>> Is it possible to configure Gluu so that users can login with their email instead of username? In 'Manage LDAP Authentication' feature; add 'mail' for 'Local Primary Key' value. HowTo available [here](http://www.gluu.org/docs/admin-guide/configuration/#manage-authentication). >> (or both!) Yes, it's possible to allow multiple attribute for authentication. Scripts and howto is available in github: https://github.com/GluuFederation/oxAuth/tree/master/Server/integrations/basic.multi_auth_conf

If I change `uid` to `mail` under Manage LDAP Authentication, the system logs in (doesn't reject) but seems to crash at some part of the follow up login workflow (looks like its wanting to redirect after /authorize, but is just stuck).

>> but seems to crash at some part of the follow up login workflow (looks like its wanting to redirect after /authorize, but is just stuck). It shouldn't create problem as our customers are using this in their production. Then again if you feel uncomfortable with any workflow, add stack traces and reproducing steps; we will check.

Ok first can you just verify which fields to set to `mail`? You initially said `Local Primary Key` but if I just changed that I couldn't even log in (rejected), I had to change both `Primary Key` and `Local Primary Key` before it would even stop rejecting me.

>> Ok first can you just verify which fields to set to mail? You initially said Local Primary Key but if I just changed that I couldn't even log in (rejected), I had to change both Primary Key and Local Primary Key Yes.. both need to change. Missed that in previous answer. 'Primary Key' is actually the primary_key of backend AD/LDAP if you use any organizational Active Directory/LDAP server to grab user's information from. 'Local_primary_key' is the local LDAP attribute which is mapped with 'Primary_key'.

Ok here's what looks to be an error in oxauth.log: `2015-08-12 09:17:56,257 DEBUG [org.xdi.oxauth.service.AuthenticationService] Authenticating user with LDAP: username: andycoates 2015-08-12 09:17:56,257 DEBUG [org.xdi.oxauth.service.AuthenticationService] Attempting to find userDN by primary key: 'mail' and key value: 'andycoates' 2015-08-12 09:17:56,257 DEBUG [org.xdi.oxauth.service.AuthenticationService] Getting user information from LDAP: attributeName = 'mail', attributeValue = 'andycoates' 2015-08-12 09:17:56,259 DEBUG [org.xdi.oxauth.service.AuthenticationService] Found '0' entries 2015-08-12 09:17:56,259 INFO [org.xdi.oxauth.auth.Authenticator] Authentication failed for 'andycoates'` I logged in with my email (no error), it starts to do the first redirect (authcode), but just stops (blank page). You can see it is checking `mail`, but it's checking that against my username and failing.

Thanks.

Going through the logs some more, I spotted the first request does use the correct value to auth me, its the second request that doesn't - so maybe this will help you figure out where the potential issue is: `2015-08-12 09:37:59,740 TRACE [org.xdi.oxauth.service.SessionIdService] Found session_id cookie: '029066fe-f176-401d-940e-babe16a2111d' 2015-08-12 09:37:59,744 TRACE [org.xdi.oxauth.service.SessionIdService] Try to get session by id: 029066fe-f176-401d-940e-babe16a2111d ... 2015-08-12 09:37:59,744 TRACE [org.xdi.oxauth.service.SessionIdService] Session dn: uniqueIdentifier=029066fe-f176-401d-940e-babe16a2111d,ou=session,o=@!A88A.9736.E2EE.A6F6!0001!D55B.20F7,o=gluu 2015-08-12 09:37:59,745 DEBUG [org.xdi.oxauth.service.AuthenticationService] Authenticating user with LDAP: username: <email> 2015-08-12 09:37:59,745 DEBUG [org.xdi.oxauth.service.AuthenticationService] Attempting to find userDN by primary key: 'mail' and key value: '<email>' 2015-08-12 09:37:59,745 DEBUG [org.xdi.oxauth.service.AuthenticationService] Getting user information from LDAP: attributeName = 'mail', attributeValue = '<email>' 2015-08-12 09:37:59,747 DEBUG [org.xdi.oxauth.service.AuthenticationService] Found '1' entries 2015-08-12 09:37:59,749 DEBUG [org.xdi.oxauth.service.AuthenticationService] Attempting to authenticate userDN: inum=@!A88A.9736.E2EE.A6F6!0001!D55B.20F7!0000!DF55.12BE,ou=people,o=@!A88A.9736.E2EE.A6F6!0001!D55B.20F7,o=gluu 2015-08-12 09:37:59,750 DEBUG [org.xdi.oxauth.service.AuthenticationService] User authenticated: inum=@!A88A.9736.E2EE.A6F6!0001!D55B.20F7!0000!DF55.12BE,ou=people,o=@!A88A.9736.E2EE.A6F6!0001!D55B.20F7,o=gluu 2015-08-12 09:37:59,750 DEBUG [org.xdi.oxauth.service.AuthenticationService] Attempting to find userDN by local primary key: mail 2015-08-12 09:37:59,750 DEBUG [org.xdi.oxauth.service.UserService] Getting user information from LDAP: attributeName = 'mail', attributeValue = '<email>' 2015-08-12 09:37:59,752 DEBUG [org.xdi.oxauth.service.UserService] Found '1' entries 2015-08-12 09:37:59,762 TRACE [org.xdi.oxauth.service.SessionIdService] Authenticated session, id = '029066fe-f176-401d-940e-babe16a2111d', state = 'authenticated', persisted = 'true' 2015-08-12 09:37:59,763 DEBUG [org.xdi.oxauth.auth.Authenticator] Sending event to trigger user redirection: '<email>' 2015-08-12 09:37:59,763 INFO [org.xdi.oxauth.service.AuthenticationService] Attempting to redirect user. SessionUser: SessionId [dn=uniqueIdentifier=029066fe-f176-401d-940e-babe16a2111d,ou=session,o=@!A88A.9736.E2EE.A6F6!0001!D55B.20F7,o=gluu, id=029066fe-f176-401d-940e-babe16a2111d, lastUsedAt=Wed Aug 12 09:37:59 UTC 2015, userDn=inum=@!A88A.9736.E2EE.A6F6!0001!D55B.20F7!0000!DF55.12BE,ou=people,o=@!A88A.9736.E2EE.A6F6!0001!D55B.20F7,o=gluu, authenticationTime=Wed Aug 12 09:37:59 UTC 2015, state=authenticated, permissionGranted=null, permissionGrantedMap=null, sessionAttributes={scope=openid profile email user_name, response_type=code id_token, nonce=nonce, redirect_uri=https://gluu.domain.com/identity/authentication/authcode, client_id=@!A88A.9736.E2EE.A6F6!0008!9051.3D44}] 2015-08-12 09:37:59,765 INFO [org.xdi.oxauth.service.AuthenticationService] Attempting to redirect user. User: org.xdi.oxauth.model.common.User@47145cc7 2015-08-12 09:37:59,765 TRACE [org.xdi.oxauth.service.AuthenticationService] Logged in successfully! User: org.xdi.oxauth.model.common.User@47145cc7, page: /authorize.xhtml, map: {response_type=code id_token, scope=openid profile email user_name, redirect_uri=https://gluu.domain.com/identity/authentication/authcode, nonce=nonce, client_id=@!A88A.9736.E2EE.A6F6!0008!9051.3D44} 2015-08-12 09:37:59,769 INFO [org.xdi.oxauth.auth.Authenticator] Authentication success for User: '<email>' 2015-08-12 09:37:59,769 TRACE [org.xdi.oxauth.auth.Authenticator] Authentication successfully for '<email>' 2015-08-12 09:38:00,135 TRACE [org.xdi.oxauth.service.SessionIdService] Found session_id cookie: '029066fe-f176-401d-940e-babe16a2111d' 2015-08-12 09:38:00,139 TRACE [org.xdi.oxauth.service.SessionIdService] Try to get session by id: 029066fe-f176-401d-940e-babe16a2111d ... 2015-08-12 09:38:00,139 TRACE [org.xdi.oxauth.service.SessionIdService] Session dn: uniqueIdentifier=029066fe-f176-401d-940e-babe16a2111d,ou=session,o=@!A88A.9736.E2EE.A6F6!0001!D55B.20F7,o=gluu 2015-08-12 09:38:00,139 TRACE [org.xdi.oxauth.auth.Authenticator] authenticateBySessionId, sessionId = '029066fe-f176-401d-940e-babe16a2111d', session = 'SessionId [dn=uniqueIdentifier=029066fe-f176-401d-940e-babe16a2111d,ou=session,o=@!A88A.9736.E2EE.A6F6!0001!D55B.20F7,o=gluu, id=029066fe-f176-401d-940e-babe16a2111d, lastUsedAt=Wed Aug 12 09:37:59 UTC 2015, userDn=inum=@!A88A.9736.E2EE.A6F6!0001!D55B.20F7!0000!DF55.12BE,ou=people,o=@!A88A.9736.E2EE.A6F6!0001!D55B.20F7,o=gluu, authenticationTime=Wed Aug 12 09:37:59 UTC 2015, state=authenticated, permissionGranted=null, permissionGrantedMap=null, sessionAttributes={scope=openid profile email user_name, response_type=code id_token, nonce=nonce, redirect_uri=https://gluu.domain.com/identity/authentication/authcode, client_id=@!A88A.9736.E2EE.A6F6!0008!9051.3D44}]', state= 'authenticated' 2015-08-12 09:38:00,150 TRACE [org.xdi.oxauth.service.SessionIdService] Try to get session by id: 029066fe-f176-401d-940e-babe16a2111d ... 2015-08-12 09:38:00,151 TRACE [org.xdi.oxauth.service.SessionIdService] Session dn: uniqueIdentifier=029066fe-f176-401d-940e-babe16a2111d,ou=session,o=@!A88A.9736.E2EE.A6F6!0001!D55B.20F7,o=gluu 2015-08-12 09:38:00,152 TRACE [org.xdi.oxauth.service.ClientService] Get client from cache by Dn 'inum=@!A88A.9736.E2EE.A6F6!0008!9051.3D44,ou=clients,o=@!A88A.9736.E2EE.A6F6!0001!D55B.20F7,o=gluu' 2015-08-12 09:38:00,152 DEBUG [org.xdi.oxauth.service.ClientService] Found 1 entries for client id = @!A88A.9736.E2EE.A6F6!0008!9051.3D44 2015-08-12 09:38:00,153 TRACE [org.xdi.oxauth.service.ClientService] Get client from cache by Dn 'inum=@!A88A.9736.E2EE.A6F6!0008!9051.3D44,ou=clients,o=@!A88A.9736.E2EE.A6F6!0001!D55B.20F7,o=gluu' 2015-08-12 09:38:00,153 DEBUG [org.xdi.oxauth.service.ClientService] Found 1 entries for client id = @!A88A.9736.E2EE.A6F6!0008!9051.3D44 2015-08-12 09:38:00,153 DEBUG [org.xdi.oxauth.service.RedirectionUriService] Validating redirection URI: clientIdentifier = @!A88A.9736.E2EE.A6F6!0008!9051.3D44, redirectionUri = https://gluu.domain.com/identity/authentication/authcode, found = 3 2015-08-12 09:38:00,153 DEBUG [org.xdi.oxauth.service.RedirectionUriService] Comparing https://gluu.domain.com/identity/scim/auth == https://gluu.domain.com/identity/authentication/authcode 2015-08-12 09:38:00,153 DEBUG [org.xdi.oxauth.service.RedirectionUriService] Comparing https://gluu.domain.com/identity/authentication/authcode == https://gluu.domain.com/identity/authentication/authcode 2015-08-12 09:38:00,155 TRACE [xdi.oxauth.authorize.ws.rs.AuthorizeAction] checkPermissionGranted, user = org.xdi.oxauth.model.common.User@168e9d5d 2015-08-12 09:38:00,161 TRACE [xdi.oxauth.authorize.ws.rs.AuthorizeAction] permissionGranted, redirectTo: seam/resource/restv1/oxauth/authorize?response_type=code+id_token&scope=openid+profile+email+user_name&redirect_uri=https%3A%2F%2Fgluu.domain.com%2Fidentity%2Fauthentication%2Fauthcode&nonce=nonce&client_id=%40%21A88A.9736.E2EE.A6F6%210008%219051.3D44 2015-08-12 09:38:00,527 DEBUG [org.xdi.oxauth.service.AuthenticationService] Authenticating user with LDAP: username: andycoates 2015-08-12 09:38:00,527 DEBUG [org.xdi.oxauth.service.AuthenticationService] Attempting to find userDN by primary key: 'mail' and key value: 'andycoates' 2015-08-12 09:38:00,527 DEBUG [org.xdi.oxauth.service.AuthenticationService] Getting user information from LDAP: attributeName = 'mail', attributeValue = 'andycoates' 2015-08-12 09:38:00,529 DEBUG [org.xdi.oxauth.service.AuthenticationService] Found '0' entries 2015-08-12 09:38:00,529 INFO [org.xdi.oxauth.auth.Authenticator] Authentication failed for 'andycoates'`

Another update - I think I can guess the issue.. although I was logging out of Gluu, clearing cookies etc when trying to login with email, I noticed on refresh it had expired something and I got a Basic Auth prompt for user/pass, which my browser had remembered (and based on username), so I wonder if one of the requests is using my browser's Authorization header? When I put in my email into the Basic Auth prompt (I see that bug still exists) it finally went through to the logged in page.