Hi Kirill,
So are you not able to use the UserLookupHelper at all or is it just that you are not able to check if the user is still active?
It is definitely possible to use the UserLookupHelper in OAuth mapping rules, We use it.
Did you set the required parameters in ldap.conf?
[bind-credentials]
# Optional stanza used to store a set of bind credentials.
# The ISAM Appliance will use these credentials when consuming the ISAM RTE as
# an LDAP connection for user lookups. (Currently only via the UserLookupHelper).
#
# Bind DN to use when performing user lookups and modifications.
bind-dn = cn=root
# The following configuration item is contained within the obfuscated
# database and as such is obfuscated within this file. If the value is
# modified within this configuration file the corresponding change will
# be applied to the obfuscated database.
bind-pwd = **obfuscated**
------------------------------
Laurent LA Asselborn
------------------------------
Original Message:
Sent: Tue May 11, 2021 07:17 PM
From: Kirill N
Subject: ISAM 9 OpenID Connect Provider check user is active
Hello,
I have OpenID Provider based on Appliance 9.0.7 with authorization code flow.
When Relying Party send Refresh Token or try to introspect Access Token, I need to check, that user is still active (Access Manager in ISAM).
I try to use UserLookupHelper class in POST Mapping Rule of the OpenID Provider, but dont` get result.
Is there any way to check Access Manager status or some kind of instruction how to do this?
Thanks!
------------------------------
Kirill N
------------------------------