Uploaded image for project: '[Read Only] - Hippo Repository'
  1. [Read Only] - Hippo Repository
  2. REPO-2129

Authorization does not consider the case sensitivity of security providers

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Normal
    • Resolution: Fixed
    • Affects Version/s: 5.3.0, 5.4.0
    • Fix Version/s: 5.6.0
    • Component/s: None
    • Similar issues:
    • Flagged:
      Flagged
    • Processed by team:
      Pulsar
    • Sprint:
      Platform 190 - HST Tests!, Platform 191 - Messy HST 1

      Description

      If your security provider (eg LDAP) allows case insensitive names then it is possible for a user to be authenticated but not authorized. The userid remembered in the session is the one used to login. When authorizing the case is not checked. So user "foobar" from an external provider logs in as "FOOBAR" and is recognized but denied access, while logging in as "foobar" works as expected.

        Attachments

          Issue Links

          relates to

          Improvement - An improvement or enhancement to an existing feature or task. REPO-2282 Do not force case insensitive users to login by using either LOWERCASE or UPPERCASE usernames

          • Normal - Normal priority, tasks to be done before next intermediate release
          • Closed

            Activity

              People

              • Assignee:
                Unassigned
                Reporter:
                jfloor Jasper Floor
                Owner:
                Hippo Helpdesk
              • Votes:
                0 Vote for this issue
                Watchers:
                5 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: