[
https://issues.apache.org/jira/browse/OAK-4224?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15750069#comment-15750069
]
Alexander Klimetschek commented on OAK-4224:
--------------------------------------------
There seems to be a bug in the check in
{{DefaultSyncContext.sync(ExternalIdentity)}}, never looking at the
{{rep:externalId}}, see OAK-5304.
> DefaultSyncContext.sync(ExternalIdentity) should verify IDP
> -----------------------------------------------------------
>
> Key: OAK-4224
> URL: https://issues.apache.org/jira/browse/OAK-4224
> Project: Jackrabbit Oak
> Issue Type: Bug
> Components: auth-external
> Reporter: angela
> Assignee: angela
> Priority: Minor
> Fix For: 1.5.2, 1.4.7, 1.2.19, 1.6
>
> Attachments: OAK-4224.patch, OAK-4224_2.patch
>
>
> while writing more test for {{DefaultSyncContext}} i realized that the
> implementation of {{sync(ExternalIdentity)}} doesn't verify that the given
> external identity belongs to the same IDP than the one associated with the
> context instance.
> IMHO this would be needed and useful particularly when multiple IDPs are
> combined. also, the {{DefaultSyncContext}} is a public exposed class, I
> would prefer if it would guard against mixing up sync of external identities
> from different sources.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
