Skip to content

Enable carrying over the username in ID/password authentication #338

Description

@tsujiguchitky

Description

When there is an authentication requirement such that authentication is successful with just a passkey, but if not, ID/password and OTP are required, the following authentication chain can be considered:

  1. WebAuthn (Authenticate) - sufficient
  2. LDAP - requisite
  3. ForgeRock Authenticator (OATH) - required

In this authentication chain, the username is first entered in WebAuthn. If a passkey is not registered, the username must also be entered in LDAP.
This is very inconvenient. Therefore, it is necessary to change the process so that the username entered in WebAuthn is carried over to LDAP.

Solution

For ID/password authentication such as LDAP, DataStore, or Active Directory, if the username is included in the Shared State, modify the process to prompt only for the password.

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions