Defect #2594
closed
Authentication: Disabled identity is not checked by sso and target system authentication (disabled identity can log in over sso or target system).
100%
Description
Disabled identity is not checked in sso authentication filters (SsoIdmAuthenticationFilter) and target system authentication filters (DefaultAccAuthenticator, DefaultAccMultipleSystemAuthenticator) => valid token is created for disabled identity and identity is successfully authenticated.
Fix mentioned filters to not authenticate invalid identity.
Issue is connected to #2413, where invalid identity was checked even if token is valid (as "duplicate" check).
Related issues
Updated by Radek Tomiška about 4 years ago
- Related to Task #2413: Cache: add cache for token added
Updated by Radek Tomiška about 4 years ago
- Status changed from In Progress to Needs feedback
- Assignee changed from Radek Tomiška to Vít Švanda
- % Done changed from 0 to 90
Fixed together with #2506. I fixed all optional authenticators and add "duplicate" check into core authentication service again (=> not depends on custom authenticator implemation).
Could you provide me a feedback, please?
Updated by Vít Švanda about 4 years ago
- Status changed from Needs feedback to Resolved
- Assignee changed from Vít Švanda to Radek Tomiška
- % Done changed from 90 to 100
I did reivew and tested it against external system, thanks for this fix.
Updated by Radek Tomiška about 4 years ago
- Status changed from Resolved to Closed