Uploaded image for project: 'PUBLIC - Liferay Portal Community Edition'
  1. PUBLIC - Liferay Portal Community Edition
  2. LPS-112653

Design how to handle unprovisioned users in configured IdP


    • Technical
    • Iteration 38, Iteration 39, Iteration 40, Iteration 41, Iteration 42, Iteration 43, Iteration 44, Iteration 45, AppSec Iteration 51, AppSec Iteration 52, AppSec Iteration 53, AppSec Iteration 54, AppSec Iteration 55, AppSec Iteration 56, AppSec Iteration 57, AppSec Iteration 58, AppSec Iteration 59, AppSec Iteration 60, AppSec Iteration 61, AppSec Iteration 62, AppSec Iteration 63, AppSec Iteration 64, AppSec Iteration 65, AppSec Iteration 66


      1. Define what unprovisioned may mean on IdP side.
      2. How the users become unprovisioned. Is there a standard protocol specification for this we can leverage?
      3. What the possibilities are to implement this.
      4. How to remove users from the SP if they are removed from IdP?
      5. Should the SP user be deactivated only, to prevent a new user being created in future with same "identity"?
      6. What should happen to portal (SP) models/assets owned by an unprovisioned user?
      7. What if a SP user exists on multiple connected IdPs? Is it fine that its unprovisioning from one IdP only should cause the user to be removed on the SP?
      8. Right now it is a user choice which connected IdP the SP user authenticates with. Do we need to change this to bind SP users to specific IdPs?
      9. What about privacy aspects?


        Issue Links



              stian.sigvartsen Stian Sigvartsen
              zsigmond.rab Zsigmond Rab
              SE Support SE Support
              0 Vote for this issue
              1 Start watching this issue




                  Version Package