Details
-
Bug
-
Status: Verified
-
Resolution: Unresolved
-
Master
-
None
-
- 7.4-known-issues
- liferay-ga1-dxp-7413
- liferay-ga10-ce-743
- liferay-ga11-ce-743
- liferay-ga12-ce-743
- liferay-ga13-ce-743-known-issue
- liferay-ga14-ce-743-known-issues
- liferay-ga4-ce-743
- liferay-ga5-ce-743
- liferay-ga6-ce-743
- liferay-ga7-ce-743
- liferay-ga8-ce-743
- liferay-ga9-ce-743
- liferay-u1-dxp-7413
- liferay-u2-dxp-7413
-
3
-
Security
Description
Requirement:
Have an already working SAML link between an IdP and an SP, with a user present in both!
Steps to reproduce:
- In IdP make sure firstName and lastName are not sent towards SP!
- In IdP make sure reminderQueryQuestion and reminderQueryAnswer are sent towards SP!
- In SP add the following mapping: User Field Expression is firstName, and SAML attribute is reminderQueryQuestion
- In SP add the following mapping: User Field Expression is lastName, and SAML attribute is reminderQueryAnswer
- Log in with a user
Actual result:
User logs is and its reminder question and answer is displayed as its first and last name
Expected result:
Either sending these attributes is blocked on IdP side, or their mapping is blocked on SP side, yet another solution can be to store the hashed value of reminderQueryAnswer.
Reproduced on:
Tomcat 9.0.43 + MySQL 8.0.25 | Portal master DXP GIT ID: 880952a2ef107ca6d98c9988da04a18fd51b5a55
Notes:
Encrypted password can also be mapped and displayed this way.
Snippet attached!
cc:zsigmond.rab
Attachments
Issue Links
- Discovered while testing
-
LPS-105169 As an Instance Administrator, I want to configure the user profile attributes that can be updated from the SAML assertion when a user logs into the system
-
- Closed
-