variable assignment between unsuccessful login and next check
Hi,
I have the following problem: I want to use RSA SecurID tokens, but instead of adding the user twice (on RSA and LDAP or Active directory) I want to use the Token Serial Number as username. So I can assign a token for a user in LDAP or active-directory. I only have to store the assigned token serial number at any user attribute.
After 1st Factor Authentication I use "variable assign" to rewrite the username to the token-serial-number, and the password to the entered token-code.
Works like a charm, but when the user types in the wrong tokencode, the username/password/tokencode window is displayed again, I type in the 3 values again - and it does not work anymore.
After closing the session and create a new one it works again. In the log it seems that the "variable assignment" before the securid-check is not executed anymore - in fact it seems that nothing inbetween login-page and securid-check is executed anymore. So it tries to authenticate the second time with my real username, and not the token-snr as username. A look at the RSA servers is displaying what I've expected - the user sent to the RSA server is the real-username not the token-snr.
Can somebody tell me how to solve that ?
best regards,
Florian