I’m using the following setup:
[indent]Liferay 6.0.26
OpenAM 9.5.4
Authentication Chain in OpenAM using RADIUS (to Active Directory) then ApacheDS 1.5.5
The Authentication chain tries both user stores with one user/pass submit.[/indent]
I’ve gone through all the OpenAM / Liferay integration documents I can find but I can’t find a resolution to this odd problem. I also have my Liferay log levels at “ALL” for anything in the .auth. package and have my OpenAM Debug.jsp levels set to “Message” yet I see no errors or explanation for the authentication failure.

Here are the test scenarios and results:
Use OpenAM login page then browse to Liferay page:
[indent]User is in Active Directory – authenticates & allows unchallenged Liferay access
User is ApacheDS – authenticates & allows unchallenged Liferay access[/indent]
Use Liferay login page:
[indent]User is in Active Directory - authenticates & allows unchallenged Liferay access
User is in ApacheDS – authentication fails.[/indent]

The first time I used the OpenAM login page with the ApacheDS user and then browsed to Liferay, the user was successfully imported from LDAP to the Liferay database.
It seems to me that all the pieces are correctly in place but I cannot figure out why one user will authenticate properly using the Liferay login and another will not.

Any help will, of course, be greatly appreciated.

Open SSO configuration screenshot attached.