Skip to content
This repository was archived by the owner on May 8, 2025. It is now read-only.
This repository was archived by the owner on May 8, 2025. It is now read-only.

New accounts on new IdP without any identifyable attributes get ghost account #1

Open
Open
New accounts on new IdP without any identifyable attributes get ghost account#1
@dnmvisser

Description

@dnmvisser
dnmvisser
opened on Sep 25, 2014

User logs in from unknown IdP.
IdP entityID gets added, default identifyable attributes get inserted.
IdP does not send any of them, so login should fail with message "service needs at least one of ... etc", but instead user is given a valid ID:

Aug 15 15:29:23 simplesamlphp.wayf DEBUG [84eaa19fb8] AccountLinker: === BEGIN ===
Aug 15 15:29:23 simplesamlphp.wayf DEBUG [84eaa19fb8] AccountLinker: entityid does not exist, adding it
Aug 15 15:29:23 simplesamlphp.wayf DEBUG [84eaa19fb8] AccountLinker: adding default id attributes for entityid_id: 179
Aug 15 15:29:23 simplesamlphp.wayf DEBUG [84eaa19fb8] AccountLinker: entityid does not exist, adding account
Aug 15 15:29:23 simplesamlphp.wayf DEBUG [84eaa19fb8] AccountLinker: Inserting attributes
Aug 15 15:29:23 simplesamlphp.wayf DEBUG [84eaa19fb8] AccountLinker: Inserting eduPersonEntitlement => 'urn:mace:dir:entitlement:common-lib-terms'
Aug 15 15:29:23 simplesamlphp.wayf DEBUG [84eaa19fb8] AccountLinker: Inserting eduPersonScopedAffiliation => 'member@dfn.de'
Aug 15 15:29:23 simplesamlphp.wayf DEBUG [84eaa19fb8] AccountLinker: Inserting eduPersonScopedAffiliation => 'student@dfn.de'
Aug 15 15:29:23 simplesamlphp.wayf DEBUG [84eaa19fb8] AccountLinker: Inserting fname => 'first_name'
Aug 15 15:29:23 simplesamlphp.wayf DEBUG [84eaa19fb8] AccountLinker: Inserting lname => 'last_name'
Aug 15 15:29:23 simplesamlphp.wayf DEBUG [84eaa19fb8] AccountLinker: Inserting fullname => 'first_name last_name'
Aug 15 15:29:23 simplesamlphp.wayf DEBUG [84eaa19fb8] AccountLinker: Inserting idpname => 'German National Research and Education Network, DFN'
Aug 15 15:29:23 simplesamlphp.wayf DEBUG [84eaa19fb8] AccountLinker: Inserting organisation => 'German National Research and Education Network, DFN'
Aug 15 15:29:23 simplesamlphp.wayf DEBUG [84eaa19fb8] AccountLinker: Inserting email => 'invalid_email_needs_updating'
Aug 15 15:29:23 simplesamlphp.wayf DEBUG [84eaa19fb8] AccountLinker: Inserting country => '0'
Aug 15 15:29:23 simplesamlphp.wayf DEBUG [84eaa19fb8] AccountLinker: Returning user_id 1635
Aug 15 15:29:23 simplesamlphp.wayf DEBUG [84eaa19fb8] AccountLinker: === END ===

Looks like some issues with rare combination of new idp, new user, and no proper attributes.

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions