Inactive users can log in to OpenIDM UI

This topic has 3 replies, 2 voices, and was last updated 6 years, 2 months ago by [email protected].

  • Author
  • #11962

    I change the status of user from ‘active’ to ‘inactive’, yet the user can login to OpenIDM UI.
    The expected behavior is that user should not be able to login since the account is inactive.
    I followed the steps provided in the below link:
    But after incorporating these changes, none of the users can login to OpenIDM, irrespective of their status.

    Can anybody help?


    What version of OpenIDM are you using? Have you validated that the query “credential-query” works as expected, you could do it via Postman?
    Did you customize the authentication.json file i.e the authentication chain?


    I am using OpenIDM 4.0.
    I haven’t changed the authentication.json file. Can you please tell me the credential query?


    I am using OpenIDM with MySQL and the credential-query has no filter for accountStatus=’active’.
    I modified the query as follows:
    SELECT fullobject FROM ${_dbSchema}.${_mainTable} obj INNER JOIN ${_dbSchema}.${_propTable} prop_userName ON = prop_userName.${_mainTable}_id INNER JOIN ${_dbSchema}.${_propTable} prop_acctStat ON = prop_acctStat.${_mainTable}_id INNER JOIN ${_dbSchema}.objecttypes objtype ON = obj.objecttypes_id WHERE prop_userName.propkey='/userName' AND prop_userName.propvalue = ${username} AND prop_acctStat.propkey='/accountStatus' AND prop_acctStat.propvalue = 'active' AND objtype.objecttype = ${_resource}

    The functionality now works fine. Only active users are allowed to login to OpenIDM.

Viewing 4 posts - 1 through 4 (of 4 total)

You must be logged in to reply to this topic.

©2022 ForgeRock - we provide an identity and access platform to secure every online relationship for the enterprise market, educational sector and even entire countries. Click to view our privacy policy and terms of use.

Log in with your credentials

Forgot your details?