Uploaded image for project: 'Red Hat 3scale API Management'
  1. Red Hat 3scale API Management
  2. THREESCALE-8529

SSO sign-up flow allows creating Users with the wrong username and email address

    XMLWordPrintable

Details

    • False
    • None
    • False
    • Not Started
    • Not Started
    • Not Started
    • Not Started
    • Not Started
    • Not Started
    • Hide
      • Configure an SSO Integration
      • Access the Developer Portal via SSO using an IdP user that does not have a corresponding 3scale Account/User
      • After authentication with the IdP, in the landing (/signup) page, modify the pre-filled username and email fields before proceeding
      • Complete the signup by submitting the form, and verify the user was successfully created with details that don't match those in the IdP
      Show
      Configure an SSO Integration Access the Developer Portal via SSO using an IdP user that does not have a corresponding 3scale Account/User After authentication with the IdP, in the landing (/signup) page, modify the pre-filled username and email fields before proceeding Complete the signup by submitting the form, and verify the user was successfully created with details that don't match those in the IdP

    Description

      When the Developer Portal is configured with a Single Sign-on Integration, and a developer signs up via SSO, after the IdP authentication took place, the current default behaviour is for the user to be redirected again to the /signup page where they are requested to confirm the signup form by filling organization, username and email. Here the user can specify arbitrary values for both username and email, resulting in the creation of an Account / User with different details than those of the corresponding user in the IdP.

      Apparently this is happening only when the org_name field is missing on the user attributes as documented here. In that case the form should only require to set that field and not allow to change the other details (as it currently does).

      Attachments

        Issue Links

          is related to

          Bug - A problem that impairs or prevents the functions of the product. THREESCALE-1287 Invite users to use same Developer account via SSO requires second set of credentials

          • Major - To be worked after higher priority work items are addressed. When the severity is high and the effort to change it is low to moderate, this term is chosen. Issues in this category likely have an existing workaround but implementation or execution may be non-trivial.
          • Closed

          Activity

            People

              Unassigned Unassigned
              rhn-support-sillumin Samuele Illuminati (Inactive)
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: