Hi All,

I have a Risk Based Auth Contract executing a flow as follows;

1) Kerberos Contract (Kerberos Method followed by passwordFetch method)

2) If the user is a member of a particular group, additional auth is required (radius contract / method etc).

To succeed on the radius contract I need to provide username + pin/token. The JSP of the radius contract asks for only the pin/token and the preceding passwordfetch component is providing the username which is hidden on the radius jsp/form.

This works fine when using an eDirectory user store where the CN value is mapped to the username expected at the radius end. For example, CN=jsmith in eDirectory and username in radius server is jsmith.

But when the eDirectory user store has the CN value mapped to a value such as "john smith" and the radius end expects "jsmith" it fails.

I'm wondering whether there is anyway we can control the returned attribute from the passwordfetch class/method. In this example, I need to retrieve the uniqueID attribute from eDirectory as opposed to CN.

Thanks,