Hi Team,
We have configured the Active Directory as a Federated registry with ISVA.
Now, I want to enable the implicit flow so that the below API should work
This API call works fine and returns the token when AAC "Username Password" Authentication Mechanism is configured with ISAM LDAP and not the Federated AD
But the Same API doesn't return the token successfully when I provided Federated User's username and password and getting below error with 400 return code
{
"error_description": "Invalid username/password. Authentication failed.",
"error": "mapping_error"
}
I tried configuring [bind-credentials] stanza with the bind-dn and bind-pwd but it did not resolve the issue.
Also tried configuring the Federated AD details under properties of AAC "Username Password" Authentication Mechanism but still the same issue.
I have two main questions here
1. Is it possible to configure AAC "Username Password" Authentication Mechanism with the federated registry(AD in our case)?
2. If Yes, then what all parameters from the properties should be configured among the below mentioned?
LDAP Bind DN
LDAP Bind Password
LDAP Host Name
LDAP Port
Login Failures Persistent
Management Domain
Maximum Server Connections
SSL Enabled
SSL Trust Store
STARTTLS Enabled
Use Federated Directories Configuration
User Search Filter
With various configurations to AAC "Username Password" Authentication mechanism, I tried updated PreTokenGeneration mapping rule with below userLookupHelper.
var userLookupHelper = PluginUtils.isValidUsernamePassword(username, password);
But I got an error as:
{
"error_description": "FBTRBA329E The username password authentication mechanism configuration is invalid.",
"error": "mapping_error"
}
Can someone help me with this?
Regards,
Prashant Narkhede
------------------------------
Prashant Narkhede
------------------------------