unity-idm-discuss

[Unity-idm-discuss] user registration successful although mandatory attributes not provided

[Sander A. <sa....@fz...>]

Hi Krzysztof,

sorry for bothering you again, but we encountered another problem. In
registration forms we have some mandatory attributes, which must
provided by the remote IdP (config in screenshot). Is it intended, that
the registration is succesful, although mandatory attributes are
missing? If I remember correctly in past this was not the case.

Cheers,
Sander
-- 
Federated Systems and Data
Juelich Supercomputing Centre

phone: +49 2461 61 8847
fax: +49 2461 61 6656
email: sa....@fz...

-----------------------------------------------------------------------
-----------------------------------------------------------------------
Forschungszentrum Juelich GmbH
52425 Juelich
Sitz der Gesellschaft: Juelich
Eingetragen im Handelsregister des Amtsgerichts Dueren Nr. HR B 3498
Vorsitzender des Aufsichtsrats: MinDir Volker Rieke
Geschaeftsfuehrung: Prof. Dr.-Ing. Wolfgang Marquardt (Vorsitzender),
Karsten Beneke (stellv. Vorsitzender), Dr. Astrid Lambrecht,
Prof. Dr. Frauke Melchior
-----------------------------------------------------------------------
-----------------------------------------------------------------------

Re: [Unity-idm-discuss] user registration successful although mandatory attributes not provided

[Krzysztof B. <kb...@un...>]

Hi Sander,

W dniu 20.08.2021 o 14:07, Sander Apweiler pisze:
> Hi Krzysztof,
>
> sorry for bothering you again, but we encountered another problem. In
> registration forms we have some mandatory attributes, which must
> provided by the remote IdP (config in screenshot). Is it intended, that
> the registration is succesful, although mandatory attributes are
> missing? If I remember correctly in past this was not the case.
>
AFAIR nothing has changed wrt that, so your assumption looks correct. We 
verify that.

Can you please write in what flow this form is used? I.e. by invitation, 
shown to unknown remote users, users enter it using well-known link, ...?

Thanks,
Krzysztof

Re: [Unity-idm-discuss] user registration successful although mandatory attributes not provided

[Sander A. <sa....@fz...>]

Good morning Krzysztof,
I'm not sure for all, but atleast for some I know what they did:
- Browse to /home endpoint
- Select external IdP
- Authenticate at external IdP
- Got register pop-up
- Register account

I guess, but I have no hints for it, that some other users went to SAML
or OAuth endpoint instead of userhome endpoint.

Cheers,
Sander

On Fri, 2021-08-20 at 14:50 +0200, Krzysztof Benedyczak wrote:
> Hi Sander,
> 
> W dniu 20.08.2021 o 14:07, Sander Apweiler pisze:
> > Hi Krzysztof,
> > 
> > sorry for bothering you again, but we encountered another problem.
> > In
> > registration forms we have some mandatory attributes, which must
> > provided by the remote IdP (config in screenshot). Is it intended,
> > that
> > the registration is succesful, although mandatory attributes are
> > missing? If I remember correctly in past this was not the case.
> > 
> AFAIR nothing has changed wrt that, so your assumption looks correct.
> We 
> verify that.
> 
> Can you please write in what flow this form is used? I.e. by
> invitation, 
> shown to unknown remote users, users enter it using well-known link,
> ...?
> 
> Thanks,
> Krzysztof
> 

-- 
Federated Systems and Data
Juelich Supercomputing Centre

phone: +49 2461 61 8847
fax: +49 2461 61 6656
email: sa....@fz...

-----------------------------------------------------------------------
-----------------------------------------------------------------------
Forschungszentrum Juelich GmbH
52425 Juelich
Sitz der Gesellschaft: Juelich
Eingetragen im Handelsregister des Amtsgerichts Dueren Nr. HR B 3498
Vorsitzender des Aufsichtsrats: MinDir Volker Rieke
Geschaeftsfuehrung: Prof. Dr.-Ing. Wolfgang Marquardt (Vorsitzender),
Karsten Beneke (stellv. Vorsitzender), Dr. Astrid Lambrecht,
Prof. Dr. Frauke Melchior
-----------------------------------------------------------------------
-----------------------------------------------------------------------

Re: [Unity-idm-discuss] user registration successful although mandatory attributes not provided

[Krzysztof B. <kb...@un...>]

W dniu 23.08.2021 o 07:29, Sander Apweiler pisze:
> Good morning Krzysztof,
> I'm not sure for all, but atleast for some I know what they did:
> - Browse to /home endpoint
> - Select external IdP
> - Authenticate at external IdP
> - Got register pop-up
> - Register account
>
> I guess, but I have no hints for it, that some other users went to SAML
> or OAuth endpoint instead of userhome endpoint.

OK, so that's the unknown remote user flow. We will re-check that for 
any regressions.

Thanks,
Krzysztof

Re: [Unity-idm-discuss] user registration successful although mandatory attributes not provided

[Krzysztof B. <kb...@un...>]

Hi Sander,

W dniu 23.08.2021 o 09:30, Krzysztof Benedyczak pisze:
> W dniu 23.08.2021 o 07:29, Sander Apweiler pisze:
>> Good morning Krzysztof,
>> I'm not sure for all, but atleast for some I know what they did:
>> - Browse to /home endpoint
>> - Select external IdP
>> - Authenticate at external IdP
>> - Got register pop-up
>> - Register account
>>
>> I guess, but I have no hints for it, that some other users went to SAML
>> or OAuth endpoint instead of userhome endpoint.
>
> OK, so that's the unknown remote user flow. We will re-check that for 
> any regressions. 

I've retested that scenario manually and it seems to block such 
situation as before. I.e. user who has no remote attribute, and this 
attribute is required in the form as a remote provided, can't even see 
the form.

Maybe you have hit some edge case here? Can you please check the exact 
data that came from the remote IdP (or more precisely - to what it was 
mapped by the input profile) and then compare it against form config?

Cheers,
Krzysztof