LDAP authentication and attribute release to sp failed

Nate Klingenstein ndk at signet.id
Tue Nov 17 05:36:57 UTC 2020


> ldap.properties
> idp.authn.LDAP.authenticator        
>           = adAuthenticator
> idp.attribute.resolver.LDAP.searchFilter      
>  = (mail=$resolutionContext.principal)

It's just a guess, but your most likely problem is that your searchFilter is looking for LDAP entries that have a "mail" attribute that matches whatever the principal name was that was typed in.  Unless your users are authenticating with their email address as their username, there will be no matches, and you won't have any entry to pull mail from.  You may want to change that to uid= or something similar.

Beyond that, you would have to look at your IdP logs for more information.

Take care,

Signet, Inc.
The Art of Access ®


More information about the users mailing list