New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

New user should be optionaly auto created when using delegateAuthenticationRealm #49

niv0 opened this Issue Dec 2, 2016 · 0 comments


None yet
1 participant

niv0 commented Dec 2, 2016

Yes, not a bug but a feature :-) However, if you want to create a PR to
make the behaviour configurable, will be very happy to review.


On Thu, 1 Dec 2016 at 15:32 Vladimir Nišević wrote:

Hi, I am using security module in combination with our Active Directory:

  1. Roles and delegate users (without passwords) are created in Isis
    security module
  2. Authentication is done thru company Active Directory

I think, I've found an issue in this setup: As part of login procedure, if
the user doesn't exist in Isis security, it will be automatically created
as new delegate user (with Status=Disabled). This leads to potentially many
users in security module, every time when somebody e.g. mistypes the

Here my shiro.ini

isisModuleSecurityRealm =

*authenticationStrategy =*
securityManager.authenticator.authenticationStrategy =

securityManager.realms = $isisModuleSecurityRealm
activeDirectoryRealm =

activeDirectoryRealm.searchBase =********
*activeDirectoryRealm.url = ******

I think the bug is in the class

line 48:

  • PrincipalForApplicationUser principal = this.lookupPrincipal(username,

it should be:

  • PrincipalForApplicationUser principal = this.lookupPrincipal(username,

Or was it on purpose to auto create new delegate user on every login


niv0 pushed a commit to niv0/isis-module-security that referenced this issue Dec 2, 2016

niv0 pushed a commit to niv0/isis-module-security that referenced this issue Dec 2, 2016

@danhaywood danhaywood closed this in 0d6b591 Dec 5, 2016

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment