AnsweredAssumed Answered

User authentication with multiple UID values being sent from FCC login page

Question asked by ckrajoli on Dec 18, 2014
Latest reply on Jan 30, 2015 by jack.saunders

Hi All,

 

We have a requirement to send two values in UID attribute using an OR condition query from the login page and the user should get authenticated by SiteMinder. Only one unique value would exist in LDAP of the two values provided in the query.

 

To achieve the above requirement in a POC set up,

    1. We have set the user directory object to contain only starting and closing paranethesis.

    2. Set the hardcoded value to USER variable i.e., "uid=12345678" in login.fcc file

        function resetCredFields()

        {

            document.Login.USER.value = "uid=12345678";

            document.Login.PASSWORD.value = "";

        }

    3. Accessed the login page and the value set above is auto populated in USER field on login form and provided the password

    4. Authentication is successful

    5. Now, set the hardcoded value to USER variable i.e., "|(uid=12345678)(uid=12345)" in login.fcc file

        function resetCredFields()

        {

            document.Login.USER.value = "|(uid=12345678)(uid=12345)";

            document.Login.PASSWORD.value = "";

        }

    6. Accessed the login page and the value set above is auto populated in USER field on login form and provided the password

    7. Authentication failed

    8. Checked the SiteMinder logs and noticed the query is being passed with hexa equivalent values i.e., ( replaced with \28 and ) replaced with \29.

      Error message -   [SmDsLdapProvider.cpp:1694][ERROR][sm-Ldap-00650] CSmDsLdapProvider::Search(): Wrong syntax of LDAP search filter: (|\28uid=12345678\29\28uid=12345\29)

    9. Checked the web agent trace logs and noticed the query is normal as I see the below line returned in the logs

          User '|(uid=12345678)(uid=12345)' is not authenticated by Policy Server.

 

We were trying the above approach as per the blog posted in "http://www.coreblox.com/2012/08/login-to-a-siteminder-protected-resource-using-uid-or-email/".

 

Please advise on how to retain the search filter to what was sent from the login page without converting them into their hexa equivalents in SiteMinder.

 

 

Thanks,

Chenna

Outcomes