Using Single Login screen for a chain that has multiple authn modules

This topic has 5 replies, 3 voices, and was last updated 3 years, 4 months ago by Andy Cory.

  • Author
  • #25783
     Kabi Patt

    My authentication chain :-

    (1) Radius Module (Requisite) –> Radius-UserId / Radius-Password
    (2) Ldap Module (Sufficient) –> Ldap-UserId/ Ldap-Password.

    No usability issue for Radius Authentication, User enters Radius-Uid/ Radius-Pwd to Radius-Login screen and get authenticated.

    But for Ldap authentication, User goes thru two Login screens:-
    (i) User enters LDAP-Uid/ Ldap-Pwd to Radius-Login screen, this module fails to the next module.
    (ii) Now, User sees the second LDAP-Login screen, user enters Ldap-uid/ pwd again to get authenticated.

    I am looking for a solution where user enters the uid/credential (Radius or LDAP) once in the login screen and authentication chain takes care of the authentication transparently without invoking module specific login screen. How can this be implemented ?


     Andy Cory

    You don’t say which OpenAM version. From v6 onwards, you can probably do this with authentication trees. Prior to that, it would probably require a custom module, or at least a custom UI.

     Kabi Patt

    Hi Andy,
    The AM version is

    This chain is used for Radius authentication and attached to a Radius client. FR does not support authentication for Radius yet.



    Hi Kabi,

    You can do this via the sharedState to reuse the credentials entered from the 1st module in the 2nd module. Refer to the documentation here:

    Look at:

    So in your case the the RADIUS module would have “iplanet-am-auth-store-shared-state-enabled=true”, and the LDAP module would have “iplanet-am-auth-shared-state-enabled=true” and “iplanet-am-auth-shared-state-behavior-pattern=useFirstPass”

    Kind Regards
    Brad Tarisznyas

     Kabi Patt

    Thank you Brad,
    The solution worked !


     Andy Cory

    Good call, Brad – I’d forgotten entirely about shared state!

Viewing 6 posts - 1 through 6 (of 6 total)

You must be logged in to reply to this topic.

©2022 ForgeRock - we provide an identity and access platform to secure every online relationship for the enterprise market, educational sector and even entire countries. Click to view our privacy policy and terms of use.

Log in with your credentials

Forgot your details?