Authenticating based on a value of an attribute

This topic has 1 reply, 2 voices, and was last updated 7 years, 7 months ago by Victor Ake.

  • Author
  • #3111

    I have a typical OpenAM, OpenIDM, and OpenDJ federation set-up and able to authenticate based on the user name and password and allow access to the service provider. I want to extend the authentication part by checking the value of one of the attributes ‘UserStatus’. So, to be authenticated and allowed access, apart from user name and password, UserStatus must be ‘active’. If the UserStatus is Error or in-active, the user should not be authenticated.

    Please could you suggest how do I achieve this.


     Victor Ake

    Hi Jean,
    Maybe I am missing something, but what you describe is the out-of-the-box behaviour in OpenAM.

    If you go to the OpenAM admin console, loginas administrator, go to the realm where your users are, list the subjects, select one of the users and then set the “User Status” to inactive, the user won’t be able to authenticate.

    The attribute in LDAP used to set the user active or inactive is “inetuserstatus” by default, but you can change that in the DataStore configuration.


Viewing 2 posts - 1 through 2 (of 2 total)

You must be logged in to reply to this topic.

©2022 ForgeRock - we provide an identity and access platform to secure every online relationship for the enterprise market, educational sector and even entire countries. Click to view our privacy policy and terms of use.

Log in with your credentials

Forgot your details?