Details
-
Bug
-
Status: Closed
-
Minor
-
Resolution: Fixed
-
None
-
None
Description
while testing a potential patch for OAK-8710 i noticed that ExternalLoginModule.commit() will not succeed if AbstractLoginModule.getPrincipals returns an empty list. however, depending on the oak security setup there the principal lookup may not be able to resolve the given external ID while still being able to successfully login the given external user e.g. by means of login with a subject that has already been populated with the principals to be used.
i would suggest to let ExternalLoginModule.commit() succeed as soon as the externalUser field was set during the first login phase. authinfo and subject can then be populated accordingly.
Attachments
Issue Links
- relates to
-
OAK-8710 AbstractLoginModule#logout() must not remove 'foreign' principals/credentials
- Closed