[Unity-idm-discuss] Registration forms with OAuth2Authz / ldap with web-password

[Tim K. <t.k...@fz...>]

Dear Krzysztof,

i have a question about registration forms combined with ldapWeb. I'm 
using Unity-IdM version 2.3.0. The registration form should be called 
whenever a (local) unknown user has logged in via ldapWeb at an 
OAuth2Authz endpoint. What i want to achieve is that new users need to 
confirm their email-address before they can use the service / before 
they get a local Unity-IdM entity. When a unknown user logs in the logs 
shows:

2018-01-16T14:05:49,938 [qtp2016562839-38] DEBUG 
unity.server.externaltranslation.InputTranslationRule: [[TrProfile 
ldapTP], [r: 1]]Condition OK
2018-01-16T14:05:49,963 [qtp2016562839-38] DEBUG 
unity.server.externaltranslation.MapIdentityAction: [[TrProfile ldapTP], 
[r: 1], [ldap - 
uid=kreuzer1,ou=webusers,ou=jsc,dc=fz-juelich,dc=de]]Mapped identity: [x5
00Name] uid=kreuzer1,ou=webusers,ou=jsc,dc=fz-juelich,dc=de
2018-01-16T14:05:49,964 [qtp2016562839-38] DEBUG 
unity.server.externaltranslation.InputTranslationRule: [[TrProfile 
ldapTP], [r: 2]]Condition OK
2018-01-16T14:05:49,975 [qtp2016562839-38] DEBUG 
unity.server.externaltranslation.MapAttributeAction: [[TrProfile 
ldapTP], [r: 2], [ldap - 
uid=kreuzer1,ou=webusers,ou=jsc,dc=fz-juelich,dc=de]]Mapped attribute: e
mail: 
[{"value":"t.k...@fz...","confirmationData":{"confirmed":false,"confirmationDate":0,"sentRequestAmount":0},"tags":[]}]
2018-01-16T14:05:49,979 [qtp2016562839-38] DEBUG 
unity.server.externaltranslation.InputTranslationEngineImpl: No identity 
needs to be added
2018-01-16T14:05:49,980 [qtp2016562839-38] INFO 
unity.server.externaltranslation.InputTranslationEngineImpl: The mapped 
identity does not exist in database and was not created. The creation of 
groups and attributes is skipped, the mapped groups and attributes will 
be available for the registration form (if any)
2018-01-16T14:05:56,512 [pool-2-thread-4] DEBUG 
unity.server.EntitiesScheduledUpdater: Performing scheduled operations 
on entities


But a registration form is never shown. In the web browser is a red 
rectangle with "Authentication failed - Invalid user name, credential or 
external authentication failed.".
Is a registration form in the combination with a OAuth2Authz endpoint / 
"ldap with web-password"-authenticator possible? If yes, which part of 
the configuration have i missed?
I attached the complete log file and my configuration.


Thank you very much in advance,
Tim Kreuzer


ps: to see my configured registration form or translation profile please 
look into configuration.conf.


-- 
M.Sc. Tim Kreuzer
Federated Systems and Data
Jülich Supercomputing Centre, http://www.fz-juelich.de/jsc
Phone: +49 2461 61-1583

-----------------------------------------------------------------------
-----------------------------------------------------------------------
Forschungszentrum Juelich GmbH
52425 Juelich
Sitz der Gesellschaft: Juelich
Eingetragen im Handelsregister des Amtsgerichts Dueren Nr. HR B 3498
Vorsitzender des Aufsichtsrats: MinDir Dr. Karl Eugen Huthmacher
Geschaeftsfuehrung: Prof. Dr.-Ing. Wolfgang Marquardt (Vorsitzender),
Karsten Beneke (stellv. Vorsitzender), Prof. Dr.-Ing. Harald Bolt,
Prof. Dr. Sebastian M. Schmidt
-----------------------------------------------------------------------
-----------------------------------------------------------------------