July 12, 2016 at 1:59 pm #11968
UID or email can use for authentication with LDAP module, which is the only module in chain and its working perfectly.
But in Multi-Factor Authentication using LDAP and OAUTH(TOTP) i can use either UID or mail, according to which value set for attribute “LDAP Users Search Attribute” in DataStore. i.e,
Its working with uid if i set “LDAP Users Search Attribute=uid” in DataStore
Its working with mail if i set “LDAP Users Search Attribute=mail” in DataStore
When i set “LDAP Users Search Attribute=uid” and tries login with “mail” it shows “Authentication Failed” after second phase, i.e, after entering OTP(it successfully accepts mail as userid and password in first level, shows “Authentication Failed” message after entering TOTP) and wise-versa.
Anything missing?July 13, 2016 at 7:53 am #11993
LDAP module is able to perform authentication using UID/email.
But OAUTH module is not. i.e, OAUTH module works based on “LDAP Users Search Attribute” in DataStore.
If i set “LDAP Users Search Attribute=mail” in DataStore OAUTH module output is success if i input “mail” as username, if i input “uid” OAUTH module fails(LDAP module output is success).
i.e, I can see Error in debug/Authentication file,
ERROR: OATH.getIdentity: error searching Identities with username : test
Message:OATH.getIdentity : User test is not found
I think OAUTH module is not able to search using “uid” if i set “LDAP Users Search Attribute=mail” in DataStore,
I am stuck. What’s the solution?
July 14, 2016 at 10:44 am #12010Peter MajorModerator
- This reply was modified 6 years, 1 month ago by Firos.
OAuth and OATH are two different things…
Also, please don’t open several topics for the same problem..July 14, 2016 at 12:46 pm #12020
OAuth and OATH are two different things, that i know.
I can use either UID or email as login credential with LDAP module.
But when i use LDAP module with OAUTH module it fails.
Also its not working, when i use LDAP module with “ForgeRock Authenticator (OATH)” in Multi-Factor Authentication.
You must be logged in to reply to this topic.