You are viewing a plain text version of this content. The canonical link for it is here.
Posted to oak-issues@jackrabbit.apache.org by "Tobias Bocanegra (JIRA)" <ji...@apache.org> on 2016/06/08 21:26:21 UTC
[jira] [Commented] (OAK-3508) External login module should reduce
LDAP lookups for pre-authenticated users
[ https://issues.apache.org/jira/browse/OAK-3508?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15321473#comment-15321473 ]
Tobias Bocanegra commented on OAK-3508:
---------------------------------------
also fixed in 1.2: r1747456
[~anchela] I also wanted to backport the tests from OAK-4417 but they had too many dependencies to code changes. so I couldn't.
> External login module should reduce LDAP lookups for pre-authenticated users
> ----------------------------------------------------------------------------
>
> Key: OAK-3508
> URL: https://issues.apache.org/jira/browse/OAK-3508
> Project: Jackrabbit Oak
> Issue Type: Improvement
> Components: auth-external
> Affects Versions: 1.2, 1.4, 1.0.22
> Reporter: Tobias Bocanegra
> Assignee: Tobias Bocanegra
> Fix For: 1.4, 1.0.23, 1.2.16
>
>
> consider the following JAAS setup:
> - *sufficient* SSO Login Module
> - *optional* Default Login Module
> - *sufficient* External Login Module
> This causes each login() to reach the external login module (which is desired) but causes an IDP lookup for each login, even if the user is already synced with the repository.
> ideally the login module could pass the {{ExternalIdentityRef}} to the sync handler and to a tentative sync. the {{lastSyncTime}} should be respected in this case.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)