unity-idm-discuss

[Unity-idm-discuss] user registration works for unconfirmed email addresses

[Sander A. <sa....@fz...>]

Hi Krzysztof, Piotr,

I found another problem. I create a new account using an external IdP.
The new account is created and user can log in, although the email
address was not confirmed so far.

Within registration from I created the rule for like it is described in
manual and work on other instances with unity 1.x.

I don't see the registration within Requests management under
Registration & enquiry. Is this the wanted behaviour?

Best regards,
Sander
-- 
Federated Systems and Data
Juelich Supercomputing Centre

phone: +49 2461 61 8847
fax: +49 2461 61 6656
email: sa....@fz...

-----------------------------------------------------------------------
-----------------------------------------------------------------------
Forschungszentrum Juelich GmbH
52425 Juelich
Sitz der Gesellschaft: Juelich
Eingetragen im Handelsregister des Amtsgerichts Dueren Nr. HR B 3498
Vorsitzender des Aufsichtsrats: MinDir Dr. Karl Eugen Huthmacher
Geschaeftsfuehrung: Prof. Dr.-Ing. Wolfgang Marquardt (Vorsitzender),
Karsten Beneke (stellv. Vorsitzender), Prof. Dr.-Ing. Harald Bolt,
Prof. Dr. Sebastian M. Schmidt
-----------------------------------------------------------------------
-----------------------------------------------------------------------

Re: [Unity-idm-discuss] user registration works for unconfirmed email addresses

[Krzysztof B. <kb...@un...>]

Hi Sander,

I'd need more details to understand what is wrong in this scenario.

W dniu 01.03.2018 o 11:39, Sander Apweiler pisze:
> Hi Krzysztof, Piotr,
>
> I found another problem. I create a new account using an external IdP.
> The new account is created and user can log in, although the email
> address was not confirmed so far.

That is OK, unless this user is logging using this unconfirmed email as 
identity (with a local password set in Unity). Us this the case? Using 
external authN, if you allowed to create an account, unconfirmed email 
is irrelevant (if it is for you, then you should provision the account 
after email confirmation, what is also possible).

> Within registration from I created the rule for like it is described in
> manual and work on other instances with unity 1.x.

Can you provide the details of this?
> I don't see the registration within Requests management under
> Registration & enquiry. Is this the wanted behaviour?


You mean there is no registration request, but user was filling it and 
it was accepted?

Cheers,
KB

Re: [Unity-idm-discuss] user registration works for unconfirmed email addresses

[Sander A. <sa....@fz...>]

Hi Krzysztof,

Am Donnerstag, den 01.03.2018, 20:48 +0100 schrieb Krzysztof
Benedyczak:
> Hi Sander,
> 
> I'd need more details to understand what is wrong in this scenario.
> 
> W dniu 01.03.2018 o 11:39, Sander Apweiler pisze:
> > Hi Krzysztof, Piotr,
> > 
> > I found another problem. I create a new account using an external
> > IdP.
> > The new account is created and user can log in, although the email
> > address was not confirmed so far.
> 
> That is OK, unless this user is logging using this unconfirmed email
> as 
> identity (with a local password set in Unity). Us this the case?
> Using 
> external authN, if you allowed to create an account, unconfirmed
> email 
> is irrelevant (if it is for you, then you should provision the
> account 
> after email confirmation, what is also possible).
The mapped identity is eppn. 
> 
> > Within registration from I created the rule for like it is
> > described in
> > manual and work on other instances with unity 1.x.
> 
> Can you provide the details of this?

I created a registration form for the IdP with following Automatically
assigned setting:
condition: attr["email"].confirmed == true
action: autoProcess
action parameter: action = accept

I understood the manual, and in V1 it worked in that way, that the
account is created after the email address was confirmed.

Yesterday, when I tested the integration, my account was created and I
was able to sign in before I confirmed the email address.

> > I don't see the registration within Requests management under
> > Registration & enquiry. Is this the wanted behaviour?
> 
> 
> You mean there is no registration request, but user was filling it
> and 
> it was accepted?
Yes, there are only the request for oauthclients listed. Not the
request from external IdPs. See the attached picture. Registration form
for IdPs is DFN.

Cheers,
Sander
> 
> Cheers,
> KB
-- 
Federated Systems and Data
Juelich Supercomputing Centre

phone: +49 2461 61 8847
fax: +49 2461 61 6656
email: sa....@fz...

-----------------------------------------------------------------------
-----------------------------------------------------------------------
Forschungszentrum Juelich GmbH
52425 Juelich
Sitz der Gesellschaft: Juelich
Eingetragen im Handelsregister des Amtsgerichts Dueren Nr. HR B 3498
Vorsitzender des Aufsichtsrats: MinDir Dr. Karl Eugen Huthmacher
Geschaeftsfuehrung: Prof. Dr.-Ing. Wolfgang Marquardt (Vorsitzender),
Karsten Beneke (stellv. Vorsitzender), Prof. Dr.-Ing. Harald Bolt,
Prof. Dr. Sebastian M. Schmidt
-----------------------------------------------------------------------
-----------------------------------------------------------------------