0

Here is my understanding for the two types of plugin:

  • Authentication plugin – we can add a customized module to return STATE_ERROR if we want to block user in certain condition. Otherwise the default authentication module (uses OpenDJ) will return success as long as the provided user credentials (Uid and Password) are correct.

  • Post Authentication plugin – has three methods (onLoginSuccess, onLoginFailure and onLogout). We can use the plugin to send the error code (authentication result) to the protected application by setting cookies and session variables.

Our goal - need to return different error codes to the protected application in all 7 conditions:

  • Wrong credential -103
  • 3rd wrong password attempts - 9103
  • Account locked - 113
  • Force change password -112
  • Password expired - 111
  • Account inactivity – 9115
  • Account suspended – 9114

Question – How can we not to duplicate the logic in both plugins to reach the goal?

alexander.polomodov
  • 5,396
  • 14
  • 39
  • 46
Wes
  • 1,183
  • 3
  • 23
  • 51

1 Answers1

0

If you are using OpenAM 12/13 and want to customize the error messages returned by the REST API you don't need a Post Authentication plugin.

This blog post explains how to customize your authentication module to add custom error messages.

Guillermo R
  • 623
  • 4
  • 8