[ https://issues.apache.org/jira/browse/OAK-4224?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Dominique Jäggi updated OAK-4224: --------------------------------- Fix Version/s: 1.2.19 > DefaultSyncContext.sync(ExternalIdentity) should verify IDP > ----------------------------------------------------------- > > Key: OAK-4224 > URL: https://issues.apache.org/jira/browse/OAK-4224 > Project: Jackrabbit Oak > Issue Type: Bug > Components: auth-external > Reporter: angela > Assignee: angela > Priority: Minor > Fix For: 1.5.2, 1.4.7, 1.2.19 > > Attachments: OAK-4224.patch, OAK-4224_2.patch > > > while writing more test for {{DefaultSyncContext}} i realized that the > implementation of {{sync(ExternalIdentity)}} doesn't verify that the given > external identity belongs to the same IDP than the one associated with the > context instance. > IMHO this would be needed and useful particularly when multiple IDPs are > combined. also, the {{DefaultSyncContext}} is a public exposed class, I > would prefer if it would guard against mixing up sync of external identities > from different sources. -- This message was sent by Atlassian JIRA (v6.3.4#6332)