Identity Application and Advanced Authentication Attribute
Hello! I am trying to customize the second factor to Identity Application. On the Identity Application Server, I opened configupdate.sh. In the Authentication Method field, I selected Name and Password and enabled two-factor. Moved to the Second Factor tab. Configured the connection parameters and selected the LDAP Password method. Save, restart tomcat.
An endpoint has been created on the advanced auth server. I created an event to which I added a chain consisting of the LDAP Password method. The "CN" search attribute is included in the repository.
When I start OSP, enter the username and password, the second factor does not start.
The advanced auth server receives the "email" attribute and cannot find the user.
How to make Identity Application send "CN" attribute to Advanced Auth server?
P.S. I attach a photo of the Advanced Auth log
Identity Application should send cn by default based on your "Login Attribute" specify under User Application configuration in configupdate.
One of the reason Identity Application will send mail attribute might due to there is duplicate CN in your directory as the default "Duplicate Resolution Naming Attribute" is mail.
Try to check whether your user's cn is unique in the directory.
What I noticed is the title of the error is "AuError", which leads me to suspect something might be wrong with authentication (probably between IA and AA).
I hope this helps in the right direction. I know it says not found but sometimes errors might be misleading.
What I would suggest is researching and elevating trace even further. Also, you said you created an endpoint on Advanced Authentication but haven't mentioned where did you incorporate that endpoint in Identity Applications, perhaps I misunderstood something but perhaps you didn't use the right endpoint credentials?
TL;DR: Check connection parameters on Identity Applications and maybe check the documentation on integrating Advanced Authentication with Identity Applications.