By default, the password entered by the user in the login form isĀ not stored in the session and therefore it is by default not available for identity propagators.
To use the password in the on-behalf login identity propagator, adapt the configuration:
- Where: Loginapp >> Security Settings >> Advanced Settings Group
- What: Check Store Password in Session Ticket and set a Session Ticket Encryption Passphrase
If using multiple IAM instances (for failover or load balancing), make sure to use the same "Session Ticket Encryption Passphrase" on all instances, so one instance can decode the session ticket from another instance.