[ 
https://issues.apache.org/jira/browse/OAK-5210?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15712493#comment-15712493
 ] 

angela commented on OAK-5210:
-----------------------------

Initial suggestion as provided by [~baedke] in OAK-5209:

{quote}
[...] for instance by adding a getter for the principal name to the interface 
ExternalIdentityRef.
{quote}

> Ability to resolve principal name from ExternalIdentityRef without IDP 
> roundtrip
> --------------------------------------------------------------------------------
>
>                 Key: OAK-5210
>                 URL: https://issues.apache.org/jira/browse/OAK-5210
>             Project: Jackrabbit Oak
>          Issue Type: New Feature
>          Components: auth-external
>            Reporter: angela
>
> Currently the only way to reliably determine the principal name for a given 
> external identity is by calling {{ExternalIdentity.getPrincipalName()}}. This 
> also means that there is currently no way to resolve the principal name from 
> a given {{ExternalIdentityRef}}, without calling 
> {{ExternalIdentityProvider.getIdentity(ExternalIdentityRef)}}.
> In the default sync mode a given identity-ref will always be resolved to the 
> associated identity once a given identity is up for (re)sync and thus the 
> identity resolution is part of the synchronization. On the other hand the 
> partial sync as provided by the {{DynamicSyncContext}} doesn't require the 
> resolution of group identities but only needs to be able to obtain the 
> principal name, which is needed to proper populate the subject upon 
> repository login (and for permission setup for those group principals). In 
> this setup it would be preferrable if the principal name could be resolved 
> from the {{ExternalIdentityRef}} without the intermediate identity resolution.
> This aim of this issue is to discuss the different options on how to achieve 
> this improvement in a generic way that doesn't make any assumptions regarding 
> the relationship between {{ExternalIdentity.getId}}, 
> {{ExternalIdentity.getPrincipalName}} and {{ExternalIdentityRef.getId}}.
> See also OAK-4930 and OAK-5200 for additional information.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Reply via email to