-
Type:
Regression Bug
-
Status: Closed
-
Resolution: Fixed
-
Affects Version/s: Master
-
Fix Version/s: 7.3.X, 7.3.5 CE GA6, 7.3.10 DXP GA1, Master
-
Component/s: Application Security > SAML
-
Labels:
-
Branch Version/s:7.3.x
-
Backported to Branch:Committed
-
Story Points:3
-
Fix Priority:4
-
Sprint:Iteration 45, Iteration 46
-
Git Pull Request:
When using Liferay as a SAML SP, if a user that does not currently exist tries to log in via SAML, the user will be added to the system. If however, another user with the same screen name already exists, the SAML code will not be able to add a user account and this exception will be raised:
com.liferay.portal.kernel.exception.UserScreenNameException$MustNotBeDuplicate
When testing with 7.3 EP4, possibly due to changes introduced with https://issues.liferay.com/browse/LPS-105162, it seems that this exception is no longer logged, so admins have no context on why a particular log in failed. In 7.2 these exceptions were logged.
Steps to reproduce:
- Set up Liferay as a SAML SP and configure to sync via email address and set up the attribute mappings as follows:
emailAddress=emailAddress
screenName=screenName
firstName=firstName
lastName=lastName
uuid=uuid - Set up another Liferay instance as an IdP with an attribute as follows:
static:screenName=clash
- Create a user in the IdP, e.g. with email address "user@liferay.com"
- Create another user in the IdP e.g. with email address "user2@liferay.com"
- Try to log into Liferay with the account "user@liferay.com"
- Try to log into Liferay with the account "user2@liferay.com"
Expected Result:
The exception com.liferay.portal.kernel.exception.UserScreenNameException$MustNotBeDuplicate is logged with details about the conflicting user accounts.
Actual result:
No exception is logged