IdStory IdM modules » openam

Module is using CzechIdm 10.7.1 and validate method is implemented, commit:
https://git.bcvsolutions.eu/modules/openam/-/commit/43f160a4e42bc8185bbd150135e6594ada21c91a

Could you provide me a feedback, please?

Thank you for this change!
I tested authentication against OpenAM with and without two-factor authentication, it works great when authenticating for the first time.

I'm only not sure about the "SSO" part of the module (OpenAMIdmAuthenticationFilter) - when users who are already authenticated by OpenAM get to IdM. It works well when two-factor is off - the users are immediately authenticated to IdM. But when two-factor is on, they see only the login form, instead of the field for filling the code from TOTP application.
The exception in the log says:

2021-01-19 14:39:10.407 ERROR 5846903 --- [http-nio-8080-exec-7] e.b.i.o.a.f.OpenAMIdmAuthenticationFilter.authorize : Exception was raised during OpenAM authentication: [Verification code is needed.].
eu.bcvsolutions.idm.core.security.api.exception.TwoFactorAuthenticationRequiredException: Verification code is needed.

All exceptions was handled in OpenAMIdmAuthenticationFilter, I forgot to add additional catch block as in other filter implementations.

Fixed in commit:
https://git.bcvsolutions.eu/modules/openam/-/commit/97ca3b4fc5d99628139c7b3bcc6353592df3d8e7

Could you provide me a feedback again, please?

Note: Force password change is not supported now. I'm not sure if this combination (OpenAM + must change password by IdM) is needed, but i prepared catch block, if it will be implemented in future.

I tested the change and it works great both with and without 2FA, thanks!

Note: The combination of OpenAM + must change password by IdM isn't needed in my opinion, I don't see the use case now. I tried the usage just for fun, it's somehow stuck on reloading the Dashboard after changing the password. But I don't think we need to solve this now.

Awesome, thx for feedback!