Loading...

XML

Word

Printable

Type: Bug
Resolution: Won't Do
Priority: Minor
Fix Version/s: None
Affects Version/s: SaaS, 2.12.0 GA
Component/s: System
Labels:
- SSO
- good-first-issue
- ui
- ui/ux
- ux

Blocked:
False
Blocked Reason:
None
Ready:
False
3Scale PT Tested upstream:
Not Started
3scale PT Docs:
Not Started
3scale PT Product Specs:
Not Started
3scale PT Product Update Ready:
Not Started
3scale PT Released In Saas:
Not Started
3scale PT Verified Product:
Not Started
Steps to Reproduce:
Hide

Configure an SSO Integration

Access the Developer Portal via SSO using an IdP user that does not have a corresponding 3scale Account/User

After authentication with the IdP, in the landing (/signup) page, modify the pre-filled username and email fields before proceeding

Complete the signup by submitting the form, and verify the user was successfully created with details that don't match those in the IdP
Show
Configure an SSO Integration Access the Developer Portal via SSO using an IdP user that does not have a corresponding 3scale Account/User After authentication with the IdP, in the landing (/signup) page, modify the pre-filled username and email fields before proceeding Complete the signup by submitting the form, and verify the user was successfully created with details that don't match those in the IdP

SFDC Cases Counter:
SFDC Cases Open:
SFDC Cases Links:

When the Developer Portal is configured with a Single Sign-on Integration, and a developer signs up via SSO, after the IdP authentication took place, the current default behaviour is for the user to be redirected again to the /signup page where they are requested to confirm the signup form by filling organization, username and email. Here the user can specify arbitrary values for both username and email, resulting in the creation of an Account / User with different details than those of the corresponding user in the IdP.

Apparently this is happening only when the org_name field is missing on the user attributes as documented here. In that case the form should only require to set that field and not allow to change the other details (as it currently does).

- - Sort By Name
  - Sort By Date
  - Ascending
  - Descending
  - Thumbnails
  - List
  - Download All

signup-sso.png
68 kB
2023/06/13 8:26 AM

is related to

THREESCALE-1287 Invite users to use same Developer account via SSO requires second set of credentials

Closed

Assignee:: Unassigned

Reporter:: Samuele Illuminati (Inactive)

Votes:: 0 Vote for this issue

Watchers:: 3 Start watching this issue

Created:: 2022/07/14 1:30 PM

Updated:: 2023/06/15 2:24 PM

Resolved:: 2023/06/15 2:24 PM

Details

Description

Attachments

Attachments

Issue Links

Easy Agile Planning Poker

Activity

People

Dates