This website uses cookies. By continuing to browse or login to this website, you consent to the use of cookies. Learn more.
OK
Lexon171
Commodore
Commodore
‎2020-11-28 23:04
444 views

Identity Application and Advanced Authentication Attribute

Hello! I am trying to customize the second factor to Identity Application. On the Identity Application Server, I opened configupdate.sh. In the Authentication Method field, I selected Name and Password and enabled two-factor. Moved to the Second Factor tab. Configured the connection parameters and selected the LDAP Password method. Save, restart tomcat.

An endpoint has been created on the advanced auth server. I created an event to which I added a chain consisting of the LDAP Password method. The "CN" search attribute is included in the repository.

When I start OSP, enter the username and password, the second factor does not start.

The advanced auth server receives the "email" attribute and cannot find the user.

How to make Identity Application send "CN" attribute to Advanced Auth server?

P.S. I attach a photo of the Advanced Auth log

Preview file
15 KB
0 Likes
Reply
Report Inappropriate Content
4 Replies
Kee Yin Chuah
Captain
Captain
‎2020-11-30 14:22

Hi,

 

Identity Application should send cn by default based on your "Login Attribute" specify under User Application configuration in configupdate.

One of the reason Identity Application will send mail attribute might due to there is duplicate CN in your directory as the default "Duplicate Resolution Naming Attribute" is mail.

Try to check whether your user's cn is unique in the directory. 

0 Likes
Reply
Report Inappropriate Content
Lexon171
Commodore
Commodore
‎2020-11-30 14:33

At the testing stage I have three users with the attributes "cn" = "pp", "hh" and "mm". Therefore, there are definitely no identical "cn" attributes.

0 Likes
Reply
Report Inappropriate Content
Kee Yin Chuah
Captain
Captain
‎2020-12-01 09:37

Ah, then I have no more idea. I have set it up before and the configuration is just as simple as you did. 

0 Likes
Reply
Report Inappropriate Content
Zan
Commodore
Commodore
‎2020-12-07 09:00

What I noticed is the title of the error is "AuError", which leads me to suspect something might be wrong with authentication (probably between IA and AA).

I hope this helps in the right direction. I know it says not found but sometimes errors might be misleading.

What I would suggest is researching and elevating trace even further. Also, you said you created an endpoint on Advanced Authentication but haven't mentioned where did you incorporate that endpoint in Identity Applications, perhaps I misunderstood something but perhaps you didn't use the right endpoint credentials?

 

TL;DR: Check connection parameters on Identity Applications and maybe check the documentation on integrating Advanced Authentication with Identity Applications.

0 Likes
Reply
Report Inappropriate Content
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.