Affects Version/s: 7.2.X, 7.3.X, Master
Fix Version/s: None
Component/s: Application Security > SAML
According to the analysis made by the customer, the userLocalService.updateUser(user)) method is being called whenever a login occurs, and immediately afterwards, the updateLastLogin method is executed to update the login data.
The problem that the customer reports, is the excessive invoke of the userLocalService.updateUser(user) method made by the DefaultUserResolver class.
Steps to reproduce:
1. Set up a Liferay 7.2 (SP) and another Liferay 7.2 (IdP) environment
2. Configure SAML Connector 2.0 using email as a key attribute
3. Create a user on the IdP
4. The screenName will automatically be lowerCase. To simulate an IdP that does not do this transformation, you must change the screenName in the database directly. For example from: testuser to: testUser
5. Log in to the SP for the first time with the credentials created in the IdP. The user will be added, so far so good. Log out.
6. Add breakpoint in the DefaultUserResolver class in the updateUser method
7. Log in to SP again.
When logging into SP for the second time, the _userLocalService.updateUser method must not be invoked.
The _userLocalService.updateUser method is invoked due to the difference between "testUser" and "testuser"
When comparing the screenName attribute, a lowerCase must be done first in the attribute that comes from the IdP, since in Liferay this attribute is always lowerCase.