[JIRA] (JENKINS-36709) Possible duplicate user creation.
Title: Message Title Wadeck Follonier resolved as Fixed PR was merged Jenkins / JENKINS-36709 Possible duplicate user creation. Change By: Wadeck Follonier Status: In Progress Resolved Resolution: Fixed Add Comment This message was sent by Atlassian Jira (v7.11.2#711002-sha1:fdc329d) -- You received this message because you are subscribed to the Google Groups "Jenkins Issues" group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-issues+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[JIRA] (JENKINS-36709) Possible duplicate user creation.
Title: Message Title Andres Rodriguez started work on JENKINS-36709 Change By: Andres Rodriguez Status: Open In Progress Add Comment This message was sent by Atlassian JIRA (v7.1.7#71011-sha1:2526d7c) -- You received this message because you are subscribed to the Google Groups "Jenkins Issues" group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-issues+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[JIRA] (JENKINS-36709) Possible duplicate user creation.
Title: Message Title
Andres Rodriguez updated an issue
Jenkins / JENKINS-36709
Possible duplicate user creation.
Change By:
Andres Rodriguez
When a new user is logged it the openid security realm uses different values as the principal name in the security context, depending on the metadata fields available in the openid identity.After logging the user in, the actual {{User}} is created (if needed), and depending on the field used for id (e.g. if it ends up being the openid url) it may be transformed by the canonical id resolver, resulting in a user with a different id that the one registered in the {{SecurityContextHolder}}.After [84e8d0118|https://github.com/jenkinsci/jenkins/commit/84e8d011805194578d3b3ccfca060ce5cffbf7eb], {{User.current}} will assume the user is the one in the {{SecurityContextHolder}}, so it may end up creating another {{User}} object for an already existing one , as the search does not go through the canonical id resolver .
Add Comment
This message was sent by Atlassian JIRA (v7.1.7#71011-sha1:2526d7c)
[JIRA] (JENKINS-36709) Possible duplicate user creation.
Title: Message Title Andres Rodriguez created an issue Jenkins / JENKINS-36709 Possible duplicate user creation. Issue Type: Bug Assignee: Andres Rodriguez Components: openid-plugin Created: 2016/Jul/15 12:34 PM Environment: Current plugin master Jenkins >= 1.556 Priority: Major Reporter: Andres Rodriguez When a new user is logged it the openid security realm uses different values as the principal name in the security context, depending on the metadata fields available in the openid identity. After logging the user in, the actual User is created (if needed), and depending on the field used for id (e.g. if it ends up being the openid url) it may be transformed by the canonical id resolver, resulting in a user with a different id that the one registered in the SecurityContextHolder. After 84e8d0118, User.current will assume the user is the one in the SecurityContextHolder, so it may end up creating another User object for an already existing one. Add Comment
