May 13, 2019 at 8:42 pm #25783
My authentication chain :-
(1) Radius Module (Requisite) –> Radius-UserId / Radius-Password
(2) Ldap Module (Sufficient) –> Ldap-UserId/ Ldap-Password.
No usability issue for Radius Authentication, User enters Radius-Uid/ Radius-Pwd to Radius-Login screen and get authenticated.
But for Ldap authentication, User goes thru two Login screens:-
(i) User enters LDAP-Uid/ Ldap-Pwd to Radius-Login screen, this module fails to the next module.
(ii) Now, User sees the second LDAP-Login screen, user enters Ldap-uid/ pwd again to get authenticated.
I am looking for a solution where user enters the uid/credential (Radius or LDAP) once in the login screen and authentication chain takes care of the authentication transparently without invoking module specific login screen. How can this be implemented ?
KabiMay 13, 2019 at 8:57 pm #25784Andy CoryParticipant
You don’t say which OpenAM version. From v6 onwards, you can probably do this with authentication trees. Prior to that, it would probably require a custom module, or at least a custom UI.May 13, 2019 at 9:44 pm #25785
The AM version is 22.214.171.124.
This chain is used for Radius authentication and attached to a Radius client. FR does not support authentication for Radius yet.
KabiMay 14, 2019 at 12:34 pm #25789bradley.tarisznyasParticipant
You can do this via the sharedState to reuse the credentials entered from the 1st module in the 2nd module. Refer to the documentation here:
So in your case the the RADIUS module would have “iplanet-am-auth-store-shared-state-enabled=true”, and the LDAP module would have “iplanet-am-auth-shared-state-enabled=true” and “iplanet-am-auth-shared-state-behavior-pattern=useFirstPass”
Brad TarisznyasMay 15, 2019 at 12:43 am #25795
Thank you Brad,
The solution worked !
KabiMay 20, 2019 at 10:52 am #25827Andy CoryParticipant
Good call, Brad – I’d forgotten entirely about shared state!
You must be logged in to reply to this topic.