[OPENAM-3470] The SAML2 nameid should not be persisted if the nameid-format is not persistent Created: 18/Dec/13 Updated: 05/Mar/19 Resolved: 20/May/15
|Fix Version/s:||11.0.4, 12.0.3, 13.0.0|
|Reporter:||Zoltan Tarcsay||Assignee:||Peter Major [X] (Inactive)|
|Labels:||EDISON, release-notes, test-candidate|
|Sprint:||Sprint 81 - Sustaining, Sprint 82 - Sustaining|
|Support Ticket IDs:|
The SAML2 nameid gets persisted whenever the nameid-format is not transient. This has undesired side effects, such as when the nameid-format is emailAddress (mapped to the mail attribute for instance) and a user's email address changes, but the persisted sun-fm-saml2-nameid-infokey value will still contain the old value of mail.
|Comment by Peter Major [X] (Inactive) [ 29/Jan/15 ]|
Hard commit for including this fix in 11.0.4, hopefully will fit into 12.0.1 as well.
|Comment by Peter Major [X] (Inactive) [ 13/May/15 ]|
The IdP side of the fix:
The surrounding logic around NameID persistence can be summed up now with the following:
|Comment by Peter Major [X] (Inactive) [ 14/May/15 ]|
The SP side of the fix:
|Comment by Peter Major [X] (Inactive) [ 20/May/15 ]|
Fixed with R13887&R13888 R13889&R13890 and R13891&R13892