Uploaded image for project: '[Read Only] - Hippo Repository'
  1. [Read Only] - Hippo Repository
  2. REPO-2129

Authorization does not consider the case sensitivity of security providers

    XMLWordPrintable

Details

    • Bug
    • Status: Closed
    • Normal
    • Resolution: Fixed
    • 5.3.0, 5.4.0
    • 5.6.0
    • None
    • Flagged
    • Platform 190 - HST Tests!, Platform 191 - Messy HST 1

    Description

      If your security provider (eg LDAP) allows case insensitive names then it is possible for a user to be authenticated but not authorized. The userid remembered in the session is the one used to login. When authorizing the case is not checked. So user "foobar" from an external provider logs in as "FOOBAR" and is recognized but denied access, while logging in as "foobar" works as expected.

      Attachments

        Issue Links

          relates to

          Improvement - An improvement or enhancement to an existing feature or task. REPO-2282 Do not force case insensitive users to login by using either LOWERCASE or UPPERCASE usernames

          • Normal - Normal priority, tasks to be done before next intermediate release
          • Closed

          Activity

            People

              Unassigned Unassigned
              jfloor Jasper Floor
              Hippo Helpdesk Hippo Helpdesk
              Votes:
              0 Vote for this issue
              Watchers:
              5 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: