[ https://issues.apache.org/jira/browse/OAK-4224?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15750069#comment-15750069 ]
Alexander Klimetschek commented on OAK-4224: -------------------------------------------- There seems to be a bug in the check in {{DefaultSyncContext.sync(ExternalIdentity)}}, never looking at the {{rep:externalId}}, see OAK-5304. > DefaultSyncContext.sync(ExternalIdentity) should verify IDP > ----------------------------------------------------------- > > Key: OAK-4224 > URL: https://issues.apache.org/jira/browse/OAK-4224 > Project: Jackrabbit Oak > Issue Type: Bug > Components: auth-external > Reporter: angela > Assignee: angela > Priority: Minor > Fix For: 1.5.2, 1.4.7, 1.2.19, 1.6 > > Attachments: OAK-4224.patch, OAK-4224_2.patch > > > while writing more test for {{DefaultSyncContext}} i realized that the > implementation of {{sync(ExternalIdentity)}} doesn't verify that the given > external identity belongs to the same IDP than the one associated with the > context instance. > IMHO this would be needed and useful particularly when multiple IDPs are > combined. also, the {{DefaultSyncContext}} is a public exposed class, I > would prefer if it would guard against mixing up sync of external identities > from different sources. -- This message was sent by Atlassian JIRA (v6.3.4#6332)