We are using OpenAM to authenticate with out Active Directory users. We are running into a very odd problem.
We login using the mail attribute which belongs to the user object class in Active Directory. Upon logging in a Not found error appears on the screen. Looking into the network tab we see that there was a request to openam/json/realms/root/users/<[email protected]>, but it returns a 404.
If we close the tab and reload the login url again, it immediately goes to the consent screen and displays the user's conical name. Accepting the agreement successfully sends us to the specified redirect uri.
Info:
Any ideas?
I was able to determine the problem after digging into the OpenAM logs.
I turned on message level debugging and say that the Not found error was not a problem with find the user in AD, but a problem finding groups in AD.
By default the datastore we had created was searching for groups with some arbitrary attributes, but our AD does not have groups. We set all the group search fields to be blank and this resolved our problem.