPjar file. After upgrading from 11.0.2 the new WAR file didn't add the a513 property either. I expected it would. |