You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@syncope.apache.org by PeeDub <pf...@greenarrowlabs.com> on 2018/05/10 19:49:54 UTC
User can't login if username changes
I have seen this in API as well as on
http://syncope-vm.apache.org:9080/syncope-enduser
If a user changes her username (say from "julius" to "juliuscaesar") the
user is not able to log in with the new username (OR with the old username).
I have confirmed using syncope-console that the system recognizes that the
username has changed.
-----
Paul Fullbright
--
Sent from: http://syncope-user.1051894.n5.nabble.com/
Re: User can't login if username changes
Posted by PeeDub <pf...@greenarrowlabs.com>.
OK, thanks. Completely didn't see any of the approval process notifications.
So yes, we will temporarily add the step of removing the access token when
changing a username. Is that a bug you have entered?
-----
Paul Fullbright
--
Sent from: http://syncope-user.1051894.n5.nabble.com/
Re: User can't login if username changes
Posted by Francesco Chicchiriccò <il...@apache.org>.
On 10/05/2018 21:49, PeeDub wrote:
> I have seen this in API as well as on
> http://syncope-vm.apache.org:9080/syncope-enduser
>
> If a user changes her username (say from "julius" to "juliuscaesar") the
> user is not able to log in with the new username (OR with the old username).
> I have confirmed using syncope-console that the system recognizes that the
> username has changed.
1. went to http://syncope-vm.apache.org:9080/syncope-enduser
2 .logged in as bellini / password
3. changed username to bellini2
4. went to http://syncope-vm.apache.org:9080/syncope-console/
5. noticed that there is 1 pending approval (see icon on the top bar,
right side)
6. clicked on the approval icon, then "view all approvals"
7. clicked on the row, then claim
8. clicked again on the row, then manage, then set Approve? to yes and
finally save from the modal window
9. clicked on the Dashboard item on the left menu, then Access Tokens,
remove the token for 'bellini'
10. went again to http://syncope-vm.apache.org:9080/syncope-enduser
11. logged in as bellini2 / password
From all the process above, step 9 is an actual bug: the Enduser UI
does not remove the Access Token when logging out: I have opened
https://issues.apache.org/jira/browse/SYNCOPE-1309 for this.
If you did it by REST APIs, then you should ensure to remove the
existing JWT before attempting to log in again.
Approval steps are required because syncope-vm.apache.org uses a
workflow definition with approvals, and logging in is only allowed for
users in created and active statuses (as you can check by going into
Configuration > Parameters > authentication.statuses).
Thanks for reporting.
Regards.
--
Francesco Chicchiriccò
Tirasa - Open Source Excellence
http://www.tirasa.net/
Member at The Apache Software Foundation
Syncope, Cocoon, Olingo, CXF, OpenJPA, PonyMail
http://home.apache.org/~ilgrosso/