I am trying to configure WSO2AM 4.2.0 to uses LDAP as secondary user store. I have created new user store which pointing to LDAP, and list of users from LDAP could be seen in list of user, role and permission was also set, but when I try to login with LDAP user,it is failed. I try to find the problem from wso2carbon, but nothing log record for those event, meanwhile the audit.log give some log record that related to failed login event. After comparing the same log from success login event with PRIMARY user store, I found this difference:
When using secondary user store (LDAP) it seems the value of parameter Target always null. I think that the cause, does somebody know how to solve that problem?
Success login with PRIMARY user store:
TID: [-1234] [2024-01-19 04:33:25,917] INFO {AUDIT_LOG} - Initiator=wso2.system.user Action=Get-User-List Target=null Data={"ServiceProviderName":"apim_publisher","Claim Value":"admin","Users":["admin"],"Claim":"wso2.org/claims/username"} Outcome=Success
TID: [-1234] [2024-01-19 04:33:25,921] INFO {AUDIT_LOG} - Initiator=wso2.system.user Action=Get-User-Claim-Values Target=admin Data={"ServiceProviderName":"apim_publisher","Claims":{},"Profile":"default"} Outcome=Success
TID: [-1234] [2024-01-19 04:33:25,922] INFO {AUDIT_LOG} - Initiator=wso2.system.user Action=Get-User-Claim-Values Target=admin Data={"ServiceProviderName":"apim_publisher","Claims":{},"Profile":"default"} Outcome=Success
TID: [-1234] [2024-01-19 04:33:25,923] INFO {AUDIT_LOG} - Initiator=wso2.system.user Action=Get-User-Claim-Values Target=admin Data={"ServiceProviderName":"apim_publisher","Claims":{},"Profile":"default"} Outcome=Success
TID: [-1234] [2024-01-19 04:33:25,923] INFO {AUDIT_LOG} - Initiator : admin | Action : LoginStepSuccess | Target : ApplicationAuthenticationFramework | Data : { "ContextIdentifier" : "6aee430c-eee8-42d0-ad44-f3db75871b75","AuthenticatedUser" : "admin","AuthenticatedUserTenantDomain" : "carbon.super","ServiceProviderName" : "apim_publisher","RequestType" : "oidc","RelyingParty" : "kIU5o46AsimffsYRb9YHGhQC4Moa","AuthenticatedIdP" : "LOCAL","User Agent" : "null","RemoteAddress" : "null","UserStoreDomain" : "PRIMARY" } | Result : Success
TID: [-1234] [2024-01-19 04:33:25,923] INFO {AUDIT_LOG} - Initiator : [email protected] | Action : Authenticate | Target : ApplicationAuthenticationFramework | Data : { Step: 1, IDP: LOCAL, Authenticator:BasicAuthenticator } | Result : Success
TID: [-1234] [2024-01-19 04:33:25,925] INFO {AUDIT_LOG} - Initiator=wso2.system.user Action=Get-Roles-of-User Target=admin Data={"ServiceProviderName":"apim_publisher","Filter":"*","Roles":["Internal/subscriber","Internal/creator","Internal/publisher","Internal/everyone","Internal/devops","admin","Internal/analytics","Internal/observer","Internal/integration_dev"]} Outcome=Success
TID: [-1234] [2024-01-19 04:33:25,925] INFO {AUDIT_LOG} - Initiator=wso2.system.user Action=Get-User-Claim-Values Target=admin Data={"ServiceProviderName":"apim_publisher","Claims":{"wso2.org/claims/username":"admin","wso2.org/claims/userid":"c9be1882-aa24-4576-884d-41ec3ff6bee4","wso2.org/claims/role":"Internal/subscriber,Internal/creator,Internal/publisher,Internal/everyone,Internal/devops,admin,Internal/analytics,Internal/observer,Internal/integration_dev","wso2.org/claims/userprincipal":"admin"}} Outcome=Success
TID: [-1234] [2024-01-19 04:33:25,934] INFO {AUDIT_LOG} - Initiator : admin | Action : StoreSession | Data : { {"traceId":"73f7b857-3357-4201-9c35-99f60a6593eb","RememberMe":false,"sessionContextId":"48926f289949e3696802784c4385d873020515e2b8962d098a0d8293496311b1","AuthenticatedUserTenantDomain":"carbon.super","AuthenticatedUser":"admin","LastAccessedTimestamp":1705656805928} } | Result : Success
TID: [-1234] [2024-01-19 04:33:25,939] INFO {AUDIT_LOG} - Initiator : admin | Action : Login | Target : ApplicationAuthenticationFramework | Data : { "ContextIdentifier" : "6aee430c-eee8-42d0-ad44-f3db75871b75","AuthenticatedUser" : "admin","AuthenticatedUserTenantDomain" : "carbon.super","ServiceProviderName" : "apim_publisher","RequestType" : "oidc","RelyingParty" : "kIU5o46AsimffsYRb9YHGhQC4Moa","AuthenticatedIdPs" : "eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJpc3MiOiJ3c28yIiwiZXhwIjoxNzA1NjU2ODA4OTIzLCJpYXQiOjE3MDU2NTY4MDU5MjMsImlkcHMiOlt7ImlkcCI6IkxPQ0FMIiwiYXV0aGVudGljYXRvciI6IkJhc2ljQXV0aGVudGljYXRvciJ9XX0.wkLT2T3dYkEpAJ47MnMjsFB3BzQEHiN1DoMmk3_YpvQ","User Agent" : "null","RemoteAddress" : "null","UserStoreDomain" : "PRIMARY" } | Result : Success
TID: [-1234] [2024-01-19 04:33:26,134] INFO {AUDIT_LOG} - Initiator=wso2.system.user Action=Get-User-List Target=null Data={"UserName":"admin","Claim Value":"admin","Users":["admin"],"Claim":"wso2.org/claims/username"} Outcome=Success
Failed login event with SECONDARY user store:
TID: [-1234] [2024-01-19 04:36:00,002] INFO {AUDIT_LOG} - Initiator=wso2.system.user Action=Get-User-List Target=null Data={"ServiceProviderName":"apim_publisher","UserName":"admin","Claim Value":"060111544","Claim":"wso2.org/claims/username"} Outcome=Success
TID: [-1234] [2024-01-19 04:36:01,362] INFO {AUDIT_LOG} - Initiator=wso2.system.user Action=Get-User-List Target=null Data={"ServiceProviderName":"apim_publisher","UserName":"admin","Claim Value":"060111544","Claim":"wso2.org/claims/username"} Outcome=Success
TID: [-1234] [2024-01-19 04:36:01,362] INFO {AUDIT_LOG} - Initiator : 060111544 | Action : Login | Target : ApplicationAuthenticationFramework | Data : { "ContextIdentifier" : "3dd20b79-1922-4c17-92f6-ef3018177e79","ServiceProviderName" : "apim_publisher","RequestType" : "oidc","RelyingParty" : "kIU5o46AsimffsYRb9YHGhQC4Moa","StepNo" : "1","User Agent" : "null","RemoteAddress" : "null","UserStoreDomain" : "INTRANET" } | Result : Failed
I try to configuring LDAP as secondary user store in wso2am 4.2.0, I expect could logged in with LDAP, but it still failed when login with LDAP user.
If a user is not able to log in, it may be due to one or some of the following reasons:
I assume that in your case, you have missed assigning roles to the users. You should add Internal/creator, Internal/publisher, and Internal/subscriber roles to log in to the publisher and DevPortal.