July 28, 2020 at 11:16 pm #28133
I am writing a custom login page for a authentication chain that has two Authentication modules :-
(1) LDAP Module (userName/ password)
(2) Radius Module (userName / OTP) ; here the userName should be same from previous module.
I successfully mapped the corresponding credential-collection form to each of the above said module in my SPA based login.jsp. User submit userName/ Password in custom form of module1. User then sees the userName/OTP collection custom form for module2. I would like to capture the userName validated in Module1’s form in Module2’s form.
Is there a AM-API available that can capture the UserName transitioning between two module ?
KabiJuly 29, 2020 at 5:58 pm #28138Jatinder Singh (AcceptingNewProjects)Participant
If it’s part of a single chain, it’s possible using shared state configuration. I suggested trying behaviour property in a similar question you posted earlier. Try and keep us posted :)July 29, 2020 at 7:55 pm #28141
Jatinder, the other post is for OOB UI, this one is not for Custom UI.
I already mentioned in other post that shared-state did not work in my case. Shared-state simply taking the values entered from module 1 and transferring it to module, then fire the authentication call for module2 automatically when “userFirstTry” is set to try.
My use case is different. I simply wanted to prefill the userName in module 2 from module 1. User still require to fill the OTP in module 2.
KabiJuly 29, 2020 at 8:04 pm #28143
I will able to pre-populate the Module2’s userName field if there is an API I can call to capture the “UserName” stored in shared state. Anyone aware of such AM API?August 4, 2020 at 1:42 am #28160
Will try out the authn state mentioned here. That may capture the userName from shared object.
https://backstage.forgerock.com/docs/am/6.5/dev-guide/index.html#scripting-api-authn-stateAugust 7, 2020 at 6:19 pm #28170Scott HegerParticipant
Does your solution need to be module based or can it be node based?August 18, 2020 at 2:26 am #28186
Thanks Scott for chiming in, I thought this thread was dead :)
It has to be module based because, We are at AM 6.x and it does not have Kerberos and Radius node that we heavily use. Upgrading to AM6.5/7 is a long haul as there are agent compatibility issues need to be fixed.
In the meant time, I tried the following APIs :-
These APIs were called in-between the AD-Module and Radius-Module when user is still in transit inside the authn-chain. None of the above APIs return user-info.
However, the same APIs returns user info when I convert these module to independent authentication chains like AD-Chain (having AD-Module only) + Radius-Chain (having Radius Module only).
This indicates, The seesion-APIs does not get the user info, when the control is transiting from one authn-module to other within an authn-chain.
Note sure if this observation will help but thought of calling it out.
KabiAugust 27, 2020 at 4:56 am #28225Scott HegerParticipant
There is a Marketplace node for Windows Desktop SSO and we recently built an RSA node which might end up in the Marketplace….so the ability to use nodes still exists. :)
You must be logged in to reply to this topic.