You are viewing a plain text version of this content. The canonical link for it is here.
Posted to oak-issues@jackrabbit.apache.org by "angela (JIRA)" <ji...@apache.org> on 2017/05/02 09:46:04 UTC
[jira] [Commented] (OAK-6144) ExternalIdentity should have a method
indicating if an identity is actually active
[ https://issues.apache.org/jira/browse/OAK-6144?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15992645#comment-15992645 ]
angela commented on OAK-6144:
-----------------------------
[~baedke], IMHO this is a new feature not an improvement -> adjusted type accordingly.
> ExternalIdentity should have a method indicating if an identity is actually active
> ----------------------------------------------------------------------------------
>
> Key: OAK-6144
> URL: https://issues.apache.org/jira/browse/OAK-6144
> Project: Jackrabbit Oak
> Issue Type: New Feature
> Components: auth-external
> Reporter: Manfred Baedke
> Assignee: Manfred Baedke
>
> The interface ExternalIdentityProvider currently offers the method getIdentity(ExternalIdentityRef) to resolve a reference to an external Identity, but there is no way to tell if the external identity is considered active by the identity provider. The ability to resolve the reference doesn't mean that the resulting identity may actually be used for authentication or authorization.
> If ExternaIIdentity isn't able to express this difference, it's hard to come up with a sensible implemenation of e.g. SynchronizationMBean#purgeOrphanedUsers(), because the ability to resolve a reference to an external identity doesn't mean that the corresponding Oak user is still valid.
> A new method ExternalIdentiy#isActive() would allow us to clearly define the notion of an "orphaned user".
--
This message was sent by Atlassian JIRA
(v6.3.15#6346)