Hello, I have a requirement to impersonate users. Please spare me the waggling fingers, there are legitimate needs for this. I know there is an impersonate module but it’s not supported for production use.
However, I get an error: “User has no profile in this organization”. I *think* this means OpenAM can’t find the user in the datastore, but I don’t understand why. When the same username is specified in other Authentication Modules, it works fine. Is there something that other Authentication Modules are doing that the Scripting Module is not? Is there some internal information that my script needs to add or account for?
Yes, that is what that means. If you are using the default Authentication setting to require user profiles, then authentication is a two part process. First authenticate the user and then using the settings in your data store, locate the user’s profile.
To debug this, kick up your debug log level to “Message”, rerun your authentication and check out your IdRepo debug file for clues as to what it is complaining about. Better yet, check the logs of your data store. If your data store is an LDAP (OpenDJ?) repository, check the access log for the search that is being performed that is not returning your user profile. I’m guessing you might have a mismatch with the username that is being used in your scripted module vs what you have configured in your Data Store.