-
Type:
Bug
-
Status: Closed
-
Priority:
Normal
-
Resolution: Fixed
-
Affects Version/s: 5.3.0, 5.4.0
-
Fix Version/s: 5.6.0
-
Component/s: None
-
Labels:
-
Similar issues:
-
Flagged:Flagged
-
Processed by team:Pulsar
-
Sprint:Platform 190 - HST Tests!, Platform 191 - Messy HST 1
If your security provider (eg LDAP) allows case insensitive names then it is possible for a user to be authenticated but not authorized. The userid remembered in the session is the one used to login. When authorizing the case is not checked. So user "foobar" from an external provider logs in as "FOOBAR" and is recognized but denied access, while logging in as "foobar" works as expected.
- relates to
-
REPO-2282 Do not force case insensitive users to login by using either LOWERCASE or UPPERCASE usernames
-
- Closed
-