[LPS-134954] SP side attribute mapping is highjacked by hidden mapping - Liferay Issues

XML

Word

Printable

Details

Type: Bug
Status: Verified
Resolution: Unresolved
Affects Version/s: Master
Fix Version/s: None
Component/s: Application Security > SAML
Labels:

Fix Priority:
4
Sprint:
AppSec Iteration 68, AppSec Iteration 69, AppSec Iteration 70, AppSec Iteration 71, AppSec Iteration 72, AppSec Iteration 73

QA Test Name:
- LocalFile.SAML#SPInitiatedSSODoesNotSyncAttributesIfNotMapped
- LocalFile.SAML#SPInitiatedSSOSyncsUserAttributesFromMultipleIdPToSPCustomMapping
QA Test Score:
8

Description

Requirement:

Have an already working SAML link between an IdP and an SP, with a user present in both!

Scenario 1:
Steps to reproduce:

On IdP side navigate to Service Provider Connections and in the existing SP link, enter firstName as an Attribute and click on Save
On SP side navigate to Identity Provider Connections and in the existing IdP link, delete any existing mapping, there should be 0.
On IdP side change the first name of the already registered user.
Log into SP using the credentials of said user.

Actual result:
First name of the user gets updated in SP
Expected result:
First name of the user should remain unchanged in SP

Scenario 2:
Steps to reproduce:

On IdP side navigate to Service Provider Connections and in the existing SP link, enter firstName and jobTitle as an Attribute and click on Save
On SP side navigate to Identity Provider Connections and in the existing IdP link, create the following mapping: User Field Expression should be firstName and SAML Attribute should be jobTitle
On IdP side add job title for the user
Log into SP using the credentials of said user.

Actual result:
First name of the user remains unchanged in SP
Expected result:
In the SP the first name of the user should change to whatever was given as job title in IdP

Reproduced on:
Tomcat 9.0.43 + MySQL 8.0.25 | Portal master DXP GIT ID: fa392694486a70c3eb29f5e2d47ea7f1d01480f4

cc:Zsigmond Rab

Attachments

Issue Links

Discovered while testing

LPS-105169 As an Instance Administrator, I want to configure the user profile attributes that can be updated from the SAML assertion when a user logs into the system

Closed

LPS-133095 Automate LPS-105169

Closed

LPS-139852 AppSec - Upstream Analysis - Week of 9/27/21

Closed

LPS-140249 AppSec - Upstream Analysis - Week of 10/4/21

Closed

LPS-140607 AppSec - Upstream Analysis - Week of 10/11/21

Closed

LPS-140755 AppSec - Upstream Analysis - Week of 10/14/21

Closed

LPS-140914 AppSec - Upstream Analysis (DXP GA1) - Week of 10/18/21

Closed

LPS-141208 AppSec - Upstream Analysis (DXP GA1) - Week of 10/21/21

Closed

(3 Discovered while testing)

Activity

People

Assignee:: Product Team App Security

Reporter:: Ferenc Onodi

Participants of an Issue:: Ferenc Onodi, Product Team App Security, Zsigmond Rab

Recent user:: Sophia Zhang

Votes:: 0 Vote for this issue

Watchers:: 0 Start watching this issue

Dates

Created:: 30/Jun/21 5:02 AM

Updated:: 16 hours ago

Days since last comment:: 14 weeks, 6 days ago

Packages

Version	Package