August 13, 2020 at 11:31 pm #28175edward.winstonParticipant
We are doing a POC with ForgeRock. To get something going quickly I am trying to create an Authentication tree that takes a user name, does some external processing by calling out to an external process and then returns if the username is valid.
The callouts work, but no matter what I return I am always getting a 401. The last node in the tree is the Success node (or Failure), but even when I return a success outcome, the user is not authenticated.
Is there something else I need to do or set in the shared state to mark the user/session as authenticated?
EdwardAugust 16, 2020 at 1:41 am #28176Jatinder Singh (AcceptingNewProjects)Participant
In your scripted node, you need to set and return the value of outcome variable to the values being managed by the node in your tree.
For example, if your outcome value is being returned as
success, in your tree connect the success outcome with success node.
If you are still experiencing issues – I would suggest to debug and print the value of outcome to see what it is and that there is no exception being thrown in your script. For this you will have to set the debug level of your script to
Hope this helps!August 27, 2020 at 5:08 am #28226Scott HegerParticipant
Improper Identity Store configuration can cause 401 errors. Check to ensure the values for LDAP Users Search Attribute and Authentication Naming Attribute in your Identity Store are correct. They both default to “uid” but if your username is using a different attribute then things won’t work right.September 1, 2020 at 8:28 pm #28246edward.winstonParticipant
Thanks for the replies! I think the problem was due to a stale login window. The scripted node was actually just testing to see if the name was valid against an external source. I did get it to work by making sure I reloaded the login window if I had been away for a while.September 1, 2020 at 10:48 pm #28248Jatinder Singh (AcceptingNewProjects)Participant
Yes, that could be a valid reason. FYI – when using Intelligent Authentication Trees, the default max duration of an authentication session is 5 minutes which can be tweaked at Global or Realm level.
You must be logged in to reply to this topic.