Dhilip S
Reputation: 3
Authentication Error OpenAM - ADLDS datastore
I am new to OpenAM, I configured AD LDS in my machine and it has list of users. I am trying to add ADAM as data store to OpenAM. Even i followed this documentation from OpenAM https://wikis.forgerock.org/confluence/display/openam/Configure+OpenAM+to+use+Active+Directory+for+Authentication+and+DataStore
After i followed instructions mentioned, but still when try to login using a AD user from OPEN AM i get “Authentication Failed”.
**can someone help me on this?
**LDRepo Error:****
ERROR: An error occurred while executing persistent search
org.forgerock.opendj.ldap.ReferralException: Referral: 0000202B: RefErr: DSID-031007EF, data 0, 1 access points
ref 1: ‘wealthcetera.local’
**Authenication Log Error:**
amAuth:01/18/2016 01:52:05:897 PM IST: Thread[http-apr-8080-exec-7,5,main]
LoginState: getIdentity performing IdRepo search to obtain AMIdentity
amAuth:01/18/2016 01:52:05:897 PM IST: Thread[http-apr-8080-exec-7,5,main]
Search for Identity Dhilip Swaminathan
amAuth:01/18/2016 01:52:05:897 PM IST: Thread[http-apr-8080-exec-7,5,main]
In searchAutehnticatedUser: idType IdType: user
amAuth:01/18/2016 01:52:05:897 PM IST: Thread[http-apr-8080-exec-7,5,main]
In getUserProfile : Search for user Dhilip Swaminathan
amAuth:01/18/2016 01:52:05:897 PM IST: Thread[http-apr-8080-exec-7,5,main]
alias attr=null, attr=[iplanet-am-auth-login-failure-url, iplanet-am-session-max-caching-time, preferredlocale, iplanet-am-session-max-session-time, nsaccountlock, iplanet-am-user-login-status, iplanet-am-auth-post-login-process-class, iplanet-am-session-max-idle-time, iplanet-am-user-success-url, iplanet-am-user-failure-url, inetuserstatus, iplanet-am-auth-login-success-url, iplanet-am-user-account-life, iplanet-am-user-alias-list],merge=[iplanet-am-auth-login-failure-url, iplanet-am-session-max-caching-time, preferredlocale, iplanet-am-session-max-session-time, nsaccountlock, iplanet-am-user-login-status, iplanet-am-auth-post-login-process-class, iplanet-am-session-max-idle-time, iplanet-am-user-success-url, iplanet-am-user-failure-url, inetuserstatus, iplanet-am-auth-login-success-url, iplanet-am-user-account-life, iplanet-am-user-alias-list]
amAuth:01/18/2016 01:52:05:897 PM IST: Thread[http-apr-8080-exec-7,5,main]
Search for Identity Dhilip Swaminathan
amAuth:01/18/2016 01:52:05:899 PM IST: Thread[http-apr-8080-exec-7,5,main]
In searchAutehnticatedUser: idType IdType: agent
amAuth:01/18/2016 01:52:05:899 PM IST: Thread[http-apr-8080-exec-7,5,main]
In getUserProfile : Search for user Dhilip Swaminathan
amAuth:01/18/2016 01:52:05:899 PM IST: Thread[http-apr-8080-exec-7,5,main]
alias attr=null, attr=[iplanet-am-auth-login-failure-url, iplanet-am-session-max-caching-time, preferredlocale, iplanet-am-session-max-session-time, nsaccountlock, iplanet-am-user-login-status, iplanet-am-auth-post-login-process-class, iplanet-am-session-max-idle-time, iplanet-am-user-success-url, iplanet-am-user-failure-url, inetuserstatus, iplanet-am-auth-login-success-url, iplanet-am-user-account-life, iplanet-am-user-alias-list],merge=[iplanet-am-auth-login-failure-url, iplanet-am-session-max-caching-time, preferredlocale, iplanet-am-session-max-session-time, nsaccountlock, iplanet-am-user-login-status, iplanet-am-auth-post-login-process-class, iplanet-am-session-max-idle-time, iplanet-am-user-success-url, iplanet-am-user-failure-url, inetuserstatus, iplanet-am-auth-login-success-url, iplanet-am-user-account-life, iplanet-am-user-alias-list]
amAuth:01/18/2016 01:52:05:899 PM IST: Thread[http-apr-8080-exec-7,5,main]
Search for Identity Dhilip Swaminathan
amAuth:01/18/2016 01:52:05:900 PM IST: Thread[http-apr-8080-exec-7,5,main]
result is :[]
amAuth:01/18/2016 01:52:05:900 PM IST: Thread[http-apr-8080-exec-7,5,main]
URL is :
amAuth:01/18/2016 01:52:05:900 PM IST: Thread[http-apr-8080-exec-7,5,main]
defaultURL : null
amAuth:01/18/2016 01:52:05:900 PM IST: Thread[http-apr-8080-exec-7,5,main]
tempDefaultURL : null
amAuth:01/18/2016 01:52:05:900 PM IST: Thread[http-apr-8080-exec-7,5,main]
defaultFailureURL : null
amAuth:01/18/2016 01:52:05:900 PM IST: Thread[http-apr-8080-exec-7,5,main]
getStatus : status is… : 4
amAuth:01/18/2016 01:52:05:900 PM IST: Thread[http-apr-8080-exec-7,5,main]
getStatus : status is… : 4
amAuthContextLocal:01/18/2016 01:52:05:900 PM IST: Thread[http-apr-8080-exec-7,5,main]
AuthContextLocal::submitRequirements end
amAuthContextLocal:01/18/2016 01:52:05:900 PM IST: Thread[http-apr-8080-exec-7,5,main]
Status at the end of submitRequirements() : failed
amAuthContextLocal:01/18/2016 01:52:05:900 PM IST: Thread[http-apr-8080-exec-7,5,main]
AuthContextLocal::hasMoreRequirements()
amAuth:01/18/2016 01:52:05:900 PM IST: Thread[http-apr-8080-exec-7,5,main]
getStatus : status is… : 4
amAuth:01/18/2016 01:52:05:900 PM IST: Thread[http-apr-8080-exec-7,5,main]
getStatus : status is… : 4
amAuthContextLocal:01/18/2016 01:52:05:900 PM IST: Thread[http-apr-8080-exec-7,5,main]
AuthContextLocal::getStatus()
amAuth:01/18/2016 01:52:05:900 PM IST: Thread[http-apr-8080-exec-7,5,main]
getStatus : status is… : 4
amAuth:01/18/2016 01:52:05:900 PM IST: Thread[http-apr-8080-exec-7,5,main]
getStatus : status is… : 4
amAuthContextLocal:01/18/2016 01:52:05:900 PM IST: Thread[http-apr-8080-exec-7,5,main]
AuthContextLocal:: Status : failed
amAuthContextLocal:01/18/2016 01:52:05:900 PM IST: Thread[http-apr-8080-exec-7,5,main]
AuthContextLocal::getStatus()
amAuth:01/18/2016 01:52:05:900 PM IST: Thread[http-apr-8080-exec-7,5,main]
getStatus : status is… : 4
amAuth:01/18/2016 01:52:05:900 PM IST: Thread[http-apr-8080-exec-7,5,main]
getStatus : status is… : 4
amAuthContextLocal:01/18/2016 01:52:05:900 PM IST: Thread[http-apr-8080-exec-7,5,main]
AuthContextLocal:: Status : failed
amAuthREST:01/18/2016 01:52:05:900 PM IST: Thread[http-apr-8080-exec-7,5,main]
Authentication failed – destroying new session
amAuthContextLocal:01/18/2016 01:52:05:900 PM IST: Thread[http-apr-8080-exec-7,5,main]
AuthContextLocal::getStatus()
amAuth:01/18/2016 01:52:05:900 PM IST: Thread[http-apr-8080-exec-7,5,main]
getStatus : status is… : 4
amAuth:01/18/2016 01:52:05:900 PM IST: Thread[http-apr-8080-exec-7,5,main]
getStatus : status is… : 4
amAuthContextLocal:01/18/2016 01:52:05:900 PM IST: Thread[http-apr-8080-exec-7,5,main]
AuthContextLocal:: Status : failed
amAuth:01/18/2016 01:52:05:900 PM IST: Thread[http-apr-8080-exec-7,5,main]
Error Code is.. : 102
Upvotes: 0
Views: 618
Answers (1)
Guillermo R
Reputation: 633
I am assuming you are using the Active Directory auth module. If so, what value do you have for the "Attribute Used to Retrieve User Profile"? Do you have "Return User DN to DataStore" enabled or disabled?
Also, in your Data Store configuration, what are you using as your "Authentication Naming Attribute"?
It looks like authentication is successful but OpenAM is not able to find the user in the IdRepo (Data Store) afterwards.
Upvotes: 0
Related Questions
- openAM authentication log
- OpenAm agent for tomcat can not read authservice url?
- OpenAM : Can't login with custom authentication module
- OpenAM adding groups and users in datastore
- OpenAM Authentication - logout
- How to get existing user data from one datastore to newly connected datastore in Openam
- OpenAM 11: Display exception from authenticating datastore
- openam authentication for only one website
- OpenAm authentication