use either UID or email as login credential in Multi-Factor Authentication

This topic has 3 replies, 2 voices, and was last updated 5 years, 2 months ago by Firos.

  • Author
    Posts
  • #11968
     Firos
    Participant

    UID or email can use for authentication with LDAP module, which is the only module in chain and its working perfectly.

    But in Multi-Factor Authentication using LDAP and OAUTH(TOTP) i can use either UID or mail, according to which value set for attribute “LDAP Users Search Attribute” in DataStore. i.e,

    Its working with uid if i set “LDAP Users Search Attribute=uid” in DataStore
    Its working with mail if i set “LDAP Users Search Attribute=mail” in DataStore

    When i set “LDAP Users Search Attribute=uid” and tries login with “mail” it shows “Authentication Failed” after second phase, i.e, after entering OTP(it successfully accepts mail as userid and password in first level, shows “Authentication Failed” message after entering TOTP) and wise-versa.

    Anything missing?

    #11993
     Firos
    Participant

    Issues is,
    LDAP module is able to perform authentication using UID/email.
    But OAUTH module is not. i.e, OAUTH module works based on “LDAP Users Search Attribute” in DataStore.

    If i set “LDAP Users Search Attribute=mail” in DataStore OAUTH module output is success if i input “mail” as username, if i input “uid” OAUTH module fails(LDAP module output is success).
    i.e, I can see Error in debug/Authentication file,
    ERROR: OATH.getIdentity: error searching Identities with username : test
    Message:OATH.getIdentity : User test is not found

    I think OAUTH module is not able to search using “uid” if i set “LDAP Users Search Attribute=mail” in DataStore,

    I am stuck. What’s the solution?

    • This reply was modified 5 years, 2 months ago by Firos.
    #12010
     Peter Major
    Moderator

    OAuth and OATH are two different things…

    Also, please don’t open several topics for the same problem..

    #12020
     Firos
    Participant

    Peter,

    OAuth and OATH are two different things, that i know.

    I can use either UID or email as login credential with LDAP module.

    But when i use LDAP module with OAUTH module it fails.

    Also its not working, when i use LDAP module with “ForgeRock Authenticator (OATH)” in Multi-Factor Authentication.

Viewing 4 posts - 1 through 4 (of 4 total)

You must be logged in to reply to this topic.

©2021 ForgeRock - we provide an identity and access platform to secure every online relationship for the enterprise market, educational sector and even entire countries. Click to view our privacy policy and terms of use.

Log in with your credentials

Forgot your details?