AW: PersistentId / principalName
Ortner Nikolaus
N.Ortner at fh-kaernten.at
Thu Jul 5 04:45:42 EDT 2012
Hi,
> I must be missing something rather obvious: How would the IdP
> differentiate the case of someone else logging in from the same user
> logging with with a changed userid?
* user logs in with his new userid (and he previousely has used the IdP so that an persistent entry with his old userid exists in the database - and no one has updated it)
* user's attributes are resolved, including the localId
* the StoredIDDataConnector resolves his persistentID via the localId - and here the IdP could see the mismatch;
There's a method StoredIDDataConnector.getStoredId(String principalName, String localEntityId, String peerEntityId, String localId) and it could do some kind of:
PersistentIdEntry idEntry =pidStore.getActivePersistentIdEntry(localEntityId, peerEntityId, localId);
If(idEntry!= null && !principalName.equals(idEntry. getPrincipalName()) {
throw new AttributeResolutionException("blah blah");
}
Kind regards,
Nikolaus Ortner
More information about the users
mailing list