Type: Regression Bug
Affects Version/s: Master
Component/s: Application Security > SAML
When using Liferay as a SAML SP, if a user that does not currently exist tries to log in via SAML, the user will be added to the system. If however, another user with the same screen name already exists, the SAML code will not be able to add a user account and this exception will be raised:
When testing with 7.3 EP4, possibly due to changes introduced with https://issues.liferay.com/browse/LPS-105162, it seems that this exception is no longer logged, so admins have no context on why a particular log in failed. In 7.2 these exceptions were logged.
Steps to reproduce:
- Set up Liferay as a SAML SP and configure to sync via email address and set up the attribute mappings as follows:
- Set up another Liferay instance as an IdP with an attribute as follows:
- Create a user in the IdP, e.g. with email address "firstname.lastname@example.org"
- Create another user in the IdP e.g. with email address "email@example.com"
- Try to log into Liferay with the account "firstname.lastname@example.org"
- Try to log into Liferay with the account "email@example.com"
The exception com.liferay.portal.kernel.exception.UserScreenNameException$MustNotBeDuplicate is logged with details about the conflicting user accounts.
No exception is logged