Disambiguated and authenticated user is different from the user for which the policy was evaluated
search cancel

Disambiguated and authenticated user is different from the user for which the policy was evaluated

book

Article ID: 376384

calendar_today

Updated On:

Products

VIP Authentication Hub

Issue/Introduction


Running VIP Authentication Hub, this one can't disambiguate the user and reports the error:

  "The mapped user Attribute value(s)(based on spMappingAttribute), corresponding to the authenticated user by the IDP : <user> is different  from the user <name> for which the policy was evaluated in AuthHub" 
  "No matching found to apply regex on loginid"

The Identity Store is configured that way:


<ldap_server>

  | VIP AUTHENTICATION HUB | LDAP ATTRIBUTE |
  |------------------------+----------------|
  | user_loginid           | uid            |
  | phone_number           | mobile         |

Login ID Attribute Mapping: user_loginid

Search Query

  x Use Regular Expression to adjust lookup attribute

  | REGEX TO BE APPLIED (FROM) | REGEX TO BE USED (TO) |
  |----------------------------+-----------------------|
  | ^(.*)\s(.*)$               | 0{2}                  |

  Start: (|(uid=${loginid})(mobile=${loginid})
  End: )

Effective User Search Query


 (&(objectClass=inetorgperson)(|(uid=${loginid})(mobile=${loginid})))

IDP NAME: <name>

  Identity Subject Claim: phone_number
  Identity Subject Claim Source: Token
  Account Mapping Attribute: phone_number

 

Resolution


Upgrade VIP Authentication Hub to version 3.2.1 version to fix this issue.

 

Powered by Wolken Software