Uploaded image for project: 'PUBLIC - Liferay Portal Community Edition'
  1. PUBLIC - Liferay Portal Community Edition
  2. LPS-134954

SP side attribute mapping is highjacked by hidden mapping

    Details

    • Fix Priority:
      4
    • Sprint:
      AppSec Iteration 68, AppSec Iteration 69, AppSec Iteration 70, AppSec Iteration 71, AppSec Iteration 72, AppSec Iteration 73

      Description

      Requirement:

      • Have an already working SAML link between an IdP and an SP, with a user present in both!

      Scenario 1:
      Steps to reproduce:

      1. On IdP side navigate to Service Provider Connections and in the existing SP link, enter firstName as an Attribute and click on Save
      2. On SP side navigate to Identity Provider Connections and in the existing IdP link, delete any existing mapping, there should be 0.
      3. On IdP side change the first name of the already registered user.
      4. Log into SP using the credentials of said user.

      Actual result:
      First name of the user gets updated in SP
      Expected result:
      First name of the user should remain unchanged in SP

      Scenario 2:
      Steps to reproduce:

      1. On IdP side navigate to Service Provider Connections and in the existing SP link, enter firstName and jobTitle as an Attribute and click on Save
      2. On SP side navigate to Identity Provider Connections and in the existing IdP link, create the following mapping: User Field Expression should be firstName and SAML Attribute should be jobTitle
      3. On IdP side add job title for the user
      4. Log into SP using the credentials of said user.

      Actual result:
      First name of the user remains unchanged in SP
      Expected result:
      In the SP the first name of the user should change to whatever was given as job title in IdP

      Reproduced on:
      Tomcat 9.0.43 + MySQL 8.0.25 | Portal master DXP GIT ID: fa392694486a70c3eb29f5e2d47ea7f1d01480f4

      cc:Zsigmond Rab

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              team-app-security Product Team App Security
              Reporter:
              ferenc.onodi Ferenc Onodi
              Participants of an Issue:
              Recent user:
              Sophia Zhang
              Votes:
              0 Vote for this issue
              Watchers:
              0 Start watching this issue

                Dates

                Created:
                Updated:
                Days since last comment:
                14 weeks, 6 days ago

                  Packages

                  Version Package