Menu
▾
▴
Re: [Unity-idm-discuss] Registration forms with OAuth2Authz / ldap with web-password
|
From: Krzysztof B. <kb...@un...> - 2018-01-19 11:36:22
|
Dear Tim,
W dniu 16.01.2018 o 14:39, Tim Kreuzer pisze:
>
> Dear Krzysztof,
>
> i have a question about registration forms combined with ldapWeb. I'm
> using Unity-IdM version 2.3.0. The registration form should be called
> whenever a (local) unknown user has logged in via ldapWeb at an
> OAuth2Authz endpoint. What i want to achieve is that new users need to
> confirm their email-address before they can use the service / before
> they get a local Unity-IdM entity. When a unknown user logs in the
> logs shows:
>
>
> 2018-01-16T14:05:49,938 [qtp2016562839-38] DEBUG
> unity.server.externaltranslation.InputTranslationRule: [[TrProfile
> ldapTP], [r: 1]]Condition OK
> 2018-01-16T14:05:49,963 [qtp2016562839-38] DEBUG
> unity.server.externaltranslation.MapIdentityAction: [[TrProfile
> ldapTP], [r: 1], [ldap -
> uid=kreuzer1,ou=webusers,ou=jsc,dc=fz-juelich,dc=de]]Mapped identity: [x5
> 00Name] uid=kreuzer1,ou=webusers,ou=jsc,dc=fz-juelich,dc=de
> 2018-01-16T14:05:49,964 [qtp2016562839-38] DEBUG
> unity.server.externaltranslation.InputTranslationRule: [[TrProfile
> ldapTP], [r: 2]]Condition OK
> 2018-01-16T14:05:49,975 [qtp2016562839-38] DEBUG
> unity.server.externaltranslation.MapAttributeAction: [[TrProfile
> ldapTP], [r: 2], [ldap -
> uid=kreuzer1,ou=webusers,ou=jsc,dc=fz-juelich,dc=de]]Mapped attribute: e
> mail:
> [{"value":"t.k...@fz...","confirmationData":{"confirmed":false,"confirmationDate":0,"sentRequestAmount":0},"tags":[]}]
> 2018-01-16T14:05:49,979 [qtp2016562839-38] DEBUG
> unity.server.externaltranslation.InputTranslationEngineImpl: No
> identity needs to be added
> 2018-01-16T14:05:49,980 [qtp2016562839-38] INFO
> unity.server.externaltranslation.InputTranslationEngineImpl: The
> mapped identity does not exist in database and was not created. The
> creation of groups and attributes is skipped, the mapped groups and
> attributes will be available for the registration form (if any)
> 2018-01-16T14:05:56,512 [pool-2-thread-4] DEBUG
> unity.server.EntitiesScheduledUpdater: Performing scheduled operations
> on entities
>
>
> But a registration form is never shown. In the web browser is a red
> rectangle with "Authentication failed - Invalid user name, credential
> or external authentication failed.".
> Is a registration form in the combination with a OAuth2Authz endpoint
> / "ldap with web-password"-authenticator possible? If yes, which part
> of the configuration have i missed?
> I attached the complete log file and my configuration.
>
In case of LDAP authentication which is mixed (so that credential is
collected locally but verified externally, in contrast to OAuth or SAML
where everything is performed externally) the configuration of
registration form for unknown users is slightly different.
Please read the end of the section 6.3 in documentation so see how to
enable your registration form.
HTH
Krzysztof
|
