[
https://issues.apache.org/jira/browse/JS2-1036?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Ate Douma updated JS2-1036:
---------------------------
Attachment: JS2-1036-partial-fix.patch
I got hit by this issue today when trying to add SSO RemoteUser configurations
in j2-seed.xml using both a user and a group for the same remote user.
Initially I thought I could relatively easy fix this through the SSOManagerImpl
only, but once done (and working) it showed there is (much) more to this.
SSOUser ownership is tied to a single principal, meaning it cannot have
multiple parents (yet).
Furthermore, the SSODetailBrowser portlet isn't up to this level of
configuration either.
So, for now I'll leave this issue be, but I'm attaching a partial-fix patch
containing the SSOManagerImpl changes as reference to be picked up later again.
> SSO does not support remote credential sharing
> ----------------------------------------------
>
> Key: JS2-1036
> URL: https://issues.apache.org/jira/browse/JS2-1036
> Project: Jetspeed 2
> Issue Type: Bug
> Components: SSO
> Affects Versions: 2.2.0
> Environment: SSO, J2 2.2
> Reporter: Randy Watler
> Assignee: Randy Watler
> Attachments: JS2-1036-partial-fix.patch
>
>
> The SSO component does not support reuse/sharing of remote credentials. For
> example, two users or groups cannot share a single SSO login to a remote
> site. It is not up to the portal to enforce or make assumptions about
> security policies of remote sites/systems.
> This is a regression from 2.1.X SSO which supported this feature.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
