You are viewing a plain text version of this content. The canonical link for it is here.

Posted to oak-issues@jackrabbit.apache.org by "Angela Schreiber (Jira)" <ji...@apache.org> on 2019/12/03 07:44:00 UTC

[jira] [Updated] (OAK-8802) ExternalLoginModule.commit will fail if no principals can be resolved for externalUser

     [ https://issues.apache.org/jira/browse/OAK-8802?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Angela Schreiber updated OAK-8802:
----------------------------------
    Priority: Minor  (was: Major)

> ExternalLoginModule.commit will fail if no principals can be resolved for externalUser
> --------------------------------------------------------------------------------------
>
>                 Key: OAK-8802
>                 URL: https://issues.apache.org/jira/browse/OAK-8802
>             Project: Jackrabbit Oak
>          Issue Type: Bug
>          Components: auth-external, security
>            Reporter: Angela Schreiber
>            Assignee: Angela Schreiber
>            Priority: Minor
>             Fix For: 1.22.0
>
>
> while testing a potential patch for OAK-8710 i noticed that {{ExternalLoginModule.commit()}} will not succeed if {{AbstractLoginModule.getPrincipals}} returns an empty list. however, depending on the oak security setup there the principal lookup may not be able to resolve the given external ID while still being able to successfully login the given external user e.g. by means of login with a subject that has already been populated with the principals to be used.
> i would suggest to let {{ExternalLoginModule.commit()}} succeed as soon as the {{externalUser}} field was set during the first login phase. authinfo and subject can then be populated accordingly. 



--
This message was sent by Atlassian Jira
(v8.3.4#803005)