Uploaded image for project: 'UY'
  1. UY
  2. UY-683

External authN mapped to a disabled account is not properly blocked

    Details

    • Type: Bug
    • Status: Done
    • Priority: Medium
    • Resolution: Done
    • Affects Version/s: None
    • Fix Version/s: v2.5.0
    • Labels:
    • Story Points:
      3

      Description

      Currently it is possible to successfully complete the authentication stage when being mapped to a disabled entity with an input translation profile. Then the error is returned anyway (e.g. early during collecting user information for consent screen).

      Instead the authN stage should fail, showing error on authN screen, without creating Unity login session.

       

      2018-02-26T23:02:37,919 [qtp427606821-219] ERROR unity.server.saml.SamlIdPWebUI: Engine problem when handling client request
      pl.edu.icm.unity.exceptions.IllegalIdentityValueException: The entity is disabled
              at pl.edu.icm.unity.engine.attribute.AttributesHelper.getAllAttributesInternal(AttributesHelper.java:260) ~[unity-server-engine-2.5.0-SNAPSHOT.jar:?]
              at pl.edu.icm.unity.engine.attribute.AttributesManagementImpl.getAllAttributesInternal(AttributesManagementImpl.java:167) ~[unity-server-engine-2.5.0-SNAPSHOT.jar:?]
              at pl.edu.icm.unity.engine.attribute.AttributesManagementImpl.getAttributes(AttributesManagementImpl.java:132) ~[unity-server-engine-2.5.0-SNAPSHOT.jar:?]
              at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) ~[?:1.8.0_91]
              at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) ~[?:1.8.0_91]
              at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) ~[?:1.8.0_91]
              at java.lang.reflect.Method.invoke(Method.java:498) ~[?:1.8.0_91]
              at org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:338) ~[spring-aop-5.0.3.RELEASE.jar:5.0.3.RELEASE]
              at org.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint(ReflectiveMethodInvocation.java:197) ~[spring-aop-5.0.3.RELEASE.jar:5.0.3.RELEASE]
              at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:163) ~[spring-aop-5.0.3.RELEASE.jar:5.0.3.RELEASE]
              at org.springframework.aop.aspectj.MethodInvocationProceedingJoinPoint.proceed(MethodInvocationProceedingJoinPoint.java:89) ~[spring-aop-5.0.3.RELEASE.jar:5.0.3.RELEASE]
              at pl.edu.icm.unity.store.rdbms.tx.SQLTransactionEngine.runInTransaction(SQLTransactionEngine.java:45) ~[unity-server-storage-2.5.0-SNAPSHOT.jar:?]
              at pl.edu.icm.unity.store.tx.TransactionalAspect.retryIfNeeded4Method(TransactionalAspect.java:75) ~[unity-server-storage-2.5.0-SNAPSHOT.jar:?]
              at sun.reflect.GeneratedMethodAccessor34.invoke(Unknown Source) ~[?:?]
              at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) ~[?:1.8.0_91]
              at java.lang.reflect.Method.invoke(Method.java:498) ~[?:1.8.0_91]
              at org.springframework.aop.aspectj.AbstractAspectJAdvice.invokeAdviceMethodWithGivenArgs(AbstractAspectJAdvice.java:643) ~[spring-aop-5.0.3.RELEASE.jar:5.0.3.RELEASE]
              at org.springframework.aop.aspectj.AbstractAspectJAdvice.invokeAdviceMethod(AbstractAspectJAdvice.java:632) ~[spring-aop-5.0.3.RELEASE.jar:5.0.3.RELEASE]
              at org.springframework.aop.aspectj.AspectJAroundAdvice.invoke(AspectJAroundAdvice.java:70) ~[spring-aop-5.0.3.RELEASE.jar:5.0.3.RELEASE]
              at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:174) ~[spring-aop-5.0.3.RELEASE.jar:5.0.3.RELEASE]
              at org.springframework.aop.aspectj.AspectJAfterAdvice.invoke(AspectJAfterAdvice.java:47) ~[spring-aop-5.0.3.RELEASE.jar:5.0.3.RELEASE]
              at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:174) ~[spring-aop-5.0.3.RELEASE.jar:5.0.3.RELEASE]
              at org.springframework.aop.aspectj.AspectJAfterThrowingAdvice.invoke(AspectJAfterThrowingAdvice.java:62) ~[spring-aop-5.0.3.RELEASE.jar:5.0.3.RELEASE]
              at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:174) ~[spring-aop-5.0.3.RELEASE.jar:5.0.3.RELEASE]
              at org.springframework.aop.interceptor.ExposeInvocationInterceptor.invoke(ExposeInvocationInterceptor.java:92) ~[spring-aop-5.0.3.RELEASE.jar:5.0.3.RELEASE]
              at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:185) ~[spring-aop-5.0.3.RELEASE.jar:5.0.3.RELEASE]
              at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:212) ~[spring-aop-5.0.3.RELEASE.jar:5.0.3.RELEASE]
              at com.sun.proxy.$Proxy68.getAttributes(Unknown Source) ~[?:?]
              at pl.edu.icm.unity.engine.idp.IdPEngineImplBase.obtainUserInformationPostImport(IdPEngineImplBase.java:128) ~[unity-server-engine-2.5.0-SNAPSHOT.jar:?]
              at pl.edu.icm.unity.engine.idp.IdPEngineImplBase.obtainUserInformationWithEnrichingImport(IdPEngineImplBase.java:89) ~[unity-server-engine-2.5.0-SNAPSHOT.jar:?]
              at pl.edu.icm.unity.engine.idp.IdPEngineImpl.obtainUserInformationWithEnrichingImport(IdPEngineImpl.java:28) ~[unity-server-engine-2.5.0-SNAPSHOT.jar:?]
              at pl.edu.icm.unity.saml.idp.web.SamlIdPWebUI.getUserInfo(SamlIdPWebUI.java:131) ~[unity-server-saml-2.5.0-SNAPSHOT.jar:?]
              at pl.edu.icm.unity.saml.idp.web.SamlIdPWebUI.createExposedDataPart(SamlIdPWebUI.java:203) [unity-server-saml-2.5.0-SNAPSHOT.jar:?]
              at pl.edu.icm.unity.saml.idp.web.SamlIdPWebUI.appInit(SamlIdPWebUI.java:164) [unity-server-saml-2.5.0-SNAPSHOT.jar:?]
              at pl.edu.icm.unity.webui.UnityUIBase.init(UnityUIBase.java:77) [unity-server-web-common-2.5.0-SNAPSHOT.jar:?]
              at com.vaadin.ui.UI.doInit(UI.java:771) [vaadin-server-8.2.1.jar:8.2.1]

        Attachments

          Activity

            People

            • Assignee:
              golbi Krzysztof Benedyczak
              Reporter:
              golbi Krzysztof Benedyczak
            • Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: