Task #2630
closedUse CzechIdM 10.7.2. dependency
100%
Description
Update module to use CzechIdM 10.7.2. dependency - improve validate method in authenticator - prevent to authenticate in validate method (~ validate password only, when password is changed).
Updated by Radek Tomiška almost 4 years ago
- Status changed from In Progress to Needs feedback
- Assignee changed from Radek Tomiška to Alena Peterová
- % Done changed from 0 to 90
Module is using CzechIdm 10.7.1 and validate method is implemented, commit:
https://git.bcvsolutions.eu/modules/openam/-/commit/43f160a4e42bc8185bbd150135e6594ada21c91a
Could you provide me a feedback, please?
Updated by Alena Peterová almost 4 years ago
- Assignee changed from Alena Peterová to Radek Tomiška
Thank you for this change!
I tested authentication against OpenAM with and without two-factor authentication, it works great when authenticating for the first time.
I'm only not sure about the "SSO" part of the module (OpenAMIdmAuthenticationFilter) - when users who are already authenticated by OpenAM get to IdM. It works well when two-factor is off - the users are immediately authenticated to IdM. But when two-factor is on, they see only the login form, instead of the field for filling the code from TOTP application.
The exception in the log says:
2021-01-19 14:39:10.407 ERROR 5846903 --- [http-nio-8080-exec-7] e.b.i.o.a.f.OpenAMIdmAuthenticationFilter.authorize : Exception was raised during OpenAM authentication: [Verification code is needed.]. eu.bcvsolutions.idm.core.security.api.exception.TwoFactorAuthenticationRequiredException: Verification code is needed.
Updated by Alena Peterová almost 4 years ago
- Subject changed from Use CzechIdm 10.7.1. dependency to Use CzechIdM 10.7.1. dependency
Updated by Radek Tomiška almost 4 years ago
- Description updated (diff)
- Status changed from Needs feedback to In Progress
- % Done changed from 90 to 50
Updated by Radek Tomiška almost 4 years ago
- Subject changed from Use CzechIdM 10.7.1. dependency to Use CzechIdM 10.7.2. dependency
- Description updated (diff)
- Status changed from In Progress to Needs feedback
- Assignee changed from Radek Tomiška to Alena Peterová
- % Done changed from 50 to 90
All exceptions was handled in OpenAMIdmAuthenticationFilter, I forgot to add additional catch block as in other filter implementations.
Fixed in commit:
https://git.bcvsolutions.eu/modules/openam/-/commit/97ca3b4fc5d99628139c7b3bcc6353592df3d8e7
Could you provide me a feedback again, please?
Note: Force password change is not supported now. I'm not sure if this combination (OpenAM + must change password by IdM) is needed, but i prepared catch block, if it will be implemented in future.
Updated by Alena Peterová almost 4 years ago
- Assignee changed from Alena Peterová to Radek Tomiška
I tested the change and it works great both with and without 2FA, thanks!
Note: The combination of OpenAM + must change password by IdM isn't needed in my opinion, I don't see the use case now. I tried the usage just for fun, it's somehow stuck on reloading the Dashboard after changing the password. But I don't think we need to solve this now.
Updated by Radek Tomiška almost 4 years ago
- Status changed from Needs feedback to Closed
- % Done changed from 90 to 100
Awesome, thx for feedback!