Uploaded image for project: 'Jackrabbit Oak'
  1. Jackrabbit Oak
  2. OAK-8802

ExternalLoginModule.commit will fail if no principals can be resolved for externalUser

    XMLWordPrintableJSON

Details

    • Bug
    • Status: Closed
    • Minor
    • Resolution: Fixed
    • None
    • 1.22.0
    • auth-external, security
    • None

    Description

      while testing a potential patch for OAK-8710 i noticed that ExternalLoginModule.commit() will not succeed if AbstractLoginModule.getPrincipals returns an empty list. however, depending on the oak security setup there the principal lookup may not be able to resolve the given external ID while still being able to successfully login the given external user e.g. by means of login with a subject that has already been populated with the principals to be used.

      i would suggest to let ExternalLoginModule.commit() succeed as soon as the externalUser field was set during the first login phase. authinfo and subject can then be populated accordingly.

      Attachments

        Issue Links

          relates to

          Bug - A problem which impairs or prevents the functions of the product. OAK-8710 AbstractLoginModule#logout() must not remove 'foreign' principals/credentials

          • Minor - Minor loss of function, or other problem where easy workaround is present.
          • Closed

          Activity

            People

              angela Angela Schreiber
              angela Angela Schreiber
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: