OIDC Integration and Agama flow

[msdee23]

Hii Team,

We have implemented OIDC Integration and Agama flow within the Janssen server. We are trying to analyze the logs. However, it shows that the authentication is successful even when the username or password is incorrect. There are no logs showing authentication failure. What are we missing? Please take a look at the attachment. Any guidance is much appreciated.

Thank you!

jans-auth.log

[nynymike]

Can you paste in the Agama source? Also, the script log may have some details, because the Agama bridge runs as an interception script.

[msdee23]

Thank you Nynymike.

However, It is not just the agama flow. We are getting the same thing when we try to test using default Janssen login page.

Here's the code we used:

Flow attacker4930.unp

 Basepath ""

authService = Call io.jans.as.server.service.AuthenticationService#class

cdiUtil = Call io.jans.service.cdi.util.CdiUtil#bean authService

authResult = {}

Repeat 3 times max

 creds = RRF "username.ftlh" authResult

 creds1 = RRF "password.ftlh" authResult

 authResult.success = Call cdiUtil authenticate creds.username creds1.password

 authResult.uid = creds.username

 When authResult.success is true

      Finish authResult.uid

Finish false

[nynymike]

Did you develop this flow in AgamaLab? That might be a better idea. You can register for free: https://agama-lab.gluu.org

[mmrraju]

Hello @msdee23 , Please check your jans-auth_script.log. It will say something about your flow. You may upload here. I can assist you.