Affects Version/s: 5.5.2, 7.0.0, 6.5.3
Say you enter
issues like this happens
Also there is a search for the user on the subject using "" on the realm (performance issue too).
So cases like
- Realm ignore profile is not consider
- If one do not use profile for policy evaluation but passes the claims and other, the usecase is totally broken. Eg: login thru external ldap but datastore does not have such user (still want to realm to use profile if available.)
- Resource based login fails too (which needs subject is null)
- Create a test realm
- Create a Policy say to grant all, Authenticatedusers, ACTION=POST/GET
- Enter the above URL (using resouce login) for example. See it fails 500 (TEST #1 where subject is NULL path)
- Repeat with policy evaluation (example 2) with authenticate session where user is not existent (say thru a LDAP) or use a claims or JWT type policy evaluation. (TEST#2 where subject comes from claims)
- Repeat the test with ignore profile realm but the ssotoken. exists.
- Happens on 5.5.2 (not in 5.5.1)