Vice Admiral
Vice Admiral
521 views

Identity Application and Advanced Authentication Attribute

Hello! I am trying to customize the second factor to Identity Application. On the Identity Application Server, I opened configupdate.sh. In the Authentication Method field, I selected Name and Password and enabled two-factor. Moved to the Second Factor tab. Configured the connection parameters and selected the LDAP Password method. Save, restart tomcat.

An endpoint has been created on the advanced auth server. I created an event to which I added a chain consisting of the LDAP Password method. The "CN" search attribute is included in the repository.

When I start OSP, enter the username and password, the second factor does not start.

The advanced auth server receives the "email" attribute and cannot find the user.

How to make Identity Application send "CN" attribute to Advanced Auth server?

P.S. I attach a photo of the Advanced Auth log

0 Likes
4 Replies
Commodore
Commodore

Hi,

 

Identity Application should send cn by default based on your "Login Attribute" specify under User Application configuration in configupdate.

One of the reason Identity Application will send mail attribute might due to there is duplicate CN in your directory as the default "Duplicate Resolution Naming Attribute" is mail.

Try to check whether your user's cn is unique in the directory. 

0 Likes
Vice Admiral
Vice Admiral

At the testing stage I have three users with the attributes "cn" = "pp", "hh" and "mm". Therefore, there are definitely no identical "cn" attributes.

0 Likes
Commodore
Commodore

Ah, then I have no more idea. I have set it up before and the configuration is just as simple as you did. 

0 Likes
Commodore
Commodore

What I noticed is the title of the error is "AuError", which leads me to suspect something might be wrong with authentication (probably between IA and AA).

I hope this helps in the right direction. I know it says not found but sometimes errors might be misleading.

What I would suggest is researching and elevating trace even further. Also, you said you created an endpoint on Advanced Authentication but haven't mentioned where did you incorporate that endpoint in Identity Applications, perhaps I misunderstood something but perhaps you didn't use the right endpoint credentials?

 

TL;DR: Check connection parameters on Identity Applications and maybe check the documentation on integrating Advanced Authentication with Identity Applications.

0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.