Hi Krzysztof, all,
I have disabled several accounts in my unity instance. Some of them are
local accounts and some of them are federated account from Google or
home organisation.
If one of the users with a disabled account tries to login at an SP
unity has a different behaviour.
1. User with local unity account signs in:
- SP redirects user to unity
- users tries to sign in
- unity shows an error
2. User with federated account signs in:
- SP redirects user to unity
- user select IdP and is forwarded to it
- user signs in at IdP and come back to unity
- unity shows no error and send the user back to SP
- an error at SP occurs
I think the behaviour in the first situation is correct/the better one.
Is there a reason why the error is not shown in the second case and an
incorrect authentication is send to the SPs?
Best regards,
Sander
--
Federated Systems and Data
Juelich Supercomputing Centre
phone: +49 2461 61 8847
fax: +49 2461 61 6656
email: sa....@fz...
-----------------------------------------------------------------------
-----------------------------------------------------------------------
Forschungszentrum Juelich GmbH
52425 Juelich
Sitz der Gesellschaft: Juelich
Eingetragen im Handelsregister des Amtsgerichts Dueren Nr. HR B 3498
Vorsitzender des Aufsichtsrats: MinDir Dr. Karl Eugen Huthmacher
Geschaeftsfuehrung: Prof. Dr.-Ing. Wolfgang Marquardt (Vorsitzender),
Karsten Beneke (stellv. Vorsitzender), Prof. Dr.-Ing. Harald Bolt,
Prof. Dr. Sebastian M. Schmidt
-----------------------------------------------------------------------
----------------------------------------------------------------------- |
