Details
-
Bug
-
Resolution: Fixed
-
Low
-
2.7
-
None
-
None
Description
If a user is renamed in Crowd, his sessions are not terminated, but remain associated to the previous username. This causes a broken link in the 'User sessions' table in Crowd (because the link points to the old username), and it is likely to cause problems to any application that has a valid token and tries to retrieve the user details from the token. More precisely, after a user is renamed:
- The token still exists in cwd_token, but with the old username.
- An application that requests to validate the token (POST /session/xxx) gets a successful validation (HTTP 200), but the response contains a link to the oldusername.
- An application that requests the user details from a token (GET /session/xxx) gets an error (HTTP 400) and the following response: <error><reason>INVALID_SSO_TOKEN</reason><message>User <alice3> does not exist</message></error>
Attachments
Issue Links
- mentioned in
-
Wiki Page Loading...