Passing OpenDJ authentication messages to OpenAM REST API

This topic contains 2 replies, has 3 voices, and was last updated by  evinvol 11 months, 1 week ago.

  • Author
    Posts
  • #11535
     kevinmichaelchen 
    Participant

    How do you configure the OpenAM REST API (e.g., /openam/json/authenticate) to pass back a JSON payload where the ‘message’ is something more specific than “Authentication Failed”?

    When we run the following command from OpenDJ, we get a specific message from the LDAP describing the error (e.g., “password has expired” or “password will expire in N days”, etc):

    /opt/opendj/bin/ldapsearch  --port 1389  --baseDN dc=example,dc=com -D "uid=pixuser,ou=people,dc=example,dc=com" -w password  "(lastLoginTime:1.3.6.1.4.1.26027.1.4.6:=13w)" mail 
    # Your password has expired
    SEARCH operation failed
    Result Code:  19 (Constraint Violation)
    Additional Information:  uid=pixuser,ou=people,dc=example,dc=com must change their password before it will be allowed to request any other operations

    Our goal is to see a response like:

    {
      "code": 401,
      "reason": "Unauthorized",
      "message": "Your password has expired"
    }
    #11542
     Peter Major 
    Moderator

    Have you tried using the LDAP authentication module with Behera draft support enabled?

    #23484
     evinvol 
    Participant

    The same issue when using LDAP authentication module with Behera draft support

Viewing 3 posts - 1 through 3 (of 3 total)

You must be logged in to reply to this topic.

©2019 ForgeRock - we provide an identity and access platform to secure every online relationship for the enterprise market, educational sector and even entire countries. Click to view our privacy policy and terms of use.

Log in with your credentials

Forgot your details?