[
https://issues.apache.org/jira/browse/OAK-8802?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16983535#comment-16983535
]
Angela Schreiber commented on OAK-8802:
---------------------------------------
in addition i noticed that the {{ExternalLoginModule}} seems to suffer from the
same issue as described in OAK-8800. principals from the subject are not pushed
to the {{AuthInfo}}.
> ExternalLoginModule.commit will fail if no principals can be resolved for
> externalUser
> --------------------------------------------------------------------------------------
>
> Key: OAK-8802
> URL: https://issues.apache.org/jira/browse/OAK-8802
> Project: Jackrabbit Oak
> Issue Type: Bug
> Components: auth-external, security
> Reporter: Angela Schreiber
> Assignee: Angela Schreiber
> Priority: Major
>
> while testing a potential patch for OAK-8710 i noticed that
> {{ExternalLoginModule.commit()}} will not succeed if
> {{AbstractLoginModule.getPrincipals}} returns an empty list. however,
> depending on the oak security setup there the principal lookup may not be
> able to resolve the given external ID while still being able to successfully
> login the given external user e.g. by means of login with a subject that has
> already been populated with the principals to be used.
> i would suggest to let {{ExternalLoginModule.commit()}} succeed as soon as
> the {{externalUser}} field was set during the first login phase. authinfo and
> subject can then be populated accordingly.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
