Details
-
Type:
Bug
-
Status: Resolved
-
Priority:
Major
-
Resolution: Fixed
-
Affects Version/s: 12.0.0
-
Component/s: SAML
-
Labels:
Description
This seems to affect various areas of the federation code.
IdRepoDataStoreProvider.getUserID normalizes the amIdentity of the user:
return DNUtils.normalizeDN(IdUtils.getUniversalId(amId));
which converts the id into lower case.
For example, set up federation with persistent nameid-format and create a user with mixed cases on the SP side, eg UserTest
Establish the initial federation.
Upon federating again afterwards, the account mapper will retrieve the user with lower cases. In the SP federation log you will see:
libSAML2:07/09/2015 11:23:07:076 AM BST: Thread[http-bio-38080-exec-15,5,main] SAML2Utils:isFedInfoExists : true libSAML2:07/09/2015 11:23:07:076 AM BST: Thread[http-bio-38080-exec-15,5,main] SPACSUtils.processResponse: userName : id=usertest,ou=user,dc=openam,dc=forgerock,dc=org
This may have an impact later down the line, for example, when trying to retrieve the username through a REST call to ".../openam/json/users?_action=idFromSession ..."; response would be:
{"id":"usertest", ...
Attachments
Issue Links
- is required by
-
OPENAM-11059 Dynamic registration fails, if the username is looking at a DN
-
- In Progress
-