[AAA-55] AuthN fails for users that aren't granted permission with default sdn domain Created: 22/Jul/15 Updated: 21/Mar/19 Resolved: 12/Nov/15 |
|
| Status: | Resolved |
| Project: | aaa |
| Component/s: | General |
| Affects Version/s: | None |
| Fix Version/s: | None |
| Type: | Bug | ||
| Reporter: | Ryan Goulding | Assignee: | Ryan Goulding |
| Resolution: | Done | Votes: | 0 |
| Labels: | None | ||
| Remaining Estimate: | Not Specified | ||
| Time Spent: | Not Specified | ||
| Original Estimate: | Not Specified | ||
| Environment: |
Operating System: All |
||
| External issue ID: | 4042 |
| Description |
|
TokenAuth.java always passes null for domain name, resulting in default domain. Thus, if a user is not associated with the default domain, then no grants are associated with the Claim. If no grants are associated with the claim, then the claim fails to build. A HTTP GET queryParameter needs to be added to handle the domainname. |
| Comments |
| Comment by Ryan Goulding [ 25/Aug/15 ] |
|
This is a real problem in Helium and Lithium, but depending on what we do in Be we might not want to address this. I am fairly confident that no one was using anything other than the default "sdn" domain since grant creation was broken until recently, and grants for non-"sdn" domains could not be created. We will have to figure out how we want to address this considering the work going into changing the authentication data model, and including domain as part of the user record directly (no FK). |
| Comment by Ryan Goulding [ 12/Nov/15 ] |
|
Fixed in Be by requiring Domain for each user: |
| Comment by Ryan Goulding [ 12/Nov/15 ] |
|
Fixed in Be by requiring Domain for each user: |