WSO2AM 4.2.0 login failed while using LDAP secondary user stores

[damoebius]

Description

It's impossible to login into admin/publisher/and devportal using LDAP secondary user stores. It works with the primary user store It works with both primary and secondary user stores in CARBON

Tried to login with :

• myaccount
• UserStoreDomain/myaccount
• myaccount@mydomain

Steps to Reproduce

1) Configure LDAP secondary user stores in CARBON 2) Check Users and Roles 3) Give ALL PERMISSIONS to all Roles 4) Configure scopes assignement in ADMIN 5) Try to login using secondary user stores

Fail !

Affected Component

APIM

Version

4.2.0

Environment Details (with versions)

RHEL 8 WSO2 4.2.0 distributed deployment gateway in docker control-plane in docker Docker 26.0.0

Relevant Log Output

TID: [-1234] [2024-04-05 07:24:19,292]  INFO {AUDIT_LOG} - Initiator : myaccount | Action : Login | Target : ApplicationAuthenticationFramework | Data : { "ContextIdentifier" : "17533d4b-6da9-454c-9ddb-47d50cd3218e","ServiceProviderName" : "apim_publisher","RequestType" : "oidc","RelyingParty" : "Dra8r34IYrec15dIPe8939xI9u0a","StepNo" : "1","User Agent" : "null","RemoteAddress" : "null","UserStoreDomain" : "MYDOMAIN.COM" } | Result : Failed

Related Issues

No response

Suggested Labels

publisher login

[damoebius]

I just installed a fresh new standalone 4.3.0 version, and it doesn't work !

Can someone have a look on it ?

[vitalytchernykh]

Same here in apim 4.2.0. After debuging class found search filter is uid, not sAMAccountName. Fixed by adding claim mappings. Carbon - Identity - Claims - List - http://wso2.org/claims. Add secondary store User Attributes.

1. Username - Edit - Mapped Attribute - Add Attribute Mappings: SECONDARY.STORE.NAME - sAMAccountName
2. User Principal - Edit - Mapped Attribute - Add Attribute Mappings: SECONDARY.STORE.NAME - sAMAccountName

[damoebius]

Amazing, thank you so much @vitalytchernykh Your fix works.