WSO2 IWA Kerberos Authentication Fails to Retrieve Mobile Claim for SMS OTP - Stack Overflow

admin管理员组

文章数量:1391918

Description: I am using WSO2 Identity Server with Integrated Windows Authentication (IWA) and Kerberos for authentication. I have configured SMS OTP as a second authentication step.

Problem: When using Basic Authentication, SMS OTP works fine, and the user receives an OTP. When using IWA (Kerberos Authentication), the user gets authenticated, but fails with "User not found in the directory" when fetching claims for SMS OTP. The mobile claim is not being retrieved from the user store, causing the SMS OTP step to fail. WSO2 Environment: WSO2 Identity Server version: [Specify your version] User store: Active Directory (AD) via LDAP Multi-attribute login enabled: Yes (sAMAccountName, mail, etc.) Authenticator configuration: IWA (Kerberos) + SMS OTP

What I Have Tried Checked IWA Authentication:

User logs in via IWA successfully. However, the username retrieved may not match AD's search filter. Checked Mobile Claim Retrieval:

sAMAccountName and mail claims are retrieved correctly. Mobile claim () is missing when using IWA.

本文标签： WSO2 IWA Kerberos Authentication Fails to Retrieve Mobile Claim for SMS OTPStack Overflow