Uploaded image for project: 'OpenIDM'
  1. OpenIDM
  2. OPENIDM-10673

The augmentSecurityContext script should still execute when runAs cannot find the user

    Details

      Description

      In the normal (non-RunAs) use of an augmentSecurityContext script, the script has the opportunity to recover from the case when the subject identified by the auth module is not found in the system. For example, "amadmin" is not a real user anywhere in the IDM ecosystem; normally this would cause any request which specifies amadmin as the authenticationId to fail. In this case, however, the augmentSecurityContext script can detect this user and take special action to account for it, allowing the request to recover.

      When augmentSecurityContext scripts are executed in the RunAs context, they have no such opportunity to recover - there is a hard failure before they execute. This makes accounting for the amadmin user impossible.

        Attachments

          Activity

            People

            • Assignee:
              jbranch Jon Branch
              Reporter:
              jake.feasel Jake Feasel
            • Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: