Federated basicRegistry returns inconsistent results for case insensitive direct user lookups in scim-1.0 #13569
Labels
release bug
This bug is present in a released version of Open Liberty
release:200010
team:Wendigo East
SCIM returns inconsistent results when the
ignoreCaseForAuthentication
attribute forbasicRegistry
is set totrue
.For reference, the following basic registry configuration:
Take two similar requests below, the first searching
scimUser
(matching the case in the configuration) and the second searching forscimuser
. Both calls return results that match the case sent on the search (i.e. id, userName, displayName, location). Additionally, the second search does not return the groups.The error is due to URBridge logic in federated repositories. It searches for the user in the federated basic registry, and since ignore case is turned on for authentication, the user is found. However; federated repositories URBridge doesn't use the security name passed back by the registry and instead uses the security name passed in to populate the results. It also uses the security name passed in to search for groups, which is not effected by the
ignoreCaseForAuthentication
configuration attribute.The URBridge logic was updated to populate the entity from the registry. It will also use the security name returned from the registry to perform the group search so that groups will be returned.
The text was updated successfully, but these errors were encountered: