Angela Schreiber created OAK-8802:
-------------------------------------
Summary: ExternalLoginModule.commit will fail if no principals can
be resolved for externalUser
Key: OAK-8802
URL: https://issues.apache.org/jira/browse/OAK-8802
Project: Jackrabbit Oak
Issue Type: Bug
Components: auth-external, security
Reporter: Angela Schreiber
Assignee: Angela Schreiber
while testing a potential patch for OAK-8710 i noticed that
{{ExternalLoginModule.commit()}} will not succeed if
{{AbstractLoginModule.getPrincipals}} returns an empty list. however, depending
on the oak security setup there the principal lookup may not be able to resolve
the given external ID while still being able to successfully login the given
external user e.g. by means of login with a subject that has already been
populated with the principals to be used.
i would suggest to let {{ExternalLoginModule.commit()}} succeed as soon as the
{{externalUser}} field was set during the first login phase. authinfo and
subject can then be populated accordingly.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
