Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Password policy authenticator only works if it is configured after basic authenticator #7021

Closed
senthalan opened this issue Dec 5, 2019 · 1 comment
Closed

Password policy authenticator only works if it is configured after basic authenticator #7021

senthalan opened this issue Dec 5, 2019 · 1 comment
Labels
Complexity/High Component/Extensions Priority/Normal

Comments

@senthalan
Copy link
Contributor

If the steps are configured in this order the authentication fails without any logs,
step 1 - basic authenticator
step 2 - smsotp
step 3 - password policy authenticator

When I analysed the code the password policy authenticator has a logic to execute the only if the last authenticator is a local authenticator[1]. In this case, the smsotp is a federated authenticator that why the authentication failed. I think we should loop for all the previous authenticators and check whether the basic authenticator is in the step.

[1] - https://github.com/wso2-extensions/identity-outbound-auth-passwordPolicy/blob/v1.0.14/component/authenticator/src/main/java/org/wso2/carbon/identity/policy/password/PasswordResetEnforcer.java#L127-L128
@senthalan
Copy link
Contributor Author

Duplicate of #6936

@senthalan senthalan marked this as a duplicate of #6936 Dec 9, 2019
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Complexity/High Component/Extensions Priority/Normal
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@senthalan